diff --git a/envoy-proto-collect/submodules/cel-spec b/envoy-proto-collect/submodules/cel-spec index ae6fb0d..245748f 160000 --- a/envoy-proto-collect/submodules/cel-spec +++ b/envoy-proto-collect/submodules/cel-spec @@ -1 +1 @@ -Subproject commit ae6fb0dcf99d82d68c1b233f6f2aa095cac4a2d9 +Subproject commit 245748fe28d4dba3d0ed7cbe565222d16f957597 diff --git a/envoy-proto-collect/submodules/client_model b/envoy-proto-collect/submodules/client_model index afe0b21..eb136e5 160000 --- a/envoy-proto-collect/submodules/client_model +++ b/envoy-proto-collect/submodules/client_model @@ -1 +1 @@ -Subproject commit afe0b21197864688348dfd1cfd3010afd1ebb485 +Subproject commit eb136e513d419e0c31ad750922f0a6f7675c2dee diff --git a/envoy-proto-collect/submodules/data-plane-api b/envoy-proto-collect/submodules/data-plane-api index 36ffb4e..d9c5e84 160000 --- a/envoy-proto-collect/submodules/data-plane-api +++ b/envoy-proto-collect/submodules/data-plane-api @@ -1 +1 @@ -Subproject commit 36ffb4eff147678c5908c9d95fc2cb26e13c2cd4 +Subproject commit d9c5e84658eef279e9a021ff0517f8f8ee35d79a diff --git a/envoy-proto-collect/submodules/googleapis b/envoy-proto-collect/submodules/googleapis index f95ceda..61ae870 160000 --- a/envoy-proto-collect/submodules/googleapis +++ b/envoy-proto-collect/submodules/googleapis @@ -1 +1 @@ -Subproject commit f95ceda21f21d679abd1a030910581fefcb79101 +Subproject commit 61ae8702c665036c3c49cb99dd538ee76beadc9f diff --git a/envoy-proto-collect/submodules/opentelemetry-proto b/envoy-proto-collect/submodules/opentelemetry-proto index d777082..42319f8 160000 --- a/envoy-proto-collect/submodules/opentelemetry-proto +++ b/envoy-proto-collect/submodules/opentelemetry-proto @@ -1 +1 @@ -Subproject commit d7770822d70c7bd47a6891fc9faacc66fc4af3d3 +Subproject commit 42319f8b5bf330f7c3dd4a097384f9f6d5467450 diff --git a/envoy-proto-collect/submodules/protoc-gen-validate b/envoy-proto-collect/submodules/protoc-gen-validate index 79c6d8d..d9c3e09 160000 --- a/envoy-proto-collect/submodules/protoc-gen-validate +++ b/envoy-proto-collect/submodules/protoc-gen-validate @@ -1 +1 @@ -Subproject commit 79c6d8d4557032647c9c3aae59fa6e6b271fc2a7 +Subproject commit d9c3e09522eef9f8fffd33f51fde182cb9c5e2e8 diff --git a/envoy-proto-collect/submodules/xds b/envoy-proto-collect/submodules/xds index 2f00578..ae57f3c 160000 --- a/envoy-proto-collect/submodules/xds +++ b/envoy-proto-collect/submodules/xds @@ -1 +1 @@ -Subproject commit 2f005788dc42b92dee41c8ad934450dc4746f027 +Subproject commit ae57f3c0d45fc76d0b323b79e8299a83ccb37a49 diff --git a/envoy-types/proto/data-plane-api/envoy/admin/v3/clusters.proto b/envoy-types/proto/data-plane-api/envoy/admin/v3/clusters.proto index 2d071e3..785184c 100644 --- a/envoy-types/proto/data-plane-api/envoy/admin/v3/clusters.proto +++ b/envoy-types/proto/data-plane-api/envoy/admin/v3/clusters.proto @@ -55,22 +55,24 @@ message ClusterStatus { bool added_via_api = 2; // The success rate threshold used in the last interval. - // If - // :ref:`outlier_detection.split_external_local_origin_errors` - // is ``false``, all errors: externally and locally generated were used to calculate the threshold. - // If - // :ref:`outlier_detection.split_external_local_origin_errors` - // is ``true``, only externally generated errors were used to calculate the threshold. - // The threshold is used to eject hosts based on their success rate. See - // :ref:`Cluster outlier detection ` documentation for details. // - // Note: this field may be omitted in any of the three following cases: + // * If :ref:`outlier_detection.split_external_local_origin_errors` + // is ``false``, all errors: externally and locally generated were used to calculate the threshold. + // * If :ref:`outlier_detection.split_external_local_origin_errors` + // is ``true``, only externally generated errors were used to calculate the threshold. + // + // The threshold is used to eject hosts based on their success rate. For more information, see the + // :ref:`Cluster outlier detection ` documentation. + // + // .. note:: + // + // This field may be omitted in any of the three following cases: + // + // 1. There were not enough hosts with enough request volume to proceed with success rate based outlier ejection. + // 2. The threshold is computed to be < 0 because a negative value implies that there was no threshold for that + // interval. + // 3. Outlier detection is not enabled for this cluster. // - // 1. There were not enough hosts with enough request volume to proceed with success rate based - // outlier ejection. - // 2. The threshold is computed to be < 0 because a negative value implies that there was no - // threshold for that interval. - // 3. Outlier detection is not enabled for this cluster. type.v3.Percent success_rate_ejection_threshold = 3; // Mapping from host address to the host's current status. @@ -81,16 +83,18 @@ message ClusterStatus { // This field should be interpreted only when // :ref:`outlier_detection.split_external_local_origin_errors` // is ``true``. The threshold is used to eject hosts based on their success rate. - // See :ref:`Cluster outlier detection ` documentation for - // details. // - // Note: this field may be omitted in any of the three following cases: + // For more information, see the :ref:`Cluster outlier detection ` documentation. + // + // .. note:: + // + // This field may be omitted in any of the three following cases: + // + // 1. There were not enough hosts with enough request volume to proceed with success rate based outlier ejection. + // 2. The threshold is computed to be < 0 because a negative value implies that there was no threshold for that + // interval. + // 3. Outlier detection is not enabled for this cluster. // - // 1. There were not enough hosts with enough request volume to proceed with success rate based - // outlier ejection. - // 2. The threshold is computed to be < 0 because a negative value implies that there was no - // threshold for that interval. - // 3. Outlier detection is not enabled for this cluster. type.v3.Percent local_origin_success_rate_ejection_threshold = 5; // :ref:`Circuit breaking ` settings of the cluster. @@ -117,19 +121,20 @@ message HostStatus { // The host's current health status. HostHealthStatus health_status = 3; - // Request success rate for this host over the last calculated interval. - // If - // :ref:`outlier_detection.split_external_local_origin_errors` - // is ``false``, all errors: externally and locally generated were used in success rate - // calculation. If - // :ref:`outlier_detection.split_external_local_origin_errors` - // is ``true``, only externally generated errors were used in success rate calculation. - // See :ref:`Cluster outlier detection ` documentation for - // details. + // The success rate for this host during the last measurement interval. + // + // * If :ref:`outlier_detection.split_external_local_origin_errors` + // is ``false``, all errors: externally and locally generated were used in success rate calculation. + // * If :ref:`outlier_detection.split_external_local_origin_errors` + // is ``true``, only externally generated errors were used in success rate calculation. + // + // For more information, see the :ref:`Cluster outlier detection ` documentation. + // + // .. note:: + // + // The message will be missing if the host didn't receive enough traffic to calculate a reliable success rate, or + // if the cluster had too few hosts to apply outlier ejection based on success rate. // - // Note: the message will not be present if host did not have enough request volume to calculate - // success rate or the cluster did not have enough hosts to run through success rate outlier - // ejection. type.v3.Percent success_rate = 4; // The host's weight. If not configured, the value defaults to 1. @@ -141,18 +146,20 @@ message HostStatus { // The host's priority. If not configured, the value defaults to 0 (highest priority). uint32 priority = 7; - // Request success rate for this host over the last calculated - // interval when only locally originated errors are taken into account and externally originated - // errors were treated as success. - // This field should be interpreted only when + // The success rate for this host during the last interval, considering only locally generated errors. Externally + // generated errors are treated as successes. + // + // This field is only relevant when // :ref:`outlier_detection.split_external_local_origin_errors` - // is ``true``. - // See :ref:`Cluster outlier detection ` documentation for - // details. + // is set to ``true``. + // + // For more information, see the :ref:`Cluster outlier detection ` documentation. + // + // .. note:: + // + // The message will be missing if the host didn’t receive enough traffic to compute a success rate, or if the + // cluster didn’t have enough hosts to perform outlier ejection based on success rate. // - // Note: the message will not be present if host did not have enough request volume to calculate - // success rate or the cluster did not have enough hosts to run through success rate outlier - // ejection. type.v3.Percent local_origin_success_rate = 8; // locality of the host. diff --git a/envoy-types/proto/data-plane-api/envoy/config/cluster/v3/cluster.proto b/envoy-types/proto/data-plane-api/envoy/config/cluster/v3/cluster.proto index 16b39af..65dae6b 100644 --- a/envoy-types/proto/data-plane-api/envoy/config/cluster/v3/cluster.proto +++ b/envoy-types/proto/data-plane-api/envoy/config/cluster/v3/cluster.proto @@ -1359,7 +1359,7 @@ message TrackClusterStats { // If request_response_sizes is true, then the :ref:`histograms // ` tracking header and body sizes - // of requests and responses will be published. + // of requests and responses will be published. Additionally, number of headers in the requests and responses will be tracked. bool request_response_sizes = 2; // If true, some stats will be emitted per-endpoint, similar to the stats in admin ``/clusters`` diff --git a/envoy-types/proto/data-plane-api/envoy/config/core/v3/address.proto b/envoy-types/proto/data-plane-api/envoy/config/core/v3/address.proto index af0afeb..e459ce3 100644 --- a/envoy-types/proto/data-plane-api/envoy/config/core/v3/address.proto +++ b/envoy-types/proto/data-plane-api/envoy/config/core/v3/address.proto @@ -64,7 +64,7 @@ message EnvoyInternalAddress { string endpoint_id = 2; } -// [#next-free-field: 7] +// [#next-free-field: 8] message SocketAddress { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.SocketAddress"; @@ -111,6 +111,11 @@ message SocketAddress { // allow both IPv4 and IPv6 connections, with peer IPv4 addresses mapped into // IPv6 space as ``::FFFF:``. bool ipv4_compat = 6; + + // The Linux network namespace to bind the socket to. If this is set, Envoy will + // create the socket in the specified network namespace. Only supported on Linux. + // [#not-implemented-hide:] + string network_namespace_filepath = 7; } message TcpKeepalive { diff --git a/envoy-types/proto/data-plane-api/envoy/config/core/v3/protocol.proto b/envoy-types/proto/data-plane-api/envoy/config/core/v3/protocol.proto index c59bb78..020cc52 100644 --- a/envoy-types/proto/data-plane-api/envoy/config/core/v3/protocol.proto +++ b/envoy-types/proto/data-plane-api/envoy/config/core/v3/protocol.proto @@ -670,7 +670,7 @@ message GrpcProtocolOptions { } // A message which allows using HTTP/3. -// [#next-free-field: 7] +// [#next-free-field: 8] message Http3ProtocolOptions { QuicProtocolOptions quic_protocol_options = 1; @@ -697,6 +697,14 @@ message Http3ProtocolOptions { // docs](https://github.com/envoyproxy/envoy/blob/main/source/docs/h2_metadata.md) for more // information. bool allow_metadata = 6; + + // [#not-implemented-hide:] Hiding until Envoy has full HTTP/3 upstream support. + // Still under implementation. DO NOT USE. + // + // Disables QPACK compression related features for HTTP/3 including: + // No huffman encoding, zero dynamic table capacity and no cookie crumbing. + // This can be useful for trading off CPU vs bandwidth when an upstream HTTP/3 connection multiplexes multiple downstream connections. + bool disable_qpack = 7; } // A message to control transformations to the :scheme header diff --git a/envoy-types/proto/data-plane-api/envoy/config/endpoint/v3/endpoint_components.proto b/envoy-types/proto/data-plane-api/envoy/config/endpoint/v3/endpoint_components.proto index 0438251..aa900ee 100644 --- a/envoy-types/proto/data-plane-api/envoy/config/endpoint/v3/endpoint_components.proto +++ b/envoy-types/proto/data-plane-api/envoy/config/endpoint/v3/endpoint_components.proto @@ -23,6 +23,9 @@ import "envoy/config/core/v3/health_check.proto"; import "google/protobuf/wrappers.proto"; +import "xds/core/v3/collection_entry.proto"; + +import "envoy/annotations/deprecation.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; import "validate/validate.proto"; @@ -147,14 +150,24 @@ message LbEndpoint { google.protobuf.UInt32Value load_balancing_weight = 4 [(validate.rules).uint32 = {gte: 1}]; } +// LbEndpoint list collection. Entries are `LbEndpoint` resources or references. // [#not-implemented-hide:] -// A configuration for a LEDS collection. +message LbEndpointCollection { + xds.core.v3.CollectionEntry entries = 1; +} + +// A configuration for an LEDS collection. message LedsClusterLocalityConfig { // Configuration for the source of LEDS updates for a Locality. core.v3.ConfigSource leds_config = 1; - // The xDS transport protocol glob collection resource name. - // The service is only supported in delta xDS (incremental) mode. + // The name of the LbEndpoint collection resource. + // + // If the name ends in ``/*``, it indicates an LbEndpoint glob collection, + // which is supported only in the xDS incremental protocol variants. + // Otherwise, it indicates an LbEndpointCollection list collection. + // + // Envoy currently supports only glob collections. string leds_collection_name = 2; } @@ -179,18 +192,20 @@ message LocalityLbEndpoints { core.v3.Metadata metadata = 9; // The group of endpoints belonging to the locality specified. - // [#comment:TODO(adisuissa): Once LEDS is implemented this field needs to be - // deprecated and replaced by ``load_balancer_endpoints``.] + // This is ignored if :ref:`leds_cluster_locality_config + // ` is set. repeated LbEndpoint lb_endpoints = 2; - // [#not-implemented-hide:] oneof lb_config { - // The group of endpoints belonging to the locality. - // [#comment:TODO(adisuissa): Once LEDS is implemented the ``lb_endpoints`` field - // needs to be deprecated.] - LbEndpointList load_balancer_endpoints = 7; + // [#not-implemented-hide:] + // Not implemented and deprecated. + LbEndpointList load_balancer_endpoints = 7 + [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // LEDS Configuration for the current locality. + // If this is set, the :ref:`lb_endpoints + // ` + // field is ignored. LedsClusterLocalityConfig leds_cluster_locality_config = 8; } diff --git a/envoy-types/proto/data-plane-api/envoy/config/rbac/v3/rbac.proto b/envoy-types/proto/data-plane-api/envoy/config/rbac/v3/rbac.proto index 5dcb6f0..50e05f3 100644 --- a/envoy-types/proto/data-plane-api/envoy/config/rbac/v3/rbac.proto +++ b/envoy-types/proto/data-plane-api/envoy/config/rbac/v3/rbac.proto @@ -328,7 +328,7 @@ message Permission { // Principal defines an identity or a group of identities for a downstream // subject. -// [#next-free-field: 14] +// [#next-free-field: 15] message Principal { option (udpa.annotations.versioning).previous_message_type = "envoy.config.rbac.v2.Principal"; @@ -342,6 +342,10 @@ message Principal { } // Authentication attributes for a downstream. + // It is recommended to NOT use this type, but instead use + // :ref:`MTlsAuthenticated `, + // configured via :ref:`custom `, + // which should be used for most use cases due to its improved security. message Authenticated { option (udpa.annotations.versioning).previous_message_type = "envoy.config.rbac.v2.Principal.Authenticated"; @@ -350,7 +354,11 @@ message Principal { // The name of the principal. If set, The URI SAN or DNS SAN in that order // is used from the certificate, otherwise the subject field is used. If - // unset, it applies to any user that is authenticated. + // unset, it applies to any user that is allowed by the downstream TLS configuration. + // If :ref:`require_client_certificate ` + // is false or :ref:`trust_chain_verification ` + // is set to :ref:`ACCEPT_UNTRUSTED `, + // then no authentication is required. type.matcher.v3.StringMatcher principal_name = 2; } @@ -369,6 +377,10 @@ message Principal { bool any = 3 [(validate.rules).bool = {const: true}]; // Authenticated attributes that identify the downstream. + // It is recommended to NOT use this field, but instead use + // :ref:`MTlsAuthenticated `, + // configured via :ref:`custom `, + // which should be used for most use cases due to its improved security. Authenticated authenticated = 4; // A CIDR block that describes the downstream IP. @@ -421,6 +433,10 @@ message Principal { // Matches against metadata from either dynamic state or route configuration. Preferred over the // ``metadata`` field as it provides more flexibility in metadata source selection. SourcedMetadata sourced_metadata = 13; + + // Extension for configuring custom principals for RBAC. + // [#extension-category: envoy.rbac.principals] + core.v3.TypedExtensionConfig custom = 14; } } diff --git a/envoy-types/proto/data-plane-api/envoy/config/route/v3/route_components.proto b/envoy-types/proto/data-plane-api/envoy/config/route/v3/route_components.proto index 1ba05d2..ba26701 100644 --- a/envoy-types/proto/data-plane-api/envoy/config/route/v3/route_components.proto +++ b/envoy-types/proto/data-plane-api/envoy/config/route/v3/route_components.proto @@ -19,6 +19,7 @@ package envoy.config.route.v3; import "envoy/config/core/v3/base.proto"; import "envoy/config/core/v3/extension.proto"; import "envoy/config/core/v3/proxy_protocol.proto"; +import "envoy/type/matcher/v3/filter_state.proto"; import "envoy/type/matcher/v3/metadata.proto"; import "envoy/type/matcher/v3/regex.proto"; import "envoy/type/matcher/v3/string.proto"; @@ -524,7 +525,7 @@ message ClusterSpecifierPlugin { bool is_optional = 2; } -// [#next-free-field: 16] +// [#next-free-field: 17] message RouteMatch { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RouteMatch"; @@ -675,6 +676,12 @@ message RouteMatch { // If the number of specified dynamic metadata matchers is nonzero, they all must match the // dynamic metadata for a match to occur. repeated type.matcher.v3.MetadataMatcher dynamic_metadata = 13; + + // Specifies a set of filter state matchers on which the route should match. + // The router will check the filter state against all the specified filter state matchers. + // If the number of specified filter state matchers is nonzero, they all must match the + // filter state for a match to occur. + repeated type.matcher.v3.FilterStateMatcher filter_state = 16; } // Cors policy configuration. diff --git a/envoy-types/proto/data-plane-api/envoy/data/accesslog/v3/accesslog.proto b/envoy-types/proto/data-plane-api/envoy/data/accesslog/v3/accesslog.proto index f51ab52..ee77838 100644 --- a/envoy-types/proto/data-plane-api/envoy/data/accesslog/v3/accesslog.proto +++ b/envoy-types/proto/data-plane-api/envoy/data/accesslog/v3/accesslog.proto @@ -123,14 +123,16 @@ message AccessLogCommon { double sample_rate = 1 [(validate.rules).double = {lte: 1.0 gt: 0.0}]; // This field is the remote/origin address on which the request from the user was received. - // Note: This may not be the physical peer. E.g, if the remote address is inferred from for - // example the x-forwarder-for header, proxy protocol, etc. + // + // .. note:: + // This may not be the actual peer address. For example, it might be derived from headers like ``x-forwarded-for``, + // the proxy protocol, or similar sources. config.core.v3.Address downstream_remote_address = 2; // This field is the local/destination address on which the request from the user was received. config.core.v3.Address downstream_local_address = 3; - // If the connection is secure,S this field will contain TLS properties. + // If the connection is secure, this field will contain TLS properties. TLSProperties tls_properties = 4; // The time that Envoy started servicing this request. This is effectively the time that the first @@ -142,7 +144,7 @@ message AccessLogCommon { google.protobuf.Duration time_to_last_rx_byte = 6; // Interval between the first downstream byte received and the first upstream byte sent. There may - // by considerable delta between ``time_to_last_rx_byte`` and this value due to filters. + // be considerable delta between ``time_to_last_rx_byte`` and this value due to filters. // Additionally, the same caveats apply as documented in ``time_to_last_downstream_tx_byte`` about // not accounting for kernel socket buffer time, etc. google.protobuf.Duration time_to_first_upstream_tx_byte = 7; @@ -201,7 +203,7 @@ message AccessLogCommon { // If upstream connection failed due to transport socket (e.g. TLS handshake), provides the // failure reason from the transport socket. The format of this field depends on the configured // upstream transport socket. Common TLS failures are in - // :ref:`TLS trouble shooting `. + // :ref:`TLS troubleshooting `. string upstream_transport_failure_reason = 18; // The name of the route @@ -218,7 +220,7 @@ message AccessLogCommon { map filter_state_objects = 21; // A list of custom tags, which annotate logs with additional information. - // To configure this value, users should configure + // To configure this value, see the documentation for // :ref:`custom_tags `. map custom_tags = 22; @@ -239,40 +241,41 @@ message AccessLogCommon { // This could be any format string that could be used to identify one stream. string stream_id = 26; - // If this log entry is final log entry that flushed after the stream completed or - // intermediate log entry that flushed periodically during the stream. - // There may be multiple intermediate log entries and only one final log entry for each - // long-live stream (TCP connection, long-live HTTP2 stream). - // And if it is necessary, unique ID or identifier can be added to the log entry - // :ref:`stream_id ` to - // correlate all these intermediate log entries and final log entry. + // Indicates whether this log entry is the final entry (flushed after the stream completed) or an intermediate entry + // (flushed periodically during the stream). + // + // For long-lived streams (e.g., TCP connections or long-lived HTTP/2 streams), there may be multiple intermediate + // entries and only one final entry. + // + // If needed, a unique identifier (see :ref:`stream_id `) + // can be used to correlate all intermediate and final log entries for the same stream. // // .. attention:: // - // This field is deprecated in favor of ``access_log_type`` for better indication of the - // type of the access log record. + // This field is deprecated in favor of ``access_log_type``, which provides a clearer indication of the log entry + // type. bool intermediate_log_entry = 27 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // If downstream connection in listener failed due to transport socket (e.g. TLS handshake), provides the // failure reason from the transport socket. The format of this field depends on the configured downstream - // transport socket. Common TLS failures are in :ref:`TLS trouble shooting `. + // transport socket. Common TLS failures are in :ref:`TLS troubleshooting `. string downstream_transport_failure_reason = 28; // For HTTP: Total number of bytes sent to the downstream by the http stream. - // For TCP: Total number of bytes sent to the downstream by the tcp proxy. + // For TCP: Total number of bytes sent to the downstream by the :ref:`TCP Proxy `. uint64 downstream_wire_bytes_sent = 29; // For HTTP: Total number of bytes received from the downstream by the http stream. Envoy over counts sizes of received HTTP/1.1 pipelined requests by adding up bytes of requests in the pipeline to the one currently being processed. - // For TCP: Total number of bytes received from the downstream by the tcp proxy. + // For TCP: Total number of bytes received from the downstream by the :ref:`TCP Proxy `. uint64 downstream_wire_bytes_received = 30; // For HTTP: Total number of bytes sent to the upstream by the http stream. This value accumulates during upstream retries. - // For TCP: Total number of bytes sent to the upstream by the tcp proxy. + // For TCP: Total number of bytes sent to the upstream by the :ref:`TCP Proxy `. uint64 upstream_wire_bytes_sent = 31; // For HTTP: Total number of bytes received from the upstream by the http stream. - // For TCP: Total number of bytes sent to the upstream by the tcp proxy. + // For TCP: Total number of bytes sent to the upstream by the :ref:`TCP Proxy `. uint64 upstream_wire_bytes_received = 32; // The type of the access log, which indicates when the log was recorded. @@ -311,7 +314,7 @@ message ResponseFlags { // Indicates there was no healthy upstream. bool no_healthy_upstream = 2; - // Indicates an there was an upstream request timeout. + // Indicates there was an upstream request timeout. bool upstream_request_timeout = 3; // Indicates local codec level reset was sent on the stream. @@ -372,7 +375,7 @@ message ResponseFlags { // Indicates that a filter configuration is not available. bool no_filter_config_found = 22; - // Indicates that request or connection exceeded the downstream connection duration. + // Indicates that the request or connection exceeded the downstream connection duration. bool duration_timeout = 23; // Indicates there was an HTTP protocol error in the upstream response. @@ -494,7 +497,7 @@ message HTTPRequestProperties { // do not already have a request ID. string request_id = 9; - // Value of the ``X-Envoy-Original-Path`` request header. + // Value of the ``x-envoy-original-path`` request header. string original_path = 10; // Size of the HTTP request headers in bytes. diff --git a/envoy-types/proto/data-plane-api/envoy/data/tap/v3/transport.proto b/envoy-types/proto/data-plane-api/envoy/data/tap/v3/transport.proto index a1d7fb1..3f253f0 100644 --- a/envoy-types/proto/data-plane-api/envoy/data/tap/v3/transport.proto +++ b/envoy-types/proto/data-plane-api/envoy/data/tap/v3/transport.proto @@ -34,6 +34,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // sequences on a socket. // Event in a socket trace. +// [#next-free-field: 6] message SocketEvent { option (udpa.annotations.versioning).previous_message_type = "envoy.data.tap.v2alpha.SocketEvent"; @@ -79,6 +80,9 @@ message SocketEvent { Closed closed = 4; } + + // Connection information per event + Connection connection = 5; } // Sequence of read/write events that constitute a buffered trace on a socket. diff --git a/envoy-types/proto/data-plane-api/envoy/extensions/dynamic_modules/v3/dynamic_modules.proto b/envoy-types/proto/data-plane-api/envoy/extensions/dynamic_modules/v3/dynamic_modules.proto index ff7f8ad..b8ee500 100644 --- a/envoy-types/proto/data-plane-api/envoy/extensions/dynamic_modules/v3/dynamic_modules.proto +++ b/envoy-types/proto/data-plane-api/envoy/extensions/dynamic_modules/v3/dynamic_modules.proto @@ -16,8 +16,6 @@ syntax = "proto3"; package envoy.extensions.dynamic_modules.v3; -import "xds/annotations/v3/status.proto"; - import "udpa/annotations/status.proto"; import "validate/validate.proto"; @@ -26,7 +24,6 @@ option java_outer_classname = "DynamicModulesProto"; option java_multiple_files = true; option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/dynamic_modules/v3;dynamic_modulesv3"; option (udpa.annotations.file_status).package_version_status = ACTIVE; -option (xds.annotations.v3.file_status).work_in_progress = true; // [#protodoc-title: Dynamic Modules common configuration] @@ -46,8 +43,6 @@ option (xds.annotations.v3.file_status).work_in_progress = true; // this restriction and hopefully provide a wider compatibility guarantee. Until then, Envoy // checks the hash of the ABI header files to ensure that the dynamic modules are built against the // same version of the ABI. -// -// Currently, the implementation is work in progress and not usable. message DynamicModuleConfig { // The name of the dynamic module. The client is expected to have some configuration indicating where to search for the module. // In Envoy, the search path can only be configured via the environment variable ``ENVOY_DYNAMIC_MODULES_SEARCH_PATH``. diff --git a/envoy-types/proto/data-plane-api/envoy/extensions/filters/common/dependency/v3/dependency.proto b/envoy-types/proto/data-plane-api/envoy/extensions/filters/common/dependency/v3/dependency.proto index 10db2e3..f986ace 100644 --- a/envoy-types/proto/data-plane-api/envoy/extensions/filters/common/dependency/v3/dependency.proto +++ b/envoy-types/proto/data-plane-api/envoy/extensions/filters/common/dependency/v3/dependency.proto @@ -48,10 +48,10 @@ message FilterDependencies { // A list of dependencies required on the decode path. repeated Dependency decode_required = 1; - // A list of dependencies provided on the encode path. + // A list of dependencies provided on the decode path. repeated Dependency decode_provided = 2; - // A list of dependencies required on the decode path. + // A list of dependencies required on the encode path. repeated Dependency encode_required = 3; // A list of dependencies provided on the encode path. diff --git a/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/adaptive_concurrency/v3/adaptive_concurrency.proto b/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/adaptive_concurrency/v3/adaptive_concurrency.proto index a34775f..fe3bf50 100644 --- a/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/adaptive_concurrency/v3/adaptive_concurrency.proto +++ b/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/adaptive_concurrency/v3/adaptive_concurrency.proto @@ -61,18 +61,19 @@ message GradientControllerConfig { } // Parameters controlling the periodic minRTT recalculation. - // [#next-free-field: 6] + // [#next-free-field: 7] message MinimumRTTCalculationParams { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.http.adaptive_concurrency.v2alpha.GradientControllerConfig." "MinimumRTTCalculationParams"; // The time interval between recalculating the minimum request round-trip time. Has to be - // positive. - google.protobuf.Duration interval = 1 [(validate.rules).duration = { - required: true - gte {nanos: 1000000} - }]; + // positive. If set to zero, dynamic sampling of the minRTT is disabled. + google.protobuf.Duration interval = 1 [(validate.rules).duration = {gte {nanos: 1000000}}]; + + // The fixed value for the minRTT. This value is used when minRTT is not sampled dynamically. + // If dynamic sampling of the minRTT is disabled, this field must be set. + google.protobuf.Duration fixed_value = 6 [(validate.rules).duration = {gt {}}]; // The number of requests to aggregate/sample during the minRTT recalculation window before // updating. Defaults to 50. diff --git a/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/compressor/v3/compressor.proto b/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/compressor/v3/compressor.proto index 48226e4..ce62b51 100644 --- a/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/compressor/v3/compressor.proto +++ b/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/compressor/v3/compressor.proto @@ -81,6 +81,13 @@ message Compressor { // To avoid interfering with other compression filters in the same chain use this option in // the filter closest to the upstream. bool remove_accept_encoding_header = 3; + + // Set of response codes for which compression is disabled, e.g. 206 Partial Content should not + // be compressed. + repeated uint32 uncompressible_response_codes = 4 [(validate.rules).repeated = { + unique: true + items {uint32 {lt: 600 gte: 200}} + }]; } // Minimum response length, in bytes, which will trigger compression. The default value is 30. diff --git a/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/dynamic_modules/v3/dynamic_modules.proto b/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/dynamic_modules/v3/dynamic_modules.proto index a059856..c9c2b91 100644 --- a/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/dynamic_modules/v3/dynamic_modules.proto +++ b/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/dynamic_modules/v3/dynamic_modules.proto @@ -20,8 +20,6 @@ import "envoy/extensions/dynamic_modules/v3/dynamic_modules.proto"; import "google/protobuf/any.proto"; -import "xds/annotations/v3/status.proto"; - import "udpa/annotations/status.proto"; option java_package = "io.envoyproxy.envoy.extensions.filters.http.dynamic_modules.v3"; @@ -29,7 +27,6 @@ option java_outer_classname = "DynamicModulesProto"; option java_multiple_files = true; option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/dynamic_modules/v3;dynamic_modulesv3"; option (udpa.annotations.file_status).package_version_status = ACTIVE; -option (xds.annotations.v3.file_status).work_in_progress = true; // [#protodoc-title: HTTP filter for dynamic modules] // [#extension: envoy.filters.http.dynamic_modules] @@ -39,8 +36,6 @@ option (xds.annotations.v3.file_status).work_in_progress = true; // // A module can be loaded by multiple HTTP filters, hence the program can be structured in a way that // the module is loaded only once and shared across multiple filters providing multiple functionalities. -// -// Currently, the implementation is work in progress and not usable. message DynamicModuleFilter { // Specifies the shared-object level configuration. envoy.extensions.dynamic_modules.v3.DynamicModuleConfig dynamic_module_config = 1; diff --git a/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/ext_proc/v3/ext_proc.proto b/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/ext_proc/v3/ext_proc.proto index bbab4fb..37ea6c9 100644 --- a/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/ext_proc/v3/ext_proc.proto +++ b/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/ext_proc/v3/ext_proc.proto @@ -345,9 +345,14 @@ message ExternalProcessor { repeated ProcessingMode allowed_override_modes = 22; // Decorator to introduce custom logic that runs after a message received from - // the External Processor is processed. + // the External Processor is processed, but before continuing filter chain iteration. + // + // .. note:: + // Response processors are currently in alpha. + // // [#extension-category: envoy.http.ext_proc.response_processors] - config.core.v3.TypedExtensionConfig on_processing_response = 23; + config.core.v3.TypedExtensionConfig on_processing_response = 23 + [(xds.annotations.v3.field_status).work_in_progress = true]; } // ExtProcHttpService is used for HTTP communication between the filter and the external processing service. diff --git a/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/health_check/v3/health_check.proto b/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/health_check/v3/health_check.proto index 215f491..7cccea4 100644 --- a/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/health_check/v3/health_check.proto +++ b/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/health_check/v3/health_check.proto @@ -52,7 +52,8 @@ message HealthCheck { // If operating in non-pass-through mode, specifies a set of upstream cluster // names and the minimum percentage of servers in each of those clusters that - // must be healthy or degraded in order for the filter to return a 200. + // must be healthy or degraded in order for the filter to return a 200. If any of + // the clusters configured here does not exist, the filter will not return a 200. // // .. note:: // diff --git a/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/jwt_authn/v3/config.proto b/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/jwt_authn/v3/config.proto index e7eb7f4..cde0974 100644 --- a/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/jwt_authn/v3/config.proto +++ b/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/jwt_authn/v3/config.proto @@ -703,8 +703,7 @@ message FilterStateRule { // A map of string keys to requirements. The string key is the string value // in the FilterState with the name specified in the ``name`` field above. - map - requires = 3; + map requires = 3; } // This is the Envoy HTTP filter config for JWT authentication. @@ -749,7 +748,7 @@ message FilterStateRule { // - provider_name: provider1 // - provider_name: provider2 // -// [#next-free-field: 7] +// [#next-free-field: 8] message JwtAuthentication { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.http.jwt_authn.v2alpha.JwtAuthentication"; @@ -827,6 +826,9 @@ message JwtAuthentication { // in the body along with WWWAuthenticate header value set with "invalid token". If this value is set to true, // the response details will be stripped and only a 401 response code will be returned. Default value is false bool strip_failure_response = 6; + + // Optional additional prefix to use when emitting statistics. + string stat_prefix = 7; } // Specify per-route config. diff --git a/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/oauth2/v3/oauth.proto b/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/oauth2/v3/oauth.proto index 377dcca..2ff2a5f 100644 --- a/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/oauth2/v3/oauth.proto +++ b/envoy-types/proto/data-plane-api/envoy/extensions/filters/http/oauth2/v3/oauth.proto @@ -53,7 +53,7 @@ message CookieConfig { SameSite same_site = 1 [(validate.rules).enum = {defined_only: true}]; } -// [#next-free-field: 7] +// [#next-free-field: 8] message CookieConfigs { // Configuration for the bearer token cookie. CookieConfig bearer_token_cookie_config = 1; @@ -72,11 +72,14 @@ message CookieConfigs { // Configuration for the OAuth nonce cookie. CookieConfig oauth_nonce_cookie_config = 6; + + // Configuration for the code verifier cookie. + CookieConfig code_verifier_cookie_config = 7; } // [#next-free-field: 6] message OAuth2Credentials { - // [#next-free-field: 7] + // [#next-free-field: 8] message CookieNames { // Cookie name to hold OAuth bearer token value. When the authentication server validates the // client and returns an authorization token back to the OAuth filter, no matter what format @@ -105,6 +108,10 @@ message OAuth2Credentials { // Cookie name to hold the nonce value. Defaults to ``OauthNonce``. string oauth_nonce = 6 [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}]; + + // Cookie name to hold the PKCE code verifier. Defaults to ``OauthCodeVerifier``. + string code_verifier = 7 + [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}]; } // The client_id to be used in the authorize calls. This value will be URL encoded when sent to the OAuth server. @@ -133,7 +140,7 @@ message OAuth2Credentials { // OAuth config // -// [#next-free-field: 22] +// [#next-free-field: 23] message OAuth2Config { enum AuthType { // The ``client_id`` and ``client_secret`` will be sent in the URL encoded request body. @@ -238,6 +245,9 @@ message OAuth2Config { // Controls for attributes that can be set on the cookies. CookieConfigs cookie_configs = 21; + + // Optional additional prefix to use when emitting statistics. + string stat_prefix = 22; } // Filter config. diff --git a/envoy-types/proto/data-plane-api/envoy/extensions/filters/network/ext_proc/v3/ext_proc.proto b/envoy-types/proto/data-plane-api/envoy/extensions/filters/network/ext_proc/v3/ext_proc.proto index 356fe66..6a89d64 100644 --- a/envoy-types/proto/data-plane-api/envoy/extensions/filters/network/ext_proc/v3/ext_proc.proto +++ b/envoy-types/proto/data-plane-api/envoy/extensions/filters/network/ext_proc/v3/ext_proc.proto @@ -33,7 +33,6 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; option (xds.annotations.v3.file_status).work_in_progress = true; // [#protodoc-title: External Processing Filter] -// [#not-implemented-hide:] // External Processing Filter: Process network traffic using an external service. // [#extension: envoy.filters.network.ext_proc] diff --git a/envoy-types/proto/data-plane-api/envoy/extensions/formatter/req_without_query/v3/req_without_query.proto b/envoy-types/proto/data-plane-api/envoy/extensions/formatter/req_without_query/v3/req_without_query.proto index ae58429..2602b3f 100644 --- a/envoy-types/proto/data-plane-api/envoy/extensions/formatter/req_without_query/v3/req_without_query.proto +++ b/envoy-types/proto/data-plane-api/envoy/extensions/formatter/req_without_query/v3/req_without_query.proto @@ -39,6 +39,10 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // the HTTP request header named X first and if it's not set, then request header Y is used. If // none of the headers are present '-' symbol will be in the log. +// .. warning:: +// Please use %PATH% to replace this extension. +// See :ref:`access log formats ` for more details. + // Configuration for the request without query formatter. message ReqWithoutQuery { } diff --git a/envoy-types/proto/data-plane-api/envoy/extensions/http/ext_proc/response_processors/save_processing_response/v3/save_processing_response.proto b/envoy-types/proto/data-plane-api/envoy/extensions/http/ext_proc/response_processors/save_processing_response/v3/save_processing_response.proto index 811adcc..5e07a38 100644 --- a/envoy-types/proto/data-plane-api/envoy/extensions/http/ext_proc/response_processors/save_processing_response/v3/save_processing_response.proto +++ b/envoy-types/proto/data-plane-api/envoy/extensions/http/ext_proc/response_processors/save_processing_response/v3/save_processing_response.proto @@ -37,6 +37,10 @@ option (xds.annotations.v3.file_status).work_in_progress = true; // `]. // This extension supports saving of request and response headers and trailers, // and immediate response. +// +// .. note:: +// Response processors are currently in alpha. +// // [#next-free-field: 7] message SaveProcessingResponse { message SaveOptions { diff --git a/envoy-types/proto/data-plane-api/envoy/extensions/load_balancing_policies/common/v3/common.proto b/envoy-types/proto/data-plane-api/envoy/extensions/load_balancing_policies/common/v3/common.proto index 11b45e3..50fb1ff 100644 --- a/envoy-types/proto/data-plane-api/envoy/extensions/load_balancing_policies/common/v3/common.proto +++ b/envoy-types/proto/data-plane-api/envoy/extensions/load_balancing_policies/common/v3/common.proto @@ -55,6 +55,9 @@ message LocalityLbConfig { // requests as if all hosts are unhealthy. This can help avoid potentially overwhelming a // failing service. bool fail_traffic_on_panic = 3; + + // If set to true, Envoy will force LocalityDirect routing if a local locality exists. + bool force_locality_direct_routing = 4; } // Configuration for :ref:`locality weighted load balancing diff --git a/envoy-types/proto/data-plane-api/envoy/extensions/rbac/principals/mtls_authenticated/v3/mtls_authenticated.proto b/envoy-types/proto/data-plane-api/envoy/extensions/rbac/principals/mtls_authenticated/v3/mtls_authenticated.proto new file mode 100644 index 0000000..8459345 --- /dev/null +++ b/envoy-types/proto/data-plane-api/envoy/extensions/rbac/principals/mtls_authenticated/v3/mtls_authenticated.proto @@ -0,0 +1,48 @@ +// Copyright 2025 Envoy Project Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package envoy.extensions.rbac.principals.mtls_authenticated.v3; + +import "envoy/extensions/transport_sockets/tls/v3/common.proto"; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.rbac.principals.mtls_authenticated.v3"; +option java_outer_classname = "MtlsAuthenticatedProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/rbac/principals/mtls_authenticated/v3;mtls_authenticatedv3"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: RBAC MTls Authenticated Principal] +// [#extension: envoy.rbac.principals.mtls_authenticated] + +// Authentication attributes for a downstream mTLS connection. All modes require that a peer certificate +// was presented and validated using the ValidationContext in the DownstreamTlsContext configuration. +// +// If neither field is set, a configuration loading error will be generated. This is so that +// not validating SANs requires an affirmative configuration to disable, to prevent accidentally +// not configuring SAN validation. +// +// If ``any_validated_client_certificate`` is set in addition to ``san_matcher`` or a future field +// which specifies additional validation, the other field always takes precedence over +// ``any_validated_client_certificate`` and all specified validation is performed. +message Config { + // Specifies a SAN that must be present in the validated peer certificate. + transport_sockets.tls.v3.SubjectAltNameMatcher san_matcher = 1; + + // Only require that the peer certificate is present and valid. + bool any_validated_client_certificate = 2; +} diff --git a/envoy-types/proto/data-plane-api/envoy/extensions/tracers/fluentd/v3/fluentd.proto b/envoy-types/proto/data-plane-api/envoy/extensions/tracers/fluentd/v3/fluentd.proto new file mode 100644 index 0000000..335f953 --- /dev/null +++ b/envoy-types/proto/data-plane-api/envoy/extensions/tracers/fluentd/v3/fluentd.proto @@ -0,0 +1,67 @@ +// Copyright 2025 Envoy Project Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package envoy.extensions.tracers.fluentd.v3; + +import "envoy/config/core/v3/base.proto"; + +import "google/protobuf/duration.proto"; +import "google/protobuf/wrappers.proto"; + +import "udpa/annotations/migrate.proto"; +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.tracers.fluentd.v3"; +option java_outer_classname = "FluentdProto"; +option java_multiple_files = true; +option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/tracers/fluentd/v3;fluentdv3"; +option (udpa.annotations.file_migrate).move_to_package = "envoy.extensions.tracers.fluentd.v4alpha"; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Fluentd tracer] + +// Configuration for the Fluentd tracer. +// This tracer extension will send the emitted traces over a TCP connection to an upstream that is accepting +// the Fluentd Forward Protocol as described in: `Fluentd Forward Protocol Specification +// `_. +// [#extension: envoy.tracers.fluentd] +// [#next-free-field: 7] +message FluentdConfig { + // The upstream cluster to connect to for streaming the Fluentd messages. + string cluster = 1 [(validate.rules).string = {min_len: 1}]; + + // A tag is a string separated with ``.`` (e.g. ``log.type``) to categorize events. + // See: https://github.com/fluent/fluentd/wiki/Forward-Protocol-Specification-v1#message-modes + string tag = 2 [(validate.rules).string = {min_len: 1}]; + + // The prefix to use when emitting tracer stats. + string stat_prefix = 3 [(validate.rules).string = {min_len: 1}]; + + // Interval for flushing traces to the TCP stream. Tracer will flush requests every time + // this interval is elapsed, or when batch size limit is hit, whichever comes first. Defaults to + // 1 second. + google.protobuf.Duration buffer_flush_interval = 4 [(validate.rules).duration = {gt {}}]; + + // Soft size limit in bytes for access log entries buffer. The logger will buffer requests until + // this limit it hit, or every time flush interval is elapsed, whichever comes first. When the buffer + // limit is hit, the logger will immediately flush the buffer contents. Setting it to zero effectively + // disables the batching. Defaults to 16384. + google.protobuf.UInt32Value buffer_size_bytes = 5; + + // Optional retry, in case upstream connection has failed. If this field is not set, the default values will be applied. + config.core.v3.RetryPolicy retry_policy = 6; +} diff --git a/envoy-types/proto/data-plane-api/envoy/extensions/transport_sockets/tap/v3/tap.proto b/envoy-types/proto/data-plane-api/envoy/extensions/transport_sockets/tap/v3/tap.proto index 7590ba1..e6beb6c 100644 --- a/envoy-types/proto/data-plane-api/envoy/extensions/transport_sockets/tap/v3/tap.proto +++ b/envoy-types/proto/data-plane-api/envoy/extensions/transport_sockets/tap/v3/tap.proto @@ -44,4 +44,14 @@ message Tap { // The underlying transport socket being wrapped. config.core.v3.TransportSocket transport_socket = 2 [(validate.rules).message = {required: true}]; + + // Additional configurations for the transport socket tap + SocketTapConfig socket_tap_config = 3; +} + +// Additional configurations for the transport socket tap +message SocketTapConfig { + // Indicates to whether output the connection information per event + // This is only applicable if the streamed trace is enabled + bool set_connection_per_event = 1; } diff --git a/envoy-types/proto/data-plane-api/envoy/extensions/transport_sockets/tls/v3/common.proto b/envoy-types/proto/data-plane-api/envoy/extensions/transport_sockets/tls/v3/common.proto index 13eb3cf..d95df7d 100644 --- a/envoy-types/proto/data-plane-api/envoy/extensions/transport_sockets/tls/v3/common.proto +++ b/envoy-types/proto/data-plane-api/envoy/extensions/transport_sockets/tls/v3/common.proto @@ -337,6 +337,13 @@ message SubjectAltNameMatcher { // Matcher for SAN value. // + // If the :ref:`san_type ` + // is :ref:`DNS ` + // and the matcher type is :ref:`exact `, DNS wildcards are evaluated + // according to the rules in https://www.rfc-editor.org/rfc/rfc6125#section-6.4.3. + // For example, ``*.example.com`` would match ``test.example.com`` but not ``example.com`` and not + // ``a.b.example.com``. + // // The string matching for OTHER_NAME SAN values depends on their ASN.1 type: // // * OBJECT: Validated against its dotted numeric notation (e.g., "1.2.3.4") diff --git a/envoy-types/proto/data-plane-api/envoy/service/ext_proc/v3/external_processor.proto b/envoy-types/proto/data-plane-api/envoy/service/ext_proc/v3/external_processor.proto index 6c42650..b1a64b4 100644 --- a/envoy-types/proto/data-plane-api/envoy/service/ext_proc/v3/external_processor.proto +++ b/envoy-types/proto/data-plane-api/envoy/service/ext_proc/v3/external_processor.proto @@ -45,9 +45,10 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // 2. The service sends back a ProcessingResponse message that directs Envoy // to either stop processing, continue without it, or send it the // next chunk of the message body. -// 3. If so requested, Envoy sends the server chunks of the message body, -// or the entire body at once. In either case, the server sends back -// a ProcessingResponse after each message it receives. +// 3. If so requested, Envoy sends the server the message body in chunks, +// or the entire body at once. In either case, the server may send back +// a ProcessingResponse for each message it receives, or wait for certain amount +// of body chunks received before streams back the ProcessingResponse messages. // 4. If so requested, Envoy sends the server the HTTP trailers, // and the server sends back a ProcessingResponse. // 5. At this point, request processing is done, and we pick up again @@ -166,8 +167,15 @@ message ProcessingRequest { ProtocolConfiguration protocol_config = 11; } -// For every ProcessingRequest received by the server with the ``observability_mode`` field -// set to false, the server must send back exactly one ProcessingResponse message. +// This represents the different types of messages the server may send back to Envoy +// when the ``observability_mode`` field in the received ProcessingRequest is set to false. +// +// * If the corresponding ``BodySendMode`` in the +// :ref:`processing_mode ` +// is not set to ``FULL_DUPLEX_STREAMED``, then for every received ProcessingRequest, +// the server must send back exactly one ProcessingResponse message. +// * If it is set to ``FULL_DUPLEX_STREAMED``, the server must follow the API defined +// for this mode to send the ProcessingResponse messages. // [#next-free-field: 11] message ProcessingResponse { // The response type that is sent by the server. diff --git a/envoy-types/proto/opentelemetry-proto/opentelemetry/proto/common/v1/common.proto b/envoy-types/proto/opentelemetry-proto/opentelemetry/proto/common/v1/common.proto index ff8a21a..57c9f86 100644 --- a/envoy-types/proto/opentelemetry-proto/opentelemetry/proto/common/v1/common.proto +++ b/envoy-types/proto/opentelemetry-proto/opentelemetry/proto/common/v1/common.proto @@ -79,3 +79,37 @@ message InstrumentationScope { repeated KeyValue attributes = 3; uint32 dropped_attributes_count = 4; } + +// A reference to an Entity. +// Entity represents an object of interest associated with produced telemetry: e.g spans, metrics, profiles, or logs. +// +// Status: [Development] +message EntityRef { + // The Schema URL, if known. This is the identifier of the Schema that the entity data + // is recorded in. To learn more about Schema URL see + // https://opentelemetry.io/docs/specs/otel/schemas/#schema-url + // + // This schema_url applies to the data in this message and to the Resource attributes + // referenced by id_keys and description_keys. + // TODO: discuss if we are happy with this somewhat complicated definition of what + // the schema_url applies to. + // + // This field obsoletes the schema_url field in ResourceMetrics/ResourceSpans/ResourceLogs. + string schema_url = 1; + + // Defines the type of the entity. MUST not change during the lifetime of the entity. + // For example: "service" or "host". This field is required and MUST not be empty + // for valid entities. + string type = 2; + + // Attribute Keys that identify the entity. + // MUST not change during the lifetime of the entity. The Id must contain at least one attribute. + // These keys MUST exist in the containing {message}.attributes. + repeated string id_keys = 3; + + // Descriptive (non-identifying) attribute keys of the entity. + // MAY change over the lifetime of the entity. MAY be empty. + // These attribute keys are not part of entity's identity. + // These keys MUST exist in the containing {message}.attributes. + repeated string description_keys = 4; +} \ No newline at end of file diff --git a/envoy-types/proto/xds/xds/type/v3/cel.proto b/envoy-types/proto/xds/xds/type/v3/cel.proto index fb057a1..f63726c 100644 --- a/envoy-types/proto/xds/xds/type/v3/cel.proto +++ b/envoy-types/proto/xds/xds/type/v3/cel.proto @@ -61,6 +61,13 @@ message CelExpression { // // If set, takes precedence over ``cel_expr_parsed``. cel.expr.CheckedExpr cel_expr_checked = 4; + + // Unparsed expression in string form. For example, ``request.headers['x-env'] == 'prod'`` will + // get ``x-env`` header value and compare it with ``prod``. + // Check the `Common Expression Language `_ for more details. + // + // If set, takes precedence over ``cel_expr_parsed`` and ``cel_expr_checked``. + string cel_expr_string = 5; } // Extracts a string by evaluating a `Common Expression Language diff --git a/envoy-types/src/generated/envoy.admin.v3.rs b/envoy-types/src/generated/envoy.admin.v3.rs index e513878..0deb6d8 100644 --- a/envoy-types/src/generated/envoy.admin.v3.rs +++ b/envoy-types/src/generated/envoy.admin.v3.rs @@ -151,24 +151,25 @@ pub struct ClusterStatus { /// Denotes whether this cluster was added via API or configured statically. #[prost(bool, tag = "2")] pub added_via_api: bool, - /// /// The success rate threshold used in the last interval. - /// If - /// : ref:`outlier_detection.split_external_local_origin_errors` + /// + /// * If :ref:`outlier_detection.split_external_local_origin_errors` /// is `false`, all errors: externally and locally generated were used to calculate the threshold. - /// If - /// : ref:`outlier_detection.split_external_local_origin_errors` + /// * If :ref:`outlier_detection.split_external_local_origin_errors` /// is `true`, only externally generated errors were used to calculate the threshold. - /// The threshold is used to eject hosts based on their success rate. See - /// : ref:`Cluster outlier detection ` documentation for details. /// /// - /// Note: this field may be omitted in any of the three following cases: + /// The threshold is used to eject hosts based on their success rate. For more information, see the + /// : ref:`Cluster outlier detection ` documentation. /// - /// 1. There were not enough hosts with enough request volume to proceed with success rate based - /// outlier ejection. - /// 1. The threshold is computed to be \< 0 because a negative value implies that there was no - /// threshold for that interval. + /// + /// .. note:: + /// + /// This field may be omitted in any of the three following cases: + /// + /// 1. There were not enough hosts with enough request volume to proceed with success rate based outlier ejection. + /// 1. The threshold is computed to be \< 0 because a negative value implies that there was no threshold for that + /// interval. /// 1. Outlier detection is not enabled for this cluster. #[prost(message, optional, tag = "3")] pub success_rate_ejection_threshold: ::core::option::Option< @@ -183,16 +184,17 @@ pub struct ClusterStatus { /// This field should be interpreted only when /// : ref:`outlier_detection.split_external_local_origin_errors` /// is `true`. The threshold is used to eject hosts based on their success rate. - /// See :ref:`Cluster outlier detection ` documentation for - /// details. /// /// - /// Note: this field may be omitted in any of the three following cases: + /// For more information, see the :ref:`Cluster outlier detection ` documentation. + /// + /// .. note:: /// - /// 1. There were not enough hosts with enough request volume to proceed with success rate based - /// outlier ejection. - /// 1. The threshold is computed to be \< 0 because a negative value implies that there was no - /// threshold for that interval. + /// This field may be omitted in any of the three following cases: + /// + /// 1. There were not enough hosts with enough request volume to proceed with success rate based outlier ejection. + /// 1. The threshold is computed to be \< 0 because a negative value implies that there was no threshold for that + /// interval. /// 1. Outlier detection is not enabled for this cluster. #[prost(message, optional, tag = "5")] pub local_origin_success_rate_ejection_threshold: ::core::option::Option< @@ -223,21 +225,19 @@ pub struct HostStatus { /// The host's current health status. #[prost(message, optional, tag = "3")] pub health_status: ::core::option::Option, + /// The success rate for this host during the last measurement interval. /// - /// Request success rate for this host over the last calculated interval. - /// If - /// : ref:`outlier_detection.split_external_local_origin_errors` - /// is `false`, all errors: externally and locally generated were used in success rate - /// calculation. If - /// : ref:`outlier_detection.split_external_local_origin_errors` + /// * If :ref:`outlier_detection.split_external_local_origin_errors` + /// is `false`, all errors: externally and locally generated were used in success rate calculation. + /// * If :ref:`outlier_detection.split_external_local_origin_errors` /// is `true`, only externally generated errors were used in success rate calculation. - /// See :ref:`Cluster outlier detection ` documentation for - /// details. /// + /// For more information, see the :ref:`Cluster outlier detection ` documentation. + /// + /// .. note:: /// - /// Note: the message will not be present if host did not have enough request volume to calculate - /// success rate or the cluster did not have enough hosts to run through success rate outlier - /// ejection. + /// The message will be missing if the host didn't receive enough traffic to calculate a reliable success rate, or + /// if the cluster had too few hosts to apply outlier ejection based on success rate. #[prost(message, optional, tag = "4")] pub success_rate: ::core::option::Option, /// The host's weight. If not configured, the value defaults to 1. @@ -249,20 +249,21 @@ pub struct HostStatus { /// The host's priority. If not configured, the value defaults to 0 (highest priority). #[prost(uint32, tag = "7")] pub priority: u32, + /// The success rate for this host during the last interval, considering only locally generated errors. Externally + /// generated errors are treated as successes. /// - /// Request success rate for this host over the last calculated - /// interval when only locally originated errors are taken into account and externally originated - /// errors were treated as success. - /// This field should be interpreted only when + /// + /// This field is only relevant when /// : ref:`outlier_detection.split_external_local_origin_errors` - /// is `true`. - /// See :ref:`Cluster outlier detection ` documentation for - /// details. + /// is set to `true`. + /// + /// + /// For more information, see the :ref:`Cluster outlier detection ` documentation. /// + /// .. note:: /// - /// Note: the message will not be present if host did not have enough request volume to calculate - /// success rate or the cluster did not have enough hosts to run through success rate outlier - /// ejection. + /// The message will be missing if the host didn’t receive enough traffic to compute a success rate, or if the + /// cluster didn’t have enough hosts to perform outlier ejection based on success rate. #[prost(message, optional, tag = "8")] pub local_origin_success_rate: ::core::option::Option< super::super::r#type::v3::Percent, diff --git a/envoy-types/src/generated/envoy.config.cluster.v3.rs b/envoy-types/src/generated/envoy.config.cluster.v3.rs index 0900408..e5903a0 100644 --- a/envoy-types/src/generated/envoy.config.cluster.v3.rs +++ b/envoy-types/src/generated/envoy.config.cluster.v3.rs @@ -2068,7 +2068,7 @@ pub struct TrackClusterStats { #[prost(bool, tag = "1")] pub timeout_budgets: bool, /// If request_response_sizes is true, then the :ref:`histograms ` tracking header and body sizes - /// of requests and responses will be published. + /// of requests and responses will be published. Additionally, number of headers in the requests and responses will be tracked. #[prost(bool, tag = "2")] pub request_response_sizes: bool, /// If true, some stats will be emitted per-endpoint, similar to the stats in admin `/clusters` diff --git a/envoy-types/src/generated/envoy.config.core.v3.rs b/envoy-types/src/generated/envoy.config.core.v3.rs index 6601526..c149d57 100644 --- a/envoy-types/src/generated/envoy.config.core.v3.rs +++ b/envoy-types/src/generated/envoy.config.core.v3.rs @@ -186,7 +186,7 @@ pub mod envoy_internal_address { ServerListenerName(::prost::alloc::string::String), } } -/// \[\#next-free-field: 7\] +/// \[\#next-free-field: 8\] #[derive(Clone, PartialEq, ::prost::Message)] pub struct SocketAddress { #[prost(enumeration = "socket_address::Protocol", tag = "1")] @@ -215,6 +215,11 @@ pub struct SocketAddress { /// IPv6 space as `::FFFF:`. #[prost(bool, tag = "6")] pub ipv4_compat: bool, + /// The Linux network namespace to bind the socket to. If this is set, Envoy will + /// create the socket in the specified network namespace. Only supported on Linux. + /// \[\#not-implemented-hide:\] + #[prost(string, tag = "7")] + pub network_namespace_filepath: ::prost::alloc::string::String, #[prost(oneof = "socket_address::PortSpecifier", tags = "3, 4")] pub port_specifier: ::core::option::Option, } @@ -3242,7 +3247,7 @@ pub struct GrpcProtocolOptions { pub http2_protocol_options: ::core::option::Option, } /// A message which allows using HTTP/3. -/// \[\#next-free-field: 7\] +/// \[\#next-free-field: 8\] #[derive(Clone, PartialEq, ::prost::Message)] pub struct Http3ProtocolOptions { #[prost(message, optional, tag = "1")] @@ -3270,6 +3275,14 @@ pub struct Http3ProtocolOptions { /// information. #[prost(bool, tag = "6")] pub allow_metadata: bool, + /// \[\#not-implemented-hide:\] Hiding until Envoy has full HTTP/3 upstream support. + /// Still under implementation. DO NOT USE. + /// + /// Disables QPACK compression related features for HTTP/3 including: + /// No huffman encoding, zero dynamic table capacity and no cookie crumbing. + /// This can be useful for trading off CPU vs bandwidth when an upstream HTTP/3 connection multiplexes multiple downstream connections. + #[prost(bool, tag = "7")] + pub disable_qpack: bool, } /// A message to control transformations to the :scheme header #[derive(Clone, PartialEq, ::prost::Message)] diff --git a/envoy-types/src/generated/envoy.config.endpoint.v3.rs b/envoy-types/src/generated/envoy.config.endpoint.v3.rs index 42861e0..745a6b4 100644 --- a/envoy-types/src/generated/envoy.config.endpoint.v3.rs +++ b/envoy-types/src/generated/envoy.config.endpoint.v3.rs @@ -124,15 +124,28 @@ pub mod lb_endpoint { EndpointName(::prost::alloc::string::String), } } +/// LbEndpoint list collection. Entries are `LbEndpoint` resources or references. /// \[\#not-implemented-hide:\] -/// A configuration for a LEDS collection. +#[derive(Clone, PartialEq, ::prost::Message)] +pub struct LbEndpointCollection { + #[prost(message, optional, tag = "1")] + pub entries: ::core::option::Option< + super::super::super::super::xds::core::v3::CollectionEntry, + >, +} +/// A configuration for an LEDS collection. #[derive(Clone, PartialEq, ::prost::Message)] pub struct LedsClusterLocalityConfig { /// Configuration for the source of LEDS updates for a Locality. #[prost(message, optional, tag = "1")] pub leds_config: ::core::option::Option, - /// The xDS transport protocol glob collection resource name. - /// The service is only supported in delta xDS (incremental) mode. + /// The name of the LbEndpoint collection resource. + /// + /// If the name ends in `/*`, it indicates an LbEndpoint glob collection, + /// which is supported only in the xDS incremental protocol variants. + /// Otherwise, it indicates an LbEndpointCollection list collection. + /// + /// Envoy currently supports only glob collections. #[prost(string, tag = "2")] pub leds_collection_name: ::prost::alloc::string::String, } @@ -149,8 +162,7 @@ pub struct LocalityLbEndpoints { #[prost(message, optional, tag = "9")] pub metadata: ::core::option::Option, /// The group of endpoints belonging to the locality specified. - /// \[\#comment:TODO(adisuissa): Once LEDS is implemented this field needs to be - /// deprecated and replaced by `load_balancer_endpoints`.\] + /// This is ignored if :ref:`leds_cluster_locality_config ` is set. #[prost(message, repeated, tag = "2")] pub lb_endpoints: ::prost::alloc::vec::Vec, /// Optional: Per priority/region/zone/sub_zone weight; at least 1. The load @@ -188,7 +200,6 @@ pub struct LocalityLbEndpoints { pub proximity: ::core::option::Option< super::super::super::super::google::protobuf::UInt32Value, >, - /// \[\#not-implemented-hide:\] #[prost(oneof = "locality_lb_endpoints::LbConfig", tags = "7, 8")] pub lb_config: ::core::option::Option, } @@ -201,15 +212,15 @@ pub mod locality_lb_endpoints { #[prost(message, repeated, tag = "1")] pub lb_endpoints: ::prost::alloc::vec::Vec, } - /// \[\#not-implemented-hide:\] #[derive(Clone, PartialEq, ::prost::Oneof)] pub enum LbConfig { - /// The group of endpoints belonging to the locality. - /// \[\#comment:TODO(adisuissa): Once LEDS is implemented the `lb_endpoints` field - /// needs to be deprecated.\] + /// \[\#not-implemented-hide:\] + /// Not implemented and deprecated. #[prost(message, tag = "7")] LoadBalancerEndpoints(LbEndpointList), /// LEDS Configuration for the current locality. + /// If this is set, the :ref:`lb_endpoints ` + /// field is ignored. #[prost(message, tag = "8")] LedsClusterLocalityConfig(super::LedsClusterLocalityConfig), } diff --git a/envoy-types/src/generated/envoy.config.rbac.v3.rs b/envoy-types/src/generated/envoy.config.rbac.v3.rs index 2a86a1b..e6faca1 100644 --- a/envoy-types/src/generated/envoy.config.rbac.v3.rs +++ b/envoy-types/src/generated/envoy.config.rbac.v3.rs @@ -357,12 +357,12 @@ pub mod permission { } /// Principal defines an identity or a group of identities for a downstream /// subject. -/// \[\#next-free-field: 14\] +/// \[\#next-free-field: 15\] #[derive(Clone, PartialEq, ::prost::Message)] pub struct Principal { #[prost( oneof = "principal::Identifier", - tags = "1, 2, 3, 4, 5, 10, 11, 6, 9, 7, 12, 8, 13" + tags = "1, 2, 3, 4, 5, 10, 11, 6, 9, 7, 12, 8, 13, 14" )] pub identifier: ::core::option::Option, } @@ -375,12 +375,21 @@ pub mod principal { #[prost(message, repeated, tag = "1")] pub ids: ::prost::alloc::vec::Vec, } + /// /// Authentication attributes for a downstream. + /// It is recommended to NOT use this type, but instead use + /// : ref:`MTlsAuthenticated `, + /// configured via :ref:`custom `, + /// which should be used for most use cases due to its improved security. #[derive(Clone, PartialEq, ::prost::Message)] pub struct Authenticated { /// The name of the principal. If set, The URI SAN or DNS SAN in that order /// is used from the certificate, otherwise the subject field is used. If - /// unset, it applies to any user that is authenticated. + /// unset, it applies to any user that is allowed by the downstream TLS configuration. + /// If :ref:`require_client_certificate ` + /// is false or :ref:`trust_chain_verification ` + /// is set to :ref:`ACCEPT_UNTRUSTED `, + /// then no authentication is required. #[prost(message, optional, tag = "2")] pub principal_name: ::core::option::Option< super::super::super::super::r#type::matcher::v3::StringMatcher, @@ -399,7 +408,12 @@ pub mod principal { /// When any is set, it matches any downstream. #[prost(bool, tag = "3")] Any(bool), + /// /// Authenticated attributes that identify the downstream. + /// It is recommended to NOT use this field, but instead use + /// : ref:`MTlsAuthenticated `, + /// configured via :ref:`custom `, + /// which should be used for most use cases due to its improved security. #[prost(message, tag = "4")] Authenticated(Authenticated), /// A CIDR block that describes the downstream IP. @@ -453,6 +467,10 @@ pub mod principal { /// `metadata` field as it provides more flexibility in metadata source selection. #[prost(message, tag = "13")] SourcedMetadata(super::SourcedMetadata), + /// Extension for configuring custom principals for RBAC. + /// \[\#extension-category: envoy.rbac.principals\] + #[prost(message, tag = "14")] + Custom(super::super::super::core::v3::TypedExtensionConfig), } } /// Action defines the result of allowance or denial when a request matches the matcher. diff --git a/envoy-types/src/generated/envoy.config.route.v3.rs b/envoy-types/src/generated/envoy.config.route.v3.rs index c776dfd..19efb9d 100644 --- a/envoy-types/src/generated/envoy.config.route.v3.rs +++ b/envoy-types/src/generated/envoy.config.route.v3.rs @@ -540,7 +540,7 @@ pub struct ClusterSpecifierPlugin { #[prost(bool, tag = "2")] pub is_optional: bool, } -/// \[\#next-free-field: 16\] +/// \[\#next-free-field: 17\] #[derive(Clone, PartialEq, ::prost::Message)] pub struct RouteMatch { /// Indicates that prefix/path matching should be case sensitive. The default @@ -614,6 +614,14 @@ pub struct RouteMatch { pub dynamic_metadata: ::prost::alloc::vec::Vec< super::super::super::r#type::matcher::v3::MetadataMatcher, >, + /// Specifies a set of filter state matchers on which the route should match. + /// The router will check the filter state against all the specified filter state matchers. + /// If the number of specified filter state matchers is nonzero, they all must match the + /// filter state for a match to occur. + #[prost(message, repeated, tag = "16")] + pub filter_state: ::prost::alloc::vec::Vec< + super::super::super::r#type::matcher::v3::FilterStateMatcher, + >, #[prost(oneof = "route_match::PathSpecifier", tags = "1, 2, 10, 12, 14, 15")] pub path_specifier: ::core::option::Option, } diff --git a/envoy-types/src/generated/envoy.data.accesslog.v3.rs b/envoy-types/src/generated/envoy.data.accesslog.v3.rs index 7ba6df0..a5c9f5a 100644 --- a/envoy-types/src/generated/envoy.data.accesslog.v3.rs +++ b/envoy-types/src/generated/envoy.data.accesslog.v3.rs @@ -91,8 +91,10 @@ pub struct AccessLogCommon { #[prost(double, tag = "1")] pub sample_rate: f64, /// This field is the remote/origin address on which the request from the user was received. - /// Note: This may not be the physical peer. E.g, if the remote address is inferred from for - /// example the x-forwarder-for header, proxy protocol, etc. + /// + /// .. note:: + /// This may not be the actual peer address. For example, it might be derived from headers like `x-forwarded-for`, + /// the proxy protocol, or similar sources. #[prost(message, optional, tag = "2")] pub downstream_remote_address: ::core::option::Option< super::super::super::config::core::v3::Address, @@ -102,7 +104,7 @@ pub struct AccessLogCommon { pub downstream_local_address: ::core::option::Option< super::super::super::config::core::v3::Address, >, - /// If the connection is secure,S this field will contain TLS properties. + /// If the connection is secure, this field will contain TLS properties. #[prost(message, optional, tag = "4")] pub tls_properties: ::core::option::Option, /// The time that Envoy started servicing this request. This is effectively the time that the first @@ -118,7 +120,7 @@ pub struct AccessLogCommon { super::super::super::super::google::protobuf::Duration, >, /// Interval between the first downstream byte received and the first upstream byte sent. There may - /// by considerable delta between `time_to_last_rx_byte` and this value due to filters. + /// be considerable delta between `time_to_last_rx_byte` and this value due to filters. /// Additionally, the same caveats apply as documented in `time_to_last_downstream_tx_byte` about /// not accounting for kernel socket buffer time, etc. #[prost(message, optional, tag = "7")] @@ -196,7 +198,7 @@ pub struct AccessLogCommon { /// If upstream connection failed due to transport socket (e.g. TLS handshake), provides the /// failure reason from the transport socket. The format of this field depends on the configured /// upstream transport socket. Common TLS failures are in - /// : ref:`TLS trouble shooting `. + /// : ref:`TLS troubleshooting `. #[prost(string, tag = "18")] pub upstream_transport_failure_reason: ::prost::alloc::string::String, /// The name of the route @@ -219,7 +221,7 @@ pub struct AccessLogCommon { >, /// /// A list of custom tags, which annotate logs with additional information. - /// To configure this value, users should configure + /// To configure this value, see the documentation for /// : ref:`custom_tags `. #[prost(map = "string, string", tag = "22")] pub custom_tags: ::std::collections::HashMap< @@ -245,42 +247,41 @@ pub struct AccessLogCommon { /// This could be any format string that could be used to identify one stream. #[prost(string, tag = "26")] pub stream_id: ::prost::alloc::string::String, + /// Indicates whether this log entry is the final entry (flushed after the stream completed) or an intermediate entry + /// (flushed periodically during the stream). /// - /// If this log entry is final log entry that flushed after the stream completed or - /// intermediate log entry that flushed periodically during the stream. - /// There may be multiple intermediate log entries and only one final log entry for each - /// long-live stream (TCP connection, long-live HTTP2 stream). - /// And if it is necessary, unique ID or identifier can be added to the log entry - /// : ref:`stream_id ` to - /// correlate all these intermediate log entries and final log entry. + /// For long-lived streams (e.g., TCP connections or long-lived HTTP/2 streams), there may be multiple intermediate + /// entries and only one final entry. /// + /// If needed, a unique identifier (see :ref:`stream_id `) + /// can be used to correlate all intermediate and final log entries for the same stream. /// /// .. attention:: /// - /// This field is deprecated in favor of `access_log_type` for better indication of the - /// type of the access log record. + /// This field is deprecated in favor of `access_log_type`, which provides a clearer indication of the log entry + /// type. #[deprecated] #[prost(bool, tag = "27")] pub intermediate_log_entry: bool, /// If downstream connection in listener failed due to transport socket (e.g. TLS handshake), provides the /// failure reason from the transport socket. The format of this field depends on the configured downstream - /// transport socket. Common TLS failures are in :ref:`TLS trouble shooting `. + /// transport socket. Common TLS failures are in :ref:`TLS troubleshooting `. #[prost(string, tag = "28")] pub downstream_transport_failure_reason: ::prost::alloc::string::String, /// For HTTP: Total number of bytes sent to the downstream by the http stream. - /// For TCP: Total number of bytes sent to the downstream by the tcp proxy. + /// For TCP: Total number of bytes sent to the downstream by the :ref:`TCP Proxy `. #[prost(uint64, tag = "29")] pub downstream_wire_bytes_sent: u64, /// For HTTP: Total number of bytes received from the downstream by the http stream. Envoy over counts sizes of received HTTP/1.1 pipelined requests by adding up bytes of requests in the pipeline to the one currently being processed. - /// For TCP: Total number of bytes received from the downstream by the tcp proxy. + /// For TCP: Total number of bytes received from the downstream by the :ref:`TCP Proxy `. #[prost(uint64, tag = "30")] pub downstream_wire_bytes_received: u64, /// For HTTP: Total number of bytes sent to the upstream by the http stream. This value accumulates during upstream retries. - /// For TCP: Total number of bytes sent to the upstream by the tcp proxy. + /// For TCP: Total number of bytes sent to the upstream by the :ref:`TCP Proxy `. #[prost(uint64, tag = "31")] pub upstream_wire_bytes_sent: u64, /// For HTTP: Total number of bytes received from the upstream by the http stream. - /// For TCP: Total number of bytes sent to the upstream by the tcp proxy. + /// For TCP: Total number of bytes sent to the upstream by the :ref:`TCP Proxy `. #[prost(uint64, tag = "32")] pub upstream_wire_bytes_received: u64, /// The type of the access log, which indicates when the log was recorded. @@ -302,7 +303,7 @@ pub struct ResponseFlags { /// Indicates there was no healthy upstream. #[prost(bool, tag = "2")] pub no_healthy_upstream: bool, - /// Indicates an there was an upstream request timeout. + /// Indicates there was an upstream request timeout. #[prost(bool, tag = "3")] pub upstream_request_timeout: bool, /// Indicates local codec level reset was sent on the stream. @@ -363,7 +364,7 @@ pub struct ResponseFlags { /// Indicates that a filter configuration is not available. #[prost(bool, tag = "22")] pub no_filter_config_found: bool, - /// Indicates that request or connection exceeded the downstream connection duration. + /// Indicates that the request or connection exceeded the downstream connection duration. #[prost(bool, tag = "23")] pub duration_timeout: bool, /// Indicates there was an HTTP protocol error in the upstream response. @@ -588,7 +589,7 @@ pub struct HttpRequestProperties { /// do not already have a request ID. #[prost(string, tag = "9")] pub request_id: ::prost::alloc::string::String, - /// Value of the `X-Envoy-Original-Path` request header. + /// Value of the `x-envoy-original-path` request header. #[prost(string, tag = "10")] pub original_path: ::prost::alloc::string::String, /// Size of the HTTP request headers in bytes. diff --git a/envoy-types/src/generated/envoy.data.tap.v3.rs b/envoy-types/src/generated/envoy.data.tap.v3.rs index 605db52..51580e6 100644 --- a/envoy-types/src/generated/envoy.data.tap.v3.rs +++ b/envoy-types/src/generated/envoy.data.tap.v3.rs @@ -117,6 +117,7 @@ pub mod http_streamed_trace_segment { } } /// Event in a socket trace. +/// \[\#next-free-field: 6\] #[derive(Clone, PartialEq, ::prost::Message)] pub struct SocketEvent { /// Timestamp for event. @@ -124,6 +125,9 @@ pub struct SocketEvent { pub timestamp: ::core::option::Option< super::super::super::super::google::protobuf::Timestamp, >, + /// Connection information per event + #[prost(message, optional, tag = "5")] + pub connection: ::core::option::Option, /// Read or write with content as bytes string. #[prost(oneof = "socket_event::EventSelector", tags = "2, 3, 4")] pub event_selector: ::core::option::Option, diff --git a/envoy-types/src/generated/envoy.extensions.dynamic_modules.v3.rs b/envoy-types/src/generated/envoy.extensions.dynamic_modules.v3.rs index 2339882..f442e47 100644 --- a/envoy-types/src/generated/envoy.extensions.dynamic_modules.v3.rs +++ b/envoy-types/src/generated/envoy.extensions.dynamic_modules.v3.rs @@ -15,8 +15,6 @@ /// this restriction and hopefully provide a wider compatibility guarantee. Until then, Envoy /// checks the hash of the ABI header files to ensure that the dynamic modules are built against the /// same version of the ABI. -/// -/// Currently, the implementation is work in progress and not usable. #[derive(Clone, PartialEq, ::prost::Message)] pub struct DynamicModuleConfig { /// The name of the dynamic module. The client is expected to have some configuration indicating where to search for the module. diff --git a/envoy-types/src/generated/envoy.extensions.filters.common.dependency.v3.rs b/envoy-types/src/generated/envoy.extensions.filters.common.dependency.v3.rs index 8e5e2cb..5006d49 100644 --- a/envoy-types/src/generated/envoy.extensions.filters.common.dependency.v3.rs +++ b/envoy-types/src/generated/envoy.extensions.filters.common.dependency.v3.rs @@ -58,10 +58,10 @@ pub struct FilterDependencies { /// A list of dependencies required on the decode path. #[prost(message, repeated, tag = "1")] pub decode_required: ::prost::alloc::vec::Vec, - /// A list of dependencies provided on the encode path. + /// A list of dependencies provided on the decode path. #[prost(message, repeated, tag = "2")] pub decode_provided: ::prost::alloc::vec::Vec, - /// A list of dependencies required on the decode path. + /// A list of dependencies required on the encode path. #[prost(message, repeated, tag = "3")] pub encode_required: ::prost::alloc::vec::Vec, /// A list of dependencies provided on the encode path. diff --git a/envoy-types/src/generated/envoy.extensions.filters.http.adaptive_concurrency.v3.rs b/envoy-types/src/generated/envoy.extensions.filters.http.adaptive_concurrency.v3.rs index f9a17d4..c272a80 100644 --- a/envoy-types/src/generated/envoy.extensions.filters.http.adaptive_concurrency.v3.rs +++ b/envoy-types/src/generated/envoy.extensions.filters.http.adaptive_concurrency.v3.rs @@ -34,15 +34,21 @@ pub mod gradient_controller_config { >, } /// Parameters controlling the periodic minRTT recalculation. - /// \[\#next-free-field: 6\] + /// \[\#next-free-field: 7\] #[derive(Clone, Copy, PartialEq, ::prost::Message)] pub struct MinimumRttCalculationParams { /// The time interval between recalculating the minimum request round-trip time. Has to be - /// positive. + /// positive. If set to zero, dynamic sampling of the minRTT is disabled. #[prost(message, optional, tag = "1")] pub interval: ::core::option::Option< super::super::super::super::super::super::super::google::protobuf::Duration, >, + /// The fixed value for the minRTT. This value is used when minRTT is not sampled dynamically. + /// If dynamic sampling of the minRTT is disabled, this field must be set. + #[prost(message, optional, tag = "6")] + pub fixed_value: ::core::option::Option< + super::super::super::super::super::super::super::google::protobuf::Duration, + >, /// The number of requests to aggregate/sample during the minRTT recalculation window before /// updating. Defaults to 50. #[prost(message, optional, tag = "2")] diff --git a/envoy-types/src/generated/envoy.extensions.filters.http.compressor.v3.rs b/envoy-types/src/generated/envoy.extensions.filters.http.compressor.v3.rs index afeaa0f..f5056ca 100644 --- a/envoy-types/src/generated/envoy.extensions.filters.http.compressor.v3.rs +++ b/envoy-types/src/generated/envoy.extensions.filters.http.compressor.v3.rs @@ -130,6 +130,10 @@ pub mod compressor { /// ``` #[prost(bool, tag = "3")] pub remove_accept_encoding_header: bool, + /// Set of response codes for which compression is disabled, e.g. 206 Partial Content should not + /// be compressed. + #[prost(uint32, repeated, packed = "false", tag = "4")] + pub uncompressible_response_codes: ::prost::alloc::vec::Vec, } } /// Per-route overrides of `ResponseDirectionConfig`. Anything added here should be optional, diff --git a/envoy-types/src/generated/envoy.extensions.filters.http.dynamic_modules.v3.rs b/envoy-types/src/generated/envoy.extensions.filters.http.dynamic_modules.v3.rs index b132f62..895ebba 100644 --- a/envoy-types/src/generated/envoy.extensions.filters.http.dynamic_modules.v3.rs +++ b/envoy-types/src/generated/envoy.extensions.filters.http.dynamic_modules.v3.rs @@ -4,8 +4,6 @@ /// /// A module can be loaded by multiple HTTP filters, hence the program can be structured in a way that /// the module is loaded only once and shared across multiple filters providing multiple functionalities. -/// -/// Currently, the implementation is work in progress and not usable. #[derive(Clone, PartialEq, ::prost::Message)] pub struct DynamicModuleFilter { /// Specifies the shared-object level configuration. diff --git a/envoy-types/src/generated/envoy.extensions.filters.http.ext_proc.v3.rs b/envoy-types/src/generated/envoy.extensions.filters.http.ext_proc.v3.rs index c1e9aa8..91f45f2 100644 --- a/envoy-types/src/generated/envoy.extensions.filters.http.ext_proc.v3.rs +++ b/envoy-types/src/generated/envoy.extensions.filters.http.ext_proc.v3.rs @@ -439,7 +439,11 @@ pub struct ExternalProcessor { #[prost(message, repeated, tag = "22")] pub allowed_override_modes: ::prost::alloc::vec::Vec, /// Decorator to introduce custom logic that runs after a message received from - /// the External Processor is processed. + /// the External Processor is processed, but before continuing filter chain iteration. + /// + /// .. note:: + /// Response processors are currently in alpha. + /// /// \[\#extension-category: envoy.http.ext_proc.response_processors\] #[prost(message, optional, tag = "23")] pub on_processing_response: ::core::option::Option< diff --git a/envoy-types/src/generated/envoy.extensions.filters.http.health_check.v3.rs b/envoy-types/src/generated/envoy.extensions.filters.http.health_check.v3.rs index 9626c47..816fbee 100644 --- a/envoy-types/src/generated/envoy.extensions.filters.http.health_check.v3.rs +++ b/envoy-types/src/generated/envoy.extensions.filters.http.health_check.v3.rs @@ -15,7 +15,8 @@ pub struct HealthCheck { >, /// If operating in non-pass-through mode, specifies a set of upstream cluster /// names and the minimum percentage of servers in each of those clusters that - /// must be healthy or degraded in order for the filter to return a 200. + /// must be healthy or degraded in order for the filter to return a 200. If any of + /// the clusters configured here does not exist, the filter will not return a 200. /// /// .. note:: /// diff --git a/envoy-types/src/generated/envoy.extensions.filters.http.jwt_authn.v3.rs b/envoy-types/src/generated/envoy.extensions.filters.http.jwt_authn.v3.rs index 5b59071..f56222a 100644 --- a/envoy-types/src/generated/envoy.extensions.filters.http.jwt_authn.v3.rs +++ b/envoy-types/src/generated/envoy.extensions.filters.http.jwt_authn.v3.rs @@ -759,7 +759,7 @@ pub struct FilterStateRule { /// - provider_name: provider2 /// ``` /// -/// \[\#next-free-field: 7\] +/// \[\#next-free-field: 8\] #[derive(Clone, PartialEq, ::prost::Message)] pub struct JwtAuthentication { /// Map of provider names to JwtProviders. @@ -840,6 +840,9 @@ pub struct JwtAuthentication { /// the response details will be stripped and only a 401 response code will be returned. Default value is false #[prost(bool, tag = "6")] pub strip_failure_response: bool, + /// Optional additional prefix to use when emitting statistics. + #[prost(string, tag = "7")] + pub stat_prefix: ::prost::alloc::string::String, } /// Specify per-route config. #[derive(Clone, PartialEq, ::prost::Message)] diff --git a/envoy-types/src/generated/envoy.extensions.filters.http.oauth2.v3.rs b/envoy-types/src/generated/envoy.extensions.filters.http.oauth2.v3.rs index e5c845a..a3a6e7b 100644 --- a/envoy-types/src/generated/envoy.extensions.filters.http.oauth2.v3.rs +++ b/envoy-types/src/generated/envoy.extensions.filters.http.oauth2.v3.rs @@ -51,7 +51,7 @@ pub mod cookie_config { } } } -/// \[\#next-free-field: 7\] +/// \[\#next-free-field: 8\] #[derive(Clone, Copy, PartialEq, ::prost::Message)] pub struct CookieConfigs { /// Configuration for the bearer token cookie. @@ -72,6 +72,9 @@ pub struct CookieConfigs { /// Configuration for the OAuth nonce cookie. #[prost(message, optional, tag = "6")] pub oauth_nonce_cookie_config: ::core::option::Option, + /// Configuration for the code verifier cookie. + #[prost(message, optional, tag = "7")] + pub code_verifier_cookie_config: ::core::option::Option, } /// \[\#next-free-field: 6\] #[derive(Clone, PartialEq, ::prost::Message)] @@ -97,7 +100,7 @@ pub struct OAuth2Credentials { } /// Nested message and enum types in `OAuth2Credentials`. pub mod o_auth2_credentials { - /// \[\#next-free-field: 7\] + /// \[\#next-free-field: 8\] #[derive(Clone, PartialEq, ::prost::Message)] pub struct CookieNames { /// Cookie name to hold OAuth bearer token value. When the authentication server validates the @@ -122,6 +125,9 @@ pub mod o_auth2_credentials { /// Cookie name to hold the nonce value. Defaults to `OauthNonce`. #[prost(string, tag = "6")] pub oauth_nonce: ::prost::alloc::string::String, + /// Cookie name to hold the PKCE code verifier. Defaults to `OauthCodeVerifier`. + #[prost(string, tag = "7")] + pub code_verifier: ::prost::alloc::string::String, } /// Configures how the secret token should be created. #[derive(Clone, PartialEq, ::prost::Oneof)] @@ -135,7 +141,7 @@ pub mod o_auth2_credentials { } /// OAuth config /// -/// \[\#next-free-field: 22\] +/// \[\#next-free-field: 23\] #[derive(Clone, PartialEq, ::prost::Message)] pub struct OAuth2Config { /// Endpoint on the authorization server to retrieve the access token from. @@ -250,6 +256,9 @@ pub struct OAuth2Config { /// Controls for attributes that can be set on the cookies. #[prost(message, optional, tag = "21")] pub cookie_configs: ::core::option::Option, + /// Optional additional prefix to use when emitting statistics. + #[prost(string, tag = "22")] + pub stat_prefix: ::prost::alloc::string::String, } /// Nested message and enum types in `OAuth2Config`. pub mod o_auth2_config { diff --git a/envoy-types/src/generated/envoy.extensions.http.ext_proc.response_processors.save_processing_response.v3.rs b/envoy-types/src/generated/envoy.extensions.http.ext_proc.response_processors.save_processing_response.v3.rs index cd75a2a..6a3e18b 100644 --- a/envoy-types/src/generated/envoy.extensions.http.ext_proc.response_processors.save_processing_response.v3.rs +++ b/envoy-types/src/generated/envoy.extensions.http.ext_proc.response_processors.save_processing_response.v3.rs @@ -4,6 +4,10 @@ /// "envoy.http.ext_proc.response_processors.save_processing_response\[.:ref:`filter_state_name_suffix `\]. /// This extension supports saving of request and response headers and trailers, /// and immediate response. +/// +/// .. note:: +/// Response processors are currently in alpha. +/// /// \[\#next-free-field: 7\] #[derive(Clone, PartialEq, ::prost::Message)] pub struct SaveProcessingResponse { diff --git a/envoy-types/src/generated/envoy.extensions.load_balancing_policies.common.v3.rs b/envoy-types/src/generated/envoy.extensions.load_balancing_policies.common.v3.rs index c1299f7..170e2dc 100644 --- a/envoy-types/src/generated/envoy.extensions.load_balancing_policies.common.v3.rs +++ b/envoy-types/src/generated/envoy.extensions.load_balancing_policies.common.v3.rs @@ -35,6 +35,9 @@ pub mod locality_lb_config { /// failing service. #[prost(bool, tag = "3")] pub fail_traffic_on_panic: bool, + /// If set to true, Envoy will force LocalityDirect routing if a local locality exists. + #[prost(bool, tag = "4")] + pub force_locality_direct_routing: bool, } /// Configuration for :ref:`locality weighted load balancing ` #[derive(Clone, Copy, PartialEq, ::prost::Message)] diff --git a/envoy-types/src/generated/envoy.extensions.rbac.principals.mtls_authenticated.v3.rs b/envoy-types/src/generated/envoy.extensions.rbac.principals.mtls_authenticated.v3.rs new file mode 100644 index 0000000..927afa7 --- /dev/null +++ b/envoy-types/src/generated/envoy.extensions.rbac.principals.mtls_authenticated.v3.rs @@ -0,0 +1,22 @@ +// This file is @generated by prost-build. +/// Authentication attributes for a downstream mTLS connection. All modes require that a peer certificate +/// was presented and validated using the ValidationContext in the DownstreamTlsContext configuration. +/// +/// If neither field is set, a configuration loading error will be generated. This is so that +/// not validating SANs requires an affirmative configuration to disable, to prevent accidentally +/// not configuring SAN validation. +/// +/// If `any_validated_client_certificate` is set in addition to `san_matcher` or a future field +/// which specifies additional validation, the other field always takes precedence over +/// `any_validated_client_certificate` and all specified validation is performed. +#[derive(Clone, PartialEq, ::prost::Message)] +pub struct Config { + /// Specifies a SAN that must be present in the validated peer certificate. + #[prost(message, optional, tag = "1")] + pub san_matcher: ::core::option::Option< + super::super::super::super::transport_sockets::tls::v3::SubjectAltNameMatcher, + >, + /// Only require that the peer certificate is present and valid. + #[prost(bool, tag = "2")] + pub any_validated_client_certificate: bool, +} diff --git a/envoy-types/src/generated/envoy.extensions.tracers.fluentd.v3.rs b/envoy-types/src/generated/envoy.extensions.tracers.fluentd.v3.rs new file mode 100644 index 0000000..c4aa8b9 --- /dev/null +++ b/envoy-types/src/generated/envoy.extensions.tracers.fluentd.v3.rs @@ -0,0 +1,39 @@ +// This file is @generated by prost-build. +/// Configuration for the Fluentd tracer. +/// This tracer extension will send the emitted traces over a TCP connection to an upstream that is accepting +/// the Fluentd Forward Protocol as described in: `Fluentd Forward Protocol Specification <`\_.> +/// \[\#extension: envoy.tracers.fluentd\] +/// \[\#next-free-field: 7\] +#[derive(Clone, PartialEq, ::prost::Message)] +pub struct FluentdConfig { + /// The upstream cluster to connect to for streaming the Fluentd messages. + #[prost(string, tag = "1")] + pub cluster: ::prost::alloc::string::String, + /// A tag is a string separated with `.` (e.g. `log.type`) to categorize events. + /// See: + #[prost(string, tag = "2")] + pub tag: ::prost::alloc::string::String, + /// The prefix to use when emitting tracer stats. + #[prost(string, tag = "3")] + pub stat_prefix: ::prost::alloc::string::String, + /// Interval for flushing traces to the TCP stream. Tracer will flush requests every time + /// this interval is elapsed, or when batch size limit is hit, whichever comes first. Defaults to + /// 1 second. + #[prost(message, optional, tag = "4")] + pub buffer_flush_interval: ::core::option::Option< + super::super::super::super::super::google::protobuf::Duration, + >, + /// Soft size limit in bytes for access log entries buffer. The logger will buffer requests until + /// this limit it hit, or every time flush interval is elapsed, whichever comes first. When the buffer + /// limit is hit, the logger will immediately flush the buffer contents. Setting it to zero effectively + /// disables the batching. Defaults to 16384. + #[prost(message, optional, tag = "5")] + pub buffer_size_bytes: ::core::option::Option< + super::super::super::super::super::google::protobuf::UInt32Value, + >, + /// Optional retry, in case upstream connection has failed. If this field is not set, the default values will be applied. + #[prost(message, optional, tag = "6")] + pub retry_policy: ::core::option::Option< + super::super::super::super::config::core::v3::RetryPolicy, + >, +} diff --git a/envoy-types/src/generated/envoy.extensions.transport_sockets.tap.v3.rs b/envoy-types/src/generated/envoy.extensions.transport_sockets.tap.v3.rs index c252b04..a93e257 100644 --- a/envoy-types/src/generated/envoy.extensions.transport_sockets.tap.v3.rs +++ b/envoy-types/src/generated/envoy.extensions.transport_sockets.tap.v3.rs @@ -13,4 +13,15 @@ pub struct Tap { pub transport_socket: ::core::option::Option< super::super::super::super::config::core::v3::TransportSocket, >, + /// Additional configurations for the transport socket tap + #[prost(message, optional, tag = "3")] + pub socket_tap_config: ::core::option::Option, +} +/// Additional configurations for the transport socket tap +#[derive(Clone, Copy, PartialEq, ::prost::Message)] +pub struct SocketTapConfig { + /// Indicates to whether output the connection information per event + /// This is only applicable if the streamed trace is enabled + #[prost(bool, tag = "1")] + pub set_connection_per_event: bool, } diff --git a/envoy-types/src/generated/envoy.extensions.transport_sockets.tls.v3.rs b/envoy-types/src/generated/envoy.extensions.transport_sockets.tls.v3.rs index 6eb065a..71d9af7 100644 --- a/envoy-types/src/generated/envoy.extensions.transport_sockets.tls.v3.rs +++ b/envoy-types/src/generated/envoy.extensions.transport_sockets.tls.v3.rs @@ -334,6 +334,13 @@ pub struct SubjectAltNameMatcher { pub san_type: i32, /// Matcher for SAN value. /// + /// If the :ref:`san_type ` + /// is :ref:`DNS ` + /// and the matcher type is :ref:`exact `, DNS wildcards are evaluated + /// according to the rules in + /// For example, `*.example.com` would match `test.example.com` but not `example.com` and not + /// `a.b.example.com`. + /// /// The string matching for OTHER_NAME SAN values depends on their ASN.1 type: /// /// ```text diff --git a/envoy-types/src/generated/envoy.r#type.matcher.v3.rs b/envoy-types/src/generated/envoy.r#type.matcher.v3.rs index b63927e..0585082 100644 --- a/envoy-types/src/generated/envoy.r#type.matcher.v3.rs +++ b/envoy-types/src/generated/envoy.r#type.matcher.v3.rs @@ -139,6 +139,37 @@ pub struct ListStringMatcher { #[prost(message, repeated, tag = "1")] pub patterns: ::prost::alloc::vec::Vec, } +/// Match an IP against a repeated CIDR range. This matcher is intended to be +/// used in other matchers, for example in the filter state matcher to match a +/// filter state object as an IP. +#[derive(Clone, PartialEq, ::prost::Message)] +pub struct AddressMatcher { + #[prost(message, repeated, tag = "1")] + pub ranges: ::prost::alloc::vec::Vec< + super::super::super::super::xds::core::v3::CidrRange, + >, +} +/// FilterStateMatcher provides a general interface for matching the filter state objects. +#[derive(Clone, PartialEq, ::prost::Message)] +pub struct FilterStateMatcher { + /// The filter state key to retrieve the object. + #[prost(string, tag = "1")] + pub key: ::prost::alloc::string::String, + #[prost(oneof = "filter_state_matcher::Matcher", tags = "2, 3")] + pub matcher: ::core::option::Option, +} +/// Nested message and enum types in `FilterStateMatcher`. +pub mod filter_state_matcher { + #[derive(Clone, PartialEq, ::prost::Oneof)] + pub enum Matcher { + /// Matches the filter state object as a string value. + #[prost(message, tag = "2")] + StringMatch(super::StringMatcher), + /// Matches the filter state object as a ip Instance. + #[prost(message, tag = "3")] + AddressMatch(super::AddressMatcher), + } +} /// Specifies the way to match a double value. #[derive(Clone, Copy, PartialEq, ::prost::Message)] pub struct DoubleMatcher { @@ -261,37 +292,6 @@ pub mod metadata_matcher { } } } -/// Match an IP against a repeated CIDR range. This matcher is intended to be -/// used in other matchers, for example in the filter state matcher to match a -/// filter state object as an IP. -#[derive(Clone, PartialEq, ::prost::Message)] -pub struct AddressMatcher { - #[prost(message, repeated, tag = "1")] - pub ranges: ::prost::alloc::vec::Vec< - super::super::super::super::xds::core::v3::CidrRange, - >, -} -/// FilterStateMatcher provides a general interface for matching the filter state objects. -#[derive(Clone, PartialEq, ::prost::Message)] -pub struct FilterStateMatcher { - /// The filter state key to retrieve the object. - #[prost(string, tag = "1")] - pub key: ::prost::alloc::string::String, - #[prost(oneof = "filter_state_matcher::Matcher", tags = "2, 3")] - pub matcher: ::core::option::Option, -} -/// Nested message and enum types in `FilterStateMatcher`. -pub mod filter_state_matcher { - #[derive(Clone, PartialEq, ::prost::Oneof)] - pub enum Matcher { - /// Matches the filter state object as a string value. - #[prost(message, tag = "2")] - StringMatch(super::StringMatcher), - /// Matches the filter state object as a ip Instance. - #[prost(message, tag = "3")] - AddressMatch(super::AddressMatcher), - } -} /// Specifies the way to match a path on HTTP request. #[derive(Clone, PartialEq, ::prost::Message)] pub struct PathMatcher { diff --git a/envoy-types/src/generated/envoy.service.ext_proc.v3.rs b/envoy-types/src/generated/envoy.service.ext_proc.v3.rs index 6615bee..6cde0bb 100644 --- a/envoy-types/src/generated/envoy.service.ext_proc.v3.rs +++ b/envoy-types/src/generated/envoy.service.ext_proc.v3.rs @@ -105,9 +105,19 @@ pub mod processing_request { ResponseTrailers(super::HttpTrailers), } } -/// For every ProcessingRequest received by the server with the `observability_mode` field -/// set to false, the server must send back exactly one ProcessingResponse message. -/// \[\#next-free-field: 11\] +/// This represents the different types of messages the server may send back to Envoy +/// when the `observability_mode` field in the received ProcessingRequest is set to false. +/// +/// * +/// If the corresponding `BodySendMode` in the +/// : ref:`processing_mode ` +/// is not set to `FULL_DUPLEX_STREAMED`, then for every received ProcessingRequest, +/// the server must send back exactly one ProcessingResponse message. +/// +/// +/// * If it is set to `FULL_DUPLEX_STREAMED`, the server must follow the API defined +/// for this mode to send the ProcessingResponse messages. +/// \[\#next-free-field: 11\] #[derive(Clone, PartialEq, ::prost::Message)] pub struct ProcessingResponse { /// Optional metadata that will be emitted as dynamic metadata to be consumed by @@ -490,9 +500,10 @@ pub mod external_processor_client { /// 1. The service sends back a ProcessingResponse message that directs Envoy /// to either stop processing, continue without it, or send it the /// next chunk of the message body. - /// 1. If so requested, Envoy sends the server chunks of the message body, - /// or the entire body at once. In either case, the server sends back - /// a ProcessingResponse after each message it receives. + /// 1. If so requested, Envoy sends the server the message body in chunks, + /// or the entire body at once. In either case, the server may send back + /// a ProcessingResponse for each message it receives, or wait for certain amount + /// of body chunks received before streams back the ProcessingResponse messages. /// 1. If so requested, Envoy sends the server the HTTP trailers, /// and the server sends back a ProcessingResponse. /// 1. At this point, request processing is done, and we pick up again @@ -646,9 +657,10 @@ pub mod external_processor_server { /// 1. The service sends back a ProcessingResponse message that directs Envoy /// to either stop processing, continue without it, or send it the /// next chunk of the message body. - /// 1. If so requested, Envoy sends the server chunks of the message body, - /// or the entire body at once. In either case, the server sends back - /// a ProcessingResponse after each message it receives. + /// 1. If so requested, Envoy sends the server the message body in chunks, + /// or the entire body at once. In either case, the server may send back + /// a ProcessingResponse for each message it receives, or wait for certain amount + /// of body chunks received before streams back the ProcessingResponse messages. /// 1. If so requested, Envoy sends the server the HTTP trailers, /// and the server sends back a ProcessingResponse. /// 1. At this point, request processing is done, and we pick up again diff --git a/envoy-types/src/generated/mod.rs b/envoy-types/src/generated/mod.rs index a8a701a..472cd8a 100644 --- a/envoy-types/src/generated/mod.rs +++ b/envoy-types/src/generated/mod.rs @@ -1211,6 +1211,13 @@ pub mod envoy { } } } + pub mod principals { + pub mod mtls_authenticated { + pub mod v3 { + include!("envoy.extensions.rbac.principals.mtls_authenticated.v3.rs"); + } + } + } } pub mod regex_engines { pub mod v3 { @@ -1306,6 +1313,11 @@ pub mod envoy { } } pub mod tracers { + pub mod fluentd { + pub mod v3 { + include!("envoy.extensions.tracers.fluentd.v3.rs"); + } + } pub mod opentelemetry { pub mod resource_detectors { pub mod v3 { diff --git a/envoy-types/src/generated/opentelemetry.proto.common.v1.rs b/envoy-types/src/generated/opentelemetry.proto.common.v1.rs index e9c1a57..2430b0b 100644 --- a/envoy-types/src/generated/opentelemetry.proto.common.v1.rs +++ b/envoy-types/src/generated/opentelemetry.proto.common.v1.rs @@ -79,3 +79,38 @@ pub struct InstrumentationScope { #[prost(uint32, tag = "4")] pub dropped_attributes_count: u32, } +/// A reference to an Entity. +/// Entity represents an object of interest associated with produced telemetry: e.g spans, metrics, profiles, or logs. +/// +/// Status: \[Development\] +#[derive(Clone, PartialEq, ::prost::Message)] +pub struct EntityRef { + /// The Schema URL, if known. This is the identifier of the Schema that the entity data + /// is recorded in. To learn more about Schema URL see + /// + /// + /// This schema_url applies to the data in this message and to the Resource attributes + /// referenced by id_keys and description_keys. + /// TODO: discuss if we are happy with this somewhat complicated definition of what + /// the schema_url applies to. + /// + /// This field obsoletes the schema_url field in ResourceMetrics/ResourceSpans/ResourceLogs. + #[prost(string, tag = "1")] + pub schema_url: ::prost::alloc::string::String, + /// Defines the type of the entity. MUST not change during the lifetime of the entity. + /// For example: "service" or "host". This field is required and MUST not be empty + /// for valid entities. + #[prost(string, tag = "2")] + pub r#type: ::prost::alloc::string::String, + /// Attribute Keys that identify the entity. + /// MUST not change during the lifetime of the entity. The Id must contain at least one attribute. + /// These keys MUST exist in the containing {message}.attributes. + #[prost(string, repeated, tag = "3")] + pub id_keys: ::prost::alloc::vec::Vec<::prost::alloc::string::String>, + /// Descriptive (non-identifying) attribute keys of the entity. + /// MAY change over the lifetime of the entity. MAY be empty. + /// These attribute keys are not part of entity's identity. + /// These keys MUST exist in the containing {message}.attributes. + #[prost(string, repeated, tag = "4")] + pub description_keys: ::prost::alloc::vec::Vec<::prost::alloc::string::String>, +} diff --git a/envoy-types/src/generated/types.bin b/envoy-types/src/generated/types.bin index 34e7a21..2a8aa1a 100644 Binary files a/envoy-types/src/generated/types.bin and b/envoy-types/src/generated/types.bin differ diff --git a/envoy-types/src/generated/xds.core.v3.rs b/envoy-types/src/generated/xds.core.v3.rs index a8dd79e..f438158 100644 --- a/envoy-types/src/generated/xds.core.v3.rs +++ b/envoy-types/src/generated/xds.core.v3.rs @@ -30,6 +30,19 @@ pub struct TypedExtensionConfig { #[prost(message, optional, tag = "2")] pub typed_config: ::core::option::Option, } +/// CidrRange specifies an IP Address and a prefix length to construct +/// the subnet mask for a `CIDR <`\_> range. +#[derive(Clone, PartialEq, ::prost::Message)] +pub struct CidrRange { + /// IPv4 or IPv6 address, e.g. `192.0.0.0` or `2001:db8::`. + #[prost(string, tag = "1")] + pub address_prefix: ::prost::alloc::string::String, + /// Length of prefix, e.g. 0, 32. Defaults to 0 when unset. + #[prost(message, optional, tag = "2")] + pub prefix_len: ::core::option::Option< + super::super::super::google::protobuf::UInt32Value, + >, +} /// xDS authority information. #[derive(Clone, PartialEq, ::prost::Message)] pub struct Authority { @@ -228,16 +241,3 @@ pub mod collection_entry { InlineEntry(InlineEntry), } } -/// CidrRange specifies an IP Address and a prefix length to construct -/// the subnet mask for a `CIDR <`\_> range. -#[derive(Clone, PartialEq, ::prost::Message)] -pub struct CidrRange { - /// IPv4 or IPv6 address, e.g. `192.0.0.0` or `2001:db8::`. - #[prost(string, tag = "1")] - pub address_prefix: ::prost::alloc::string::String, - /// Length of prefix, e.g. 0, 32. Defaults to 0 when unset. - #[prost(message, optional, tag = "2")] - pub prefix_len: ::core::option::Option< - super::super::super::google::protobuf::UInt32Value, - >, -} diff --git a/envoy-types/src/generated/xds.r#type.v3.rs b/envoy-types/src/generated/xds.r#type.v3.rs index e104fc8..c570f77 100644 --- a/envoy-types/src/generated/xds.r#type.v3.rs +++ b/envoy-types/src/generated/xds.r#type.v3.rs @@ -16,6 +16,13 @@ pub struct CelExpression { pub cel_expr_checked: ::core::option::Option< super::super::super::cel::expr::CheckedExpr, >, + /// Unparsed expression in string form. For example, `request.headers\['x-env'\] == 'prod'` will + /// get `x-env` header value and compare it with `prod`. + /// Check the `Common Expression Language <`\_> for more details. + /// + /// If set, takes precedence over `cel_expr_parsed` and `cel_expr_checked`. + #[prost(string, tag = "5")] + pub cel_expr_string: ::prost::alloc::string::String, #[prost(oneof = "cel_expression::ExprSpecifier", tags = "1, 2")] pub expr_specifier: ::core::option::Option, }