Found new managed modules references#1219
Merged
stefanvanburen merged 1 commit intomainfrom Apr 24, 2026
Merged
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| }, | ||
| { | ||
| "name": "v1.38.0", | ||
| "digest": "6dcba211d622ee2b9c86e5834966b6a5fc4e1ae830212feb68348cac2bcfbdccbfa3a388d79233814b259fdf23b22f40356925a3ddb72f478ea5d8de2d438297" |
There was a problem hiding this comment.
[Posted at 2026-04-24T12:22:25Z]
Intermediate transition
$ casdiff v1.37.2 \
v1.38.0 \
--format=markdown89 files changed: 0 removed, 0 renamed, 27 added, 62 changed content.
89 files changed: 0 removed, 0 renamed, 27 added, 62 changed content.
Files added:
+ shake256:444199d12077c1e966a9fc88c848f327d799bade7320ee83689ae2a8b667ffbc16f3748d4b5b7b166f6cd8a9e7c889fb4bd361c02747425cb2807156a746ba32 contrib/envoy/extensions/filters/network/peer_metadata/v3/peer_metadata.proto
+ shake256:ae74dc3f9e4c39da3cece4cd6fef65e2befdd352087667e7b8cac9f069acc4be8d82e8a4b19b3e0f6662a13d981d24b19135b21cc6b08775c4fd14138ca60185 contrib/envoy/extensions/private_key_providers/kae/v3alpha/kae.proto
+ shake256:0a3f8fc79164864e519f1840ba8455491910c39b6afad749adb8aae753090f82952d30b6003ad61b0d1c960bb982b3906189e1f98a7efd63975026643b07c6d8 contrib/envoy/extensions/reverse_tunnel_reporters/v3alpha/clients/grpc_client/grpc_client.proto
+ shake256:de126f26a091d6af4440d921b6a3a17d53608fcf2252aa67fe666fc4bcd9f35d980e29cba4fc1ea00b9d4ce79d8070a38c8f3ee33fced84711826f24ba9d4fc5 contrib/envoy/extensions/reverse_tunnel_reporters/v3alpha/clients/grpc_client/stream_reverse_tunnels.proto
+ shake256:bd8a77ad07cb81378caff3ffafde08afcb4554f09762d2afaab985b156feda51b3b62f82607c69039422f03a901abddad4361c029e2eda4bcedd85f6f2098cef contrib/envoy/extensions/reverse_tunnel_reporters/v3alpha/reporters/event_reporter.proto
+ shake256:9426a91c7672867a3f924ff2f4c9a4dba9c12ec763e234c2753c17d568332668eb19ab507f6bf2fca15d07d239e8097907246a216b74cee66ebe9dba66840e51 contrib/envoy/extensions/stat_sinks/kafka/v3/kafka_stats_sink.proto
+ shake256:e04d47d578900b98d66bf887201464c1bcf114d5dd9b2e29e9618d2f1c12958bef5848aa1491c219715b964dde29da2078cc77cbf973556ebaddff954d737ecf envoy/extensions/clusters/dynamic_modules/v3/cluster.proto
+ shake256:cf351b8d71d7f45e7cc327ecafde019c884ed6a3ddc31953e89d1dc2fdbb1ee4ad86df0465599f4a3c6a032b0006094f07ffebf800794b2f9c5186a2c603283b envoy/extensions/clusters/mcp_multicluster/v3/cluster.proto
+ shake256:34728d7ec4daa19f650ce7eb66d0edeea4fe7bc65418d27759524bf61b03574dfd6d0c48ff6b02a0c46278ac6394bd3c97191b872dd1e989a54989f452bfe695 envoy/extensions/content_parsers/json/v3/json_content_parser.proto
+ shake256:6b9d0ad70f60da843ebb34273554082f4164a7e97e67399d45597a5a261002ee47d9deace89a3fac8cddc739ac0f61fd4053d268c0b7580ee373b04bc576568a envoy/extensions/filters/http/a2a/v3/a2a.proto
+ shake256:b0a4c8a654df0f58e79b4f41bf72b96bb3a304bf4b5d2ff4b259817152362eb5a059b896e4c2487b317c487e03c9288b913109a79d63e2bfa271fbfcee8139d1 envoy/extensions/filters/http/file_server/v3/file_server.proto
+ shake256:7481e541607d3560e2fde1540b5201201cc2bc76a80a24c6bf09f89f9191930d3a4df0cde01662f33a416672013fb77d15b4116378cdb150085cfb9afaf76e49 envoy/extensions/filters/http/mcp_json_rest_bridge/v3/mcp_json_rest_bridge.proto
+ shake256:afaad9e459e62a9c787edc64889fbc6e2e57e544dac8cdc521a68fdeed078e4bf5fa5de74265ea738f94ff0ef783ce824ec7f4e5b869b9f8946b6133567a0331 envoy/extensions/filters/http/sse_to_metadata/v3/sse_to_metadata.proto
+ shake256:b5e9b3d848e79b2ed596d66d6aedd93f5a0ebfb98c46a2ff57fe2217c94b0beb5dd7fd3b63a4c6b66aa7445bbeb30deba24eddc29a70069c04a7877e79387de1 envoy/extensions/filters/listener/set_filter_state/v3/set_filter_state.proto
+ shake256:e94342f931679294c5668dadbbcbdd2d43d962e44a6017de46363582a4b449fad96be21769cb82507df29a74fe55489922e3fefe9bec6904eae3250a3ec1b00a envoy/extensions/filters/network/reverse_tunnel/v3/drain_aware_hcm.proto
+ shake256:1d4dc1e6a0f50919946903618d31b158a7dd5f729328719d0f8be8ba80d98f0e9503375cd1e1ba16682be00de12225a86b31c602e564efee97967bf00fad3cf9 envoy/extensions/filters/network/tcp_bandwidth_limit/v3/tcp_bandwidth_limit.proto
+ shake256:235ea9784a64a6ac54dd57d627c16d93c642f25a9aa463e2e249abfc6c652f0709ed3d3375428cf7664afb5773a0eb297c5d48ffdfb57f7529b3e28829dcb8ee envoy/extensions/formatter/file_content/v3/file_content.proto
+ shake256:c833a876b2df74ab0f5fc98642b2d3d526526ce1130718f9d2d0124703d8edcf926764e6ebcf252f0b32d47bf86ce3edd091df433b3df8c35a5dcaa822ded134 envoy/extensions/formatter/generic_secret/v3/generic_secret.proto
+ shake256:6dcbe87f52378e27eb00d8a6512887c67f69cc672b7351f046694cae52e4f0b6ffa5d48f598ade81799dbbe84172d297e79c6beda4db9f12f5621dbf8659bacc envoy/extensions/load_balancing_policies/dynamic_modules/v3/dynamic_modules.proto
+ shake256:acf4ff9c546497c44a9f5e040898e1d8e9cd8caa73add2af8152815a327db594286d7c3200c81165c72da67a06fc630cdede8bb66ac706d1c2e86b42cd743330 envoy/extensions/matching/actions/transform_stat/v3/transform_stat.proto
+ shake256:67a0605b9de1b29cc5afa547fce19ac7c867bd77508de0cf62a744eab3ab004ece5a946677baf90b5e56f9ed74a8d18eece9be46a4a3badb68badab7eee71e15 envoy/extensions/matching/http/dynamic_modules/v3/dynamic_modules.proto
+ shake256:134ea10cdb70aa7d229fc2cd26d1abe6cac8b9193e435419fe0c568bdd167e48789358082414f687ab6318c073d22c82ae1f09b5ca665c182045ba2370fead69 envoy/extensions/matching/input_matchers/dynamic_modules/v3/dynamic_modules.proto
+ shake256:86abd3fe28157697761afbf44d695b5e10253790c51245796c511e963f613a2d68b18115c994b88a6e676c269e5bf34d65de23a6fee5d650472c3eb4dd4fccb5 envoy/extensions/network/dns_resolver/hickory/v3/hickory_dns_resolver.proto
+ shake256:389b3dcebe44e1c0ea1edbf8cb24b13c0737d253ea00ba19d5ceb4072e8f586f3cecaa60ef2cacaf0d084374ebda39c73bf0e6f5d99106058cb1e33e7e665f72 envoy/extensions/tracers/dynamic_modules/v3/dynamic_modules.proto
+ shake256:fbbc91de81f1f92dae79116f73b0ca0f85b9a2c8b84f3f2628e90da14632bd639f559092fe9f964b4079c5efdef3ee539cbd7f6179136aab4bcdd51fb470134b envoy/extensions/transport_sockets/tls/cert_mappers/filter_state_override/v3/config.proto
+ shake256:4faffcc609f77fb1b39e6b4cb78d8ad3d9df19a3a23a99cddc2fd3a6ae17c5267f8bbf2d82663ca8e5033b41c7952850df5da2ff497520197b7852daa3a14b28 envoy/extensions/transport_sockets/tls/cert_validator/dynamic_modules/v3/dynamic_modules.proto
+ shake256:d9b653269e362272e2197b3b31aeef9177836baccff9973c02954f1595fa393da16e0cbd691a9c86d024528d3c8e008a706a640e1b1ac8015e375d7df9399bd1 envoy/extensions/upstreams/http/dynamic_modules/v3/dynamic_modules.protoFiles changed content:
contrib/envoy/extensions/filters/http/peer_metadata/v3/peer_metadata.proto:
--- shake256:748b4a07decc320986f74c63098d0a67eeb9f9f96c9b5f74c93aa338d40dc469bbaeaac10c43a9727ad42533dba9c73398d8db39d5218701936d632524728117 contrib/envoy/extensions/filters/http/peer_metadata/v3/peer_metadata.proto
+++ shake256:9b39880a2a78eb66b8f933d3d50844d34f1da1e16e260b27600603e577af3e3ed8cd1cfc6144022215b2222f0b5fee7de94986e1f792df80205f2e1c70742817 contrib/envoy/extensions/filters/http/peer_metadata/v3/peer_metadata.proto
@@ -19,8 +19,7 @@
// peer telemetry attributes for consumption by the telemetry filters.
// [#next-free-field: 7]
message Config {
- // DEPRECATED.
- // This method uses ``baggage`` header encoding.
+ // This method uses ``baggage`` header encoding. Only used for HTTP CONNECT tunnels.
message Baggage {
}
@@ -42,6 +41,18 @@
bool skip_external_clusters = 1;
}
+ // This method extracts peer metadata from the upstream filter state if it's available.
+ //
+ // Upstream filter state could be populated by multiple means in general, but in practice the
+ // intention here is that upstream PeerMetadata filter will populate the filter state with peer
+ // details extracted from the baggage header sent in response.
+ //
+ // Naturally this metadata discovery method only makes sense for upstream peer metadata discovery.
+ message UpstreamFilterState {
+ // Upstream filter state key that will be used to store peer metadata.
+ string peer_metadata_key = 1;
+ }
+
// An exhaustive list of the derivation methods.
message DiscoveryMethod {
oneof method_specifier {
@@ -50,6 +61,8 @@
WorkloadDiscovery workload_discovery = 2;
IstioHeaders istio_headers = 3;
+
+ UpstreamFilterState upstream_filter_state = 4;
}
}
@@ -57,6 +70,8 @@
message PropagationMethod {
oneof method_specifier {
IstioHeaders istio_headers = 1;
+
+ Baggage baggage = 2;
}
}
envoy/admin/v3/clusters.proto:
--- shake256:3ecd52c0173847a8f34a9276ea4411f01160e06109098d7b9d3d37f3271cc789b60ad62fbb175188bee7048039a5968dc6aa6488ce20d7c31d0da58bfab013f1 envoy/admin/v3/clusters.proto
+++ shake256:0fd5a070d195ea94ff5cbfb328288eefa0b9e791d3e4859629463331addefc941b5876b7bfc746be38419a5fa8c7aaed665d2e26824e9017c48d295f1a1b0350 envoy/admin/v3/clusters.proto
@@ -153,7 +153,7 @@
}
// Health status for a host.
-// [#next-free-field: 9]
+// [#next-free-field: 10]
message HostHealthStatus {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.HostHealthStatus";
@@ -181,6 +181,9 @@
// The host failed active health check due to timeout.
bool active_hc_timeout = 8;
+ // The host is currently being marked as degraded through outlier detection.
+ bool failed_degraded_outlier_detection = 9;
+
// Health status as reported by EDS.
//
// .. note::
envoy/admin/v3/server_info.proto:
--- shake256:0d874a925488c9bea4cc70351e808d73c2974bb5cd6b7974775a8655fff22c24d6868f09d929c9ef8889963e43a3fe7ebab7217c13fad02ba1efaa86dce1e5df envoy/admin/v3/server_info.proto
+++ shake256:a3701b9fe15fd9effbf59c6641ff43a8678fa55cf0a6d00988250078bcc0bfb3455788295a723433c9d9a9e234149104eb0c1fadb260b1cd572537a60ada71ad envoy/admin/v3/server_info.proto
@@ -19,7 +19,7 @@
// Proto representation of the value returned by /server_info, containing
// server version/server status information.
-// [#next-free-field: 8]
+// [#next-free-field: 9]
message ServerInfo {
option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v2alpha.ServerInfo";
@@ -57,6 +57,9 @@
// Populated node identity of this server.
config.core.v3.Node node = 7;
+
+ // Whether the server is currently initializing during a hot restart.
+ bool hot_restart_initializing = 8;
}
// [#next-free-field: 43]
envoy/config/bootstrap/v3/bootstrap.proto:
--- shake256:8ca3bb1223bba6ed2a5ca12a2eb40ec4e962299d1723bd841e22535a605358433510aeb8e81faf0fc23bb276f459dcfeddbe8481627829993a1d9bdc25ae48dd envoy/config/bootstrap/v3/bootstrap.proto
+++ shake256:7beeecf5ab4b590492940618911fa508d71fee4f33d6c787f74cbca2406ff6e1791dfb4a3f118bf447603c6fdfef5e535d0154b8c785d6884e70cba801283c8b envoy/config/bootstrap/v3/bootstrap.proto
@@ -469,6 +469,8 @@
bool ignore_global_conn_limit = 6;
// List of admin paths that are accessible. If not specified, all admin endpoints are accessible.
+ // Matchers are evaluated against the request path. For endpoints commonly queried with
+ // parameters (for example ``/stats?format=...``), prefer ``prefix`` matchers.
//
// When specified, only paths in this list will be accessible, all others will return ``HTTP 403 Forbidden``.
//
@@ -477,7 +479,8 @@
// .. code-block:: yaml
//
// allow_paths:
- // - exact: /stats
+ // - prefix: /stats
+ // - prefix: /config_dump
// - exact: /ready
// - prefix: /healthcheck
//
@@ -774,6 +777,7 @@
InlineHeaderType inline_header_type = 2 [(validate.rules).enum = {defined_only: true}];
}
+// [#next-free-field: 6]
message MemoryAllocatorManager {
// Configures tcmalloc to perform background release of free memory in amount of bytes per ``memory_release_interval`` interval.
// If equals to ``0``, no memory release will occur. Defaults to ``0``.
@@ -783,4 +787,29 @@
// interval Envoy will try to release ``bytes_to_release`` of free memory back to operating system for reuse.
// Defaults to ``1000`` milliseconds.
google.protobuf.Duration memory_release_interval = 2;
+
+ // Sets the soft memory limit for tcmalloc. When the total memory used by tcmalloc exceeds this
+ // limit, background release will be performed more aggressively to bring memory usage below the
+ // limit. If not set, no soft memory limit is applied.
+ //
+ // .. note::
+ // This is currently only supported with tcmalloc and not with ``gperftools``.
+ //
+ google.protobuf.UInt64Value soft_memory_limit_bytes = 3;
+
+ // Sets the maximum per-CPU cache size in bytes for tcmalloc. Smaller values reduce per-CPU
+ // memory overhead at the cost of increased contention on the central free list. If not set,
+ // tcmalloc's default is used.
+ //
+ // .. note::
+ // This is currently only supported with tcmalloc and not with ``gperftools``.
+ //
+ google.protobuf.UInt32Value max_per_cpu_cache_size_bytes = 4;
+
+ // The threshold of unfreed memory in bytes that triggers the heap shrinker to release memory
+ // back to the OS. When the difference between physical memory used and application-allocated
+ // memory exceeds this threshold, free memory is released.
+ //
+ // Defaults to ``104857600`` (100 MB).
+ uint64 max_unfreed_memory_bytes = 5;
}
envoy/config/cluster/v3/cluster.proto:
--- shake256:19f745562070373e23d5463423482c666d5a48b31da6eacf09d376989cf8ded9f9d067027080242b21fd712aa4587504d1f823bcbd4903351459123c3800ce63 envoy/config/cluster/v3/cluster.proto
+++ shake256:0e352afb4c3b6c449be91cfe0715f0daa54a7ae8c65ee7babb294f50f5dc8df268cc44d1e516198c3f635bf47a0349565bdd5e3b95ecff34c67e65f3c22fce0e envoy/config/cluster/v3/cluster.proto
@@ -46,7 +46,7 @@
}
// Configuration for a single upstream cluster.
-// [#next-free-field: 60]
+// [#next-free-field: 61]
message Cluster {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Cluster";
@@ -887,6 +887,12 @@
google.protobuf.UInt32Value per_connection_buffer_limit_bytes = 5
[(udpa.annotations.security).configure_for_untrusted_upstream = true];
+ // Optional timeout that controls how long an upstream connection is allowed to stay above the
+ // configured buffer high watermark before it is closed. If this timeout is not specified, or
+ // explicitly set to 0, connections will not be closed due to buffer high watermark usage.
+ google.protobuf.Duration per_connection_buffer_high_watermark_timeout = 60
+ [(validate.rules).duration = {gte {}}];
+
// The :ref:`load balancer type <arch_overview_load_balancing_types>` to use
// when picking a host in the cluster.
LbPolicy lb_policy = 6 [(validate.rules).enum = {defined_only: true}];
@@ -1343,14 +1349,18 @@
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.UpstreamConnectionOptions";
+ // [#comment: Keep this list of address types in sync with api/config/core/v3/address.proto.]
enum FirstAddressFamilyVersion {
- // respect the native ranking of destination ip addresses returned from dns
- // resolution
+ // Use the first address family encountered in the address list.
DEFAULT = 0;
V4 = 1;
V6 = 2;
+
+ PIPE = 3;
+
+ INTERNAL = 4;
}
message HappyEyeballsConfig {
envoy/config/cluster/v3/outlier_detection.proto:
--- shake256:98b1c26901946bf3ffca0a0528724578ea47c176c8de0354aad5c4d2daa7a8436b3b7444741d8645c9ce01f679b1ff83a22daebb1060af8bad082193088b4242 envoy/config/cluster/v3/outlier_detection.proto
+++ shake256:e2ceaae01a83ed14091fbeef727ef4f95253a27971e4aa64b3da4086d854a983655d391ce065997cb6f7acb341fbc3c0ae57b9b1be812ce632b9a626b5534e14 envoy/config/cluster/v3/outlier_detection.proto
@@ -21,7 +21,7 @@
// See the :ref:`architecture overview <arch_overview_outlier_detection>` for
// more information on outlier detection.
-// [#next-free-field: 26]
+// [#next-free-field: 27]
message OutlierDetection {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.cluster.OutlierDetection";
@@ -29,6 +29,8 @@
// The number of consecutive server-side error responses (for HTTP traffic,
// 5xx responses; for TCP traffic, connection failures; for Redis, failure to
// respond PONG; etc.) before a consecutive 5xx ejection occurs. Defaults to 5.
+ //
+ // If set to 0 explicitly, consecutive 5xx ejection will be disabled.
google.protobuf.UInt32Value consecutive_5xx = 1;
// The time interval between ejection analysis sweeps. This can result in
@@ -80,6 +82,8 @@
// The number of consecutive gateway failures (502, 503, 504 status codes)
// before a consecutive gateway failure ejection occurs. Defaults to 5.
+ //
+ // If set to 0 explicitly, consecutive gateway failure ejection will be disabled.
google.protobuf.UInt32Value consecutive_gateway_failure = 10;
// The % chance that a host will be actually ejected when an outlier status
@@ -101,6 +105,8 @@
// occurs. Defaults to 5. Parameter takes effect only when
// :ref:`split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// is set to true.
+ //
+ // If set to 0 explicitly, consecutive locally originated failure ejection will be disabled.
google.protobuf.UInt32Value consecutive_local_origin_failure = 13;
// The % chance that a host will be actually ejected when an outlier status
@@ -177,4 +183,13 @@
// If enabled, at least one host is ejected regardless of the value of :ref:`max_ejection_percent<envoy_v3_api_field_config.cluster.v3.OutlierDetection.max_ejection_percent>`.
// Defaults to false.
google.protobuf.BoolValue always_eject_one_host = 25;
+
+ // If set to true, outlier detection will mark hosts as degraded when they return
+ // the ``x-envoy-degraded`` header.
+ // Degraded hosts are deprioritized in load balancing but are not ejected from the cluster.
+ // The degraded state is cleared using the same backoff algorithm as ejection, with the degradation
+ // period calculated as ``base_ejection_time`` multiplied by the number of times the host
+ // has been marked as degraded, capped by ``max_ejection_time``.
+ // Defaults to false.
+ google.protobuf.BoolValue detect_degraded_hosts = 26;
}
envoy/config/core/v3/address.proto:
--- shake256:93e4a36d900d8a68ed3b3126513013b82a79bda7e7c244b59a7ec2bd2928b8a7912e856da9075624253437ca50cd3d862db39aae56e8f1c916d7bb35a1be0db9 envoy/config/core/v3/address.proto
+++ shake256:f1c646aaa5ac13d22d3932210e1be33fc0af578674c8730aafe1dc375b5d44b2f20feae205bc597d7170bfabdca39a802fd0ad7094547267d86489739cd0fb0f envoy/config/core/v3/address.proto
@@ -188,6 +188,7 @@
message Address {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Address";
+ // [#comment: Keep this list of address types in sync with UpstreamConnectionOptions.FirstAddressFamilyVersion in api/envoy/config/cluster/v3/cluster.proto.]
oneof address {
option (validate.required) = true;
envoy/config/core/v3/http_service.proto:
--- shake256:e72a9109cba19d603c43c8a5e7505dc1d710e9a8f79b135190c7e50e570b728df279d903f13f5c6aa5149f562f613fdad442aa327466650443ad43baf747fb2e envoy/config/core/v3/http_service.proto
+++ shake256:e1b7f14cc3da4e6edf1e2f32c17681bbb5c2e410e2efe43cb54292ec2b931edbd15d80971d18feeb20e4a825462bed9df9263575cd6af77a2e257cd1cda0b352 envoy/config/core/v3/http_service.proto
@@ -3,6 +3,7 @@
package envoy.config.core.v3;
import "envoy/config/core/v3/base.proto";
+import "envoy/config/core/v3/extension.proto";
import "envoy/config/core/v3/http_uri.proto";
import "udpa/annotations/status.proto";
@@ -29,7 +30,13 @@
HttpUri http_uri = 1;
// Specifies a list of HTTP headers that should be added to each request
- // handled by this virtual host.
+ // handled by this virtual host. Substitution formatters are supported.
repeated HeaderValueOption request_headers_to_add = 2
[(validate.rules).repeated = {max_items: 1000}];
+
+ // Specifies a collection of Formatter plugins that can be used in substitution formatters
+ // in ``request_headers_to_add``.
+ // See the formatters extensions documentation for details.
+ // [#extension-category: envoy.formatter]
+ repeated TypedExtensionConfig formatters = 3;
}
envoy/config/core/v3/protocol.proto:
--- shake256:996a34816af91109a4fac98e114e7c5640f583ca8f46be8567f654ca73c42d77fd53ad3f069872ecf94e5cb968d826f17381445d38c68e84f1ad91118b3baab7 envoy/config/core/v3/protocol.proto
+++ shake256:2c60031b4a2065e1deffbb622837f2c346202c538ad277891bf9d5f55565526851d0215a9963f797b671e0a45f8008ea801f2c0536bea38d2e3846196bf16ef0 envoy/config/core/v3/protocol.proto
@@ -57,7 +57,7 @@
}
// QUIC protocol options which apply to both downstream and upstream connections.
-// [#next-free-field: 12]
+// [#next-free-field: 14]
message QuicProtocolOptions {
// Config for QUIC connection migration across network interfaces, i.e. cellular to WIFI, upon
// network change events from the platform, i.e. the current network gets
@@ -173,6 +173,17 @@
// If absent, the feature will be disabled.
// [#not-implemented-hide:]
ConnectionMigrationSettings connection_migration = 11;
+
+ // Timeout for a QUIC connection to schedule memory reduction callback when the network has been idle for a while.
+ // This value should be smaller than the idle timeout to take effect.
+ // If not specified, memory reduction is set to infinite by QUIC connection (disabled).
+ google.protobuf.Duration memory_reduction_timeout = 12
+ [(validate.rules).duration = {gte {seconds: 1}}];
+
+ // If true, the QUIC connection will signal support for `SCONE <https://datatracker.ietf.org/doc/draft-ietf-scone-protocol/>`_ (Standard
+ // Communication with Network Elements) and process SCONE packets.
+ // If not present, the QUICHE default behavior will be used.
+ google.protobuf.BoolValue enable_scone = 13;
}
message UpstreamHttpProtocolOptions {
@@ -350,8 +361,10 @@
//
// Currently some protocol codecs impose limits on the maximum size of a single header.
//
- // * HTTP/2 (when using ``nghttp2``) limits a single header to around ``100kb``.
- // * HTTP/3 limits a single header to around ``1024kb``.
+ // * HTTP/2 (when using nghttp2) limits a single header to around 100 KB by default. This can be
+ // adjusted via :ref:`max_header_field_size_kb
+ // <envoy_v3_api_field_config.core.v3.Http2ProtocolOptions.max_header_field_size_kb>`.
+ // * HTTP/3 limits a single header to around 1024 KB.
//
google.protobuf.UInt32Value max_response_headers_kb = 7
[(validate.rules).uint32 = {lte: 8192 gt: 0}];
@@ -539,7 +552,7 @@
[(validate.rules).duration = {gte {nanos: 1000000}}];
}
-// [#next-free-field: 19]
+// [#next-free-field: 21]
message Http2ProtocolOptions {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.Http2ProtocolOptions";
@@ -736,6 +749,48 @@
// worth the network bandwidth saved e.g. for localhost.
// If unset, uses the data plane's default value.
google.protobuf.BoolValue enable_huffman_encoding = 18;
+
+ // Configures the maximum wire-encoded size in KB of an individual header field (name or value)
+ // that the ``nghttp2`` HPACK inflater will accept. This limit applies to the HPACK-compressed
+ // length on the wire, not the decoded length. If not specified, defaults to ``64`` KB
+ // which is the ``nghttp2`` default.
+ //
+ // This limit applies to headers received by the codec. When configured on the downstream
+ // HTTP Connection Manager, it limits individual request header fields. When configured on an
+ // upstream cluster, it limits individual response header fields.
+ //
+ // Due to Huffman encoding, the decoded header size that passes a given wire limit depends
+ // on the compression ratio of the content. For example, at the default ``64`` KB wire
+ // limit, highly compressible header values can be approximately ``100`` KB when decoded.
+ // Increasing this limit allows accepting larger individual headers at the cost of increased
+ // memory usage during HPACK decompression.
+ //
+ // This option only applies when using ``nghttp2``. It is a no-op for ``oghttp2``. The configured
+ // value of this field sets the per-header field size limit, which must not exceed the
+ // applicable aggregate total header size limit. Since a single header field cannot be larger
+ // than the total size allowed for all headers combined, this value is validated against
+ // :ref:`max_request_headers_kb <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.max_request_headers_kb>`
+ // when configured on the downstream HTTP Connection Manager, and against
+ // :ref:`max_response_headers_kb <envoy_v3_api_field_config.core.v3.HttpProtocolOptions.max_response_headers_kb>`
+ // when configured on an upstream cluster.
+ //
+ // Since ``Http2ProtocolOptions`` is configured independently for downstream and upstream,
+ // different per-header field limits can be set for each direction without requiring separate
+ // request and response fields.
+ //
+ // .. note::
+ //
+ // When increasing this limit, ensure that upstream services and other proxies in the request
+ // path can also handle the larger individual header sizes. Mismatched limits may result in
+ // request failures.
+ google.protobuf.UInt32Value max_header_field_size_kb = 19
+ [(validate.rules).uint32 = {lte: 256 gte: 64}];
+
+ // Whether to disallow obsolete text for oghttp2 in header field values.
+ // If not set, it defaults to false.
+ // From RFC 9110, https://www.rfc-editor.org/rfc/rfc9110.html#section-5.5:
+ // obs-text = %x80-FF
+ google.protobuf.BoolValue disallow_obs_text = 20;
}
// [#not-implemented-hide:]
@@ -747,7 +802,7 @@
}
// A message which allows using HTTP/3.
-// [#next-free-field: 9]
+// [#next-free-field: 10]
message Http3ProtocolOptions {
QuicProtocolOptions quic_protocol_options = 1;
@@ -789,6 +844,12 @@
// Disables connection level flow control for HTTP/3 streams. This is useful in situations where the streams share the same connection
// but originate from different end-clients, so that each stream can make progress independently at non-front-line proxies.
bool disable_connection_flow_control_for_streams = 8;
+
+ // Whether to disallow obsolete text in header field values.
+ // If not set, it defaults to true for alignment with current behavior.
+ // As defined in RFC 9110, https://www.rfc-editor.org/rfc/rfc9110.html#section-5.5:
+ // an obs-text character is a character in the range %x80-FF
+ google.protobuf.BoolValue disallow_obs_text = 9;
}
// A message to control transformations to the :scheme header
envoy/config/core/v3/socket_option.proto:
--- shake256:54fb8bdc367e04a2b306de2e85bcca91f79ee21802d963ea46a5761a344e3db3666600f3c860fe7c18052aae3141b4dcb14e9449e83adb08036e8b2e5848658b envoy/config/core/v3/socket_option.proto
+++ shake256:05ce4c7eb1355fc400087a7acf217c6ef32180d7dc39aac2da5580cc99befb82ddc648a08296153ed4b05a3ab28e8233afd2c3ba61bbd978550640235c61fb3a envoy/config/core/v3/socket_option.proto
@@ -36,7 +36,7 @@
// :ref:`admin's <envoy_v3_api_field_config.bootstrap.v3.Admin.socket_options>` socket_options etc.
//
// It should be noted that the name or level may have different values on different platforms.
-// [#next-free-field: 8]
+// [#next-free-field: 9]
message SocketOption {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.SocketOption";
@@ -51,6 +51,19 @@
STATE_LISTENING = 2;
}
+ // The `socket IP version <https://linux.die.net/man/2/socket>`_ to apply the
+ // socket option to.
+ enum SocketIpVersion {
+ // Apply the socket option to all socket IP versions.
+ SOCKET_IP_VERSION_UNSPECIFIED = 0;
+
+ // Apply the socket option to the IPv4 socket type.
+ SOCKET_IP_VERSION_IPV4 = 1;
+
+ // Apply the socket option to the IPv6 socket type.
+ SOCKET_IP_VERSION_IPV6 = 2;
+ }
+
// The `socket type <https://linux.die.net/man/2/socket>`_ to apply the socket option to.
// Only one field should be set. If multiple fields are set, the precedence order will determine
// the selected one. If none of the fields is set, the socket option will be applied to all socket types.
@@ -101,6 +114,11 @@
// Apply the socket option to the specified `socket type <https://linux.die.net/man/2/socket>`_.
// If not specified, the socket option will be applied to all socket types.
SocketType type = 7;
+
+ // Apply the socket option to the specified `socket Ip version
+ // <https://linux.die.net/man/2/socket>`_. If not specified, the socket option
+ // will be applied to all socket ip versions.
+ SocketIpVersion ip_version = 8;
}
message SocketOptionsOverride {
envoy/config/listener/v3/listener.proto:
--- shake256:bd93ad0724db9b3840188ee614b6a8fe094dacba594e4d989cc33169c3b9ac373fd95ce9c201089b70bdd91a9a9fdd1bea3d2140f524eb8156273e1716684621 envoy/config/listener/v3/listener.proto
+++ shake256:e288d340d48c4b9aeb0a445d357ce6d85c5f5e96ab2b03bcb32cec2c0c150140c4320b916fd8cd3fd963bcc6db644d32316e90bb2701720393be09fd0396db4e envoy/config/listener/v3/listener.proto
@@ -61,7 +61,7 @@
repeated xds.core.v3.CollectionEntry entries = 1;
}
-// [#next-free-field: 38]
+// [#next-free-field: 39]
message Listener {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Listener";
@@ -215,7 +215,20 @@
google.protobuf.UInt32Value per_connection_buffer_limit_bytes = 5
[(udpa.annotations.security).configure_for_untrusted_downstream = true];
+ // Optional timeout that controls how long a connection is allowed to stay above the configured
+ // buffer high watermark before it is closed. If this timeout is not specified, or explicitly set
+ // to 0, connections will not be closed due to buffer high watermark usage.
+ google.protobuf.Duration per_connection_buffer_high_watermark_timeout = 38
+ [(validate.rules).duration = {gte {}}];
+
// Listener metadata.
+ //
+ // The following pre-defined metadata could be used by Envoy to manipulate the listener behavior:
+ //
+ // * ``envoy.stats_matcher``: this metadata could be used to customize the stats emitted by the
+ // listener. See :ref:`well-known metadata <well_known_metadata_envoy_stats_matcher>` for more
+ // details.
+ //
core.v3.Metadata metadata = 6;
// [#not-implemented-hide:]
envoy/config/overload/v3/overload.proto:
--- shake256:e2127d379ca4b3095227bfca37afce4626c1f19c0f12fb5750cb96e102ad44a4b69ef87a9ffe1871025355f89b4c2a4ac2c099ff53da65237672a923c2625006 envoy/config/overload/v3/overload.proto
+++ shake256:d1956a9d7a0955671ca719b81eebec0a508392f9cc438726deaa4e215fa1f2c27888edaba38e6b570578bb2112da42aa13351b3f7443efe95a2fcc4f0f2932ae envoy/config/overload/v3/overload.proto
@@ -6,6 +6,7 @@
import "google/protobuf/any.proto";
import "google/protobuf/duration.proto";
+import "google/protobuf/wrappers.proto";
import "udpa/annotations/status.proto";
import "udpa/annotations/versioning.proto";
@@ -137,6 +138,21 @@
repeated ScaleTimer timer_scale_factors = 1 [(validate.rules).repeated = {min_items: 1}];
}
+// Typed configuration for the "envoy.overload_actions.shrink_heap" action.
+// See :ref:`the docs <config_overload_manager_shrink_heap>` for an example of how to configure
+// this action.
+message ShrinkHeapConfig {
+ // The interval at which shrink heap action checks if memory should be released.
+ // If not specified, defaults to 10 seconds.
+ google.protobuf.Duration timer_interval = 1 [(validate.rules).duration = {gte {seconds: 1}}];
+
+ // Maximum amount of unfreed memory in bytes to keep before releasing memory
+ // back to the system. This is used as the threshold passed to
+ // tcmalloc::MallocExtension::ReleaseMemoryToSystem().
+ // If not specified, defaults to 104857600 (100MB).
+ google.protobuf.UInt64Value max_unfreed_memory_bytes = 2;
+}
+
message OverloadAction {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.overload.v2alpha.OverloadAction";
envoy/config/route/v3/route_components.proto:
--- shake256:51ab5857cad263ce58c510f0da0b06eee859677c39da016d6924a2c56a8fdc49e9b07c646d8b2dd518859f467be85aa333c8640fe604e65bbacad6e5cef0ded6 envoy/config/route/v3/route_components.proto
+++ shake256:68bd8402344e4157b5cde959d3885e9c1172bba59dfa368bcdfbeff75f5f6fb1fa20c9fdf98c565def281c62284ae7da723fdc65a93ec510e7a286c0ec744189 envoy/config/route/v3/route_components.proto
@@ -7,6 +7,7 @@
import "envoy/config/core/v3/extension.proto";
import "envoy/config/core/v3/proxy_protocol.proto";
import "envoy/config/core/v3/substitution_format_string.proto";
+import "envoy/type/matcher/v3/address.proto";
import "envoy/type/matcher/v3/filter_state.proto";
import "envoy/type/matcher/v3/metadata.proto";
import "envoy/type/matcher/v3/regex.proto";
@@ -2080,11 +2081,32 @@
// Global rate limiting :ref:`architecture overview <arch_overview_global_rate_limit>`.
// Also applies to Local rate limiting :ref:`using descriptors <config_http_filters_local_rate_limit_descriptors>`.
-// [#next-free-field: 7]
+// [#next-free-field: 8]
message RateLimit {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RateLimit";
- // [#next-free-field: 13]
+ enum XRateLimitOption {
+ // X-RateLimit headers is not specified. When this enum is used at descriptor level,
+ // the behavior is to inherit the setting from the filter.
+ UNSPECIFIED = 0;
+
+ // X-RateLimit headers disabled.
+ OFF = 1;
+
+ // Use `draft RFC Version 03 <https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html>`_
+ // where 3 headers will be added:
+ //
+ // * ``X-RateLimit-Limit`` - indicates the request-quota associated to the
+ // client in the current time-window followed by the description of the
+ // quota policy. The value is returned by the maximum tokens of the token bucket.
+ // * ``X-RateLimit-Remaining`` - indicates the remaining requests in the
+ // current time-window. The value is returned by the remaining tokens in the token bucket.
+ // * ``X-RateLimit-Reset`` - indicates the number of seconds until reset of
+ // the current time-window. The value is returned by the remaining fill interval of the token bucket.
+ DRAFT_VERSION_03 = 2;
+ }
+
+ // [#next-free-field: 14]
message Action {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.route.RateLimit.Action";
@@ -2370,6 +2392,16 @@
// Query :ref:`route entry metadata <envoy_v3_api_field_config.route.v3.Route.metadata>`
ROUTE_ENTRY = 1;
+
+ // Query :ref:`cluster metadata <envoy_v3_api_field_config.cluster.v3.Cluster.metadata>`
+ CLUSTER_ENTRY = 2;
+
+ // Query :ref:`cluster locality metadata <envoy_v3_api_field_config.endpoint.v3.LbEndpoint.metadata>`
+ // Cluster locality metadata is available after upstream host selection only. To populate descriptors
+ // with cluster locality metadata it needs to be have the
+ // :ref:`apply_on_stream_done field <envoy_v3_api_field_config.route.v3.RateLimit.apply_on_stream_done>`
+ // set to ``true`` or host selection completed before the rate limit filter is executed.
+ CLUSTER_LOCALITY_ENTRY = 3;
}
// The key to use in the descriptor entry.
@@ -2465,6 +2497,53 @@
[(validate.rules).repeated = {min_items: 1}];
}
+ // The following descriptor entry is appended to the descriptor:
+ //
+ // .. code-block:: cpp
+ //
+ // ("remote_address_match", "<descriptor_value>")
+ message RemoteAddressMatch {
+ // Descriptor value of entry.
+ //
+ // The same :ref:`format specifier <config_access_log_format>` as used for
+ // :ref:`HTTP access logging <config_access_log>` applies here, however
+ // unknown specifier values are replaced with the empty string instead of ``-``.
+ //
+ // .. note::
+ //
+ // The format string can contain multiple valid substitution fields. If multiple
+ // substitution fields are present, their results will be concatenated to form the
+ // final descriptor value. If it contains no substitution fields, the value will be
+ // used as is. All substitution fields will be evaluated and their results concatenated.
+ // If the final concatenated result is empty and ``default_value`` is set, the
+ // ``default_value`` will be used. If ``default_value`` is not set and the result is
+ // empty, this descriptor will be skipped and not included in the rate limit call.
+ //
+ // For example, ``static_value`` will be used as is since there are no substitution fields.
+ // ``%REQ(:method)%`` will be replaced with the HTTP method, and
+ // ``%REQ(:method)%%REQ(:path)%`` will be replaced with the concatenation of the HTTP method and path.
+ // ``%CEL(request.headers['user-id'])%`` will use CEL to extract the user ID from request headers.
+ //
+ string descriptor_value = 1 [(validate.rules).string = {min_len: 1}];
+
+ // The key to use in the descriptor entry.
+ //
+ // Defaults to ``remote_address_match``.
+ string descriptor_key = 2;
+
+ // An optional value to use if the final concatenated ``descriptor_value`` result is empty.
+ string default_value = 3;
+
+ // Specifies an address matcher that controls whether the rate limit action is applied.
+ // The matcher checks the remote address (trusted address from
+ // :ref:`x-forwarded-for <config_http_conn_man_headers_x-forwarded-for>`)
+ // against the specified CIDR ranges. The rate limit action will be applied if
+ // the remote address matches any of the CIDR ranges (or does not match any if
+ // ``invert_match`` is set to true in the address matcher).
+ type.matcher.v3.AddressMatcher address_matcher = 4
+ [(validate.rules).message = {required: true}];
+ }
+
oneof action_specifier {
option (validate.required) = true;
@@ -2517,6 +2596,9 @@
// Rate limit on the existence of query parameters.
QueryParameterValueMatch query_parameter_value_match = 11;
+
+ // Rate limit on remote address match.
+ RemoteAddressMatch remote_address_match = 13;
}
}
@@ -2563,6 +2645,11 @@
//
// One of the ``number`` or ``format`` fields should be set but not both.
string format = 2 [(validate.rules).string = {prefix: "%" suffix: "%" ignore_empty: true}];
+
+ // If true, the hits addend value will be treated as negative, effectively adding to
+ // the rate limit budget instead of consuming from it. This can be used to refill previously consumed
+ // rate limit tokens.
+ bool is_negative_hits = 3;
}
// Refers to the stage set in the filter. The rate limit configuration only
@@ -2631,6 +2718,9 @@
//
// Currently, this is only supported by the HTTP global rate filter.
bool apply_on_stream_done = 6;
+
+ // Descriptor level X-RateLimit headers options which may override the filter level setting.
+ XRateLimitOption x_ratelimit_option = 7;
}
// .. attention::
envoy/config/trace/v3/opentelemetry.proto:
--- shake256:5c63a5548079a410d3c40d11a8761f5472beab03ad573a41f061872a8b2f32e4b33a361cbecc54cc472e3bc35072cf299dde525736aa5303bfefa5d7f73d7360 envoy/config/trace/v3/opentelemetry.proto
+++ shake256:b0a3d03c1139ce606c267a6fc1cf4a46a5d60029c99fa9740b516357cf771742ba6463099df5cd6cc671d55c58ae01fb17bd6fa2b3a61e8fd244c7f8bf340926 envoy/config/trace/v3/opentelemetry.proto
@@ -36,11 +36,9 @@
//
// .. note::
//
- // Note: The ``request_headers_to_add`` property in the OTLP HTTP exporter service
- // does not support the :ref:`format specifier <config_access_log_format>` as used for
- // :ref:`HTTP access logging <config_access_log>`.
- // The values configured are added as HTTP headers on the OTLP export request
- // without any formatting applied.
+ // The ``request_headers_to_add`` property in the OTLP HTTP exporter service supports
+ // substitution formatters. The formatters cannot access any HTTP or connection properties, but
+ // can load content such as environment variables or files or secrets.
core.v3.HttpService http_service = 3
[(udpa.annotations.field_migrate).oneof_promotion = "otlp_exporter"];
envoy/config/trace/v3/zipkin.proto:
--- shake256:47d7103d97ef0773986433d778f581ee7bf18610bca4308a1ecd757eb83a544df959c45b814cbeaeeae68a6601533e89d40b5581f0fa40e98394bdd4c94ea867 envoy/config/trace/v3/zipkin.proto
+++ shake256:1ff6ffe28457b2a8cd8b216be08e306264ce95ef295480cae4a752bbca30c7a07c395bd98e5c65f22afacbe75c6ae8e2dfe2803f926a215d4e8b2943b7a215ff envoy/config/trace/v3/zipkin.proto
@@ -22,7 +22,7 @@
// Configuration for the Zipkin tracer.
// [#extension: envoy.tracers.zipkin]
-// [#next-free-field: 10]
+// [#next-free-field: 11]
message ZipkinConfig {
option (udpa.annotations.versioning).previous_message_type = "envoy.config.trace.v2.ZipkinConfig";
@@ -173,4 +173,10 @@
// * Hostname: Uses cluster name as fallback
// * Path: ``/api/v2/spans``
core.v3.HttpService collector_service = 9;
+
+ // Determines whether trace IDs will include a timestamp in the first 4 bytes.
+ // When enabled, trace IDs are generated with the format: [32-bit epoch seconds][32-bit random].
+ // The default value is false, which results in fully random trace IDs.
+ // For 128-bit trace IDs, the timestamp is encoded in the high 32 bits of the high 64-bit word.
+ bool timestamp_trace_ids = 10;
}
envoy/data/accesslog/v3/accesslog.proto:
--- shake256:7188953c02eed213b986a7f1de8c311441e9e42cfdf01a9d8490667fd71c550d968527bc20be8592bbfc728c874f0dd998dfa3743c8adcdc04b8827b7bacd010 envoy/data/accesslog/v3/accesslog.proto
+++ shake256:e428af4c299325c89c6e0fd308d26d8de409354fee4c854ebc6d6b0ec1056ae68694bcf60fa466369b314b938c5239458129fdb5c9e6b6289c19e71c3aeba3a9 envoy/data/accesslog/v3/accesslog.proto
@@ -36,6 +36,7 @@
NotSet = 0;
TcpUpstreamConnected = 1;
TcpPeriodic = 2;
+ TcpConnectionStart = 14;
TcpConnectionEnd = 3;
DownstreamStart = 4;
DownstreamPeriodic = 5;
envoy/data/cluster/v3/outlier_detection_event.proto:
--- shake256:ee04b813c98e80ddfffbb24402adc26ea381b319e15c9c311ee9c718d4db80ad89ecabdf4ed455aa025a8a31f8c05a9508cbc69046e6ed48c78fe05d8b17914d envoy/data/cluster/v3/outlier_detection_event.proto
+++ shake256:61967733b051916f65d73c3588c9ebef8c342c7239154dd09a65ad40484df30c015938eef9dcc642cca84a3d2d33d0e94ef96fcaa475ec4d2f1673e5c5d67943 envoy/data/cluster/v3/outlier_detection_event.proto
@@ -63,6 +63,12 @@
// Runs over aggregated success rate statistics for local origin failures from every host in
// cluster and selects hosts for which ratio of failed replies is above configured value.
FAILURE_PERCENTAGE_LOCAL_ORIGIN = 6;
+
+ // Host is detected as degraded via passive health checking (outlier detection).
+ // The host returns responses with the x-envoy-degraded header, indicating it is under stress
+ // but still able to serve traffic. Degraded hosts are deprioritized in load balancing but not
+ // fully ejected.
+ DEGRADED = 7;
}
// Represents possible action applied to upstream host
envoy/extensions/access_loggers/open_telemetry/v3/logs_service.proto:
--- shake256:98893684c42a2e2520895a664623c59426eec1edc6b04ae90296ef27eb47fe1f12574a0c196d0979a001628aad4d85208c73897c8ea130ff31aa621b8284df26 envoy/extensions/access_loggers/open_telemetry/v3/logs_service.proto
+++ shake256:22d4d7d08052b89328069887d994556ba290264f6b8eb10b59f7d924da761c06d89ee28b81b3e7892a0418ecc51ccdd04ad41e97451731cea47ad6e3532c6e5b envoy/extensions/access_loggers/open_telemetry/v3/logs_service.proto
@@ -42,11 +42,9 @@
//
// .. note::
//
- // The ``request_headers_to_add`` property in the OTLP HTTP exporter service
- // does not support the :ref:`format specifier <config_access_log_format>` as used for
- // :ref:`HTTP access logging <config_access_log>`.
- // The values configured are added as HTTP headers on the OTLP export request
- // without any formatting applied.
+ // The ``request_headers_to_add`` property in the OTLP HTTP exporter service supports
+ // substitution formatters. The formatters cannot access any HTTP or connection properties, but
+ // can load content such as environment variables or files or secrets.
config.core.v3.HttpService http_service = 8;
// The upstream gRPC cluster that will receive OTLP logs.
envoy/extensions/access_loggers/stats/v3/stats.proto:
--- shake256:8279990477d97efaa433be0a4321dc7d2291ee5d8aa833d9a24487786d43ed370fc0e7f1b3a4810025e61d45c0600d5ab4900396c58cd9419b3aa281f69077a3 envoy/extensions/access_loggers/stats/v3/stats.proto
+++ shake256:4a626fd11ed77f856584896d8c115d939ce7621d4cd2c1ebb66fc308b31d4641dd38eaab9d9d1e2b91625309bf9dcf50ab15dd9b2db4c7bcbb9eae73a91d9742 envoy/extensions/access_loggers/stats/v3/stats.proto
@@ -2,9 +2,11 @@
package envoy.extensions.access_loggers.stats.v3;
+import "envoy/data/accesslog/v3/accesslog.proto";
+
import "google/protobuf/wrappers.proto";
-import "xds/annotations/v3/status.proto";
+import "xds/type/matcher/v3/matcher.proto";
import "udpa/annotations/status.proto";
import "validate/validate.proto";
@@ -27,16 +29,23 @@
// leading to a denial of service in Envoy, or can overwhelm any configured
// stat sinks by sending too many unique metrics.
+// [#next-free-field: 6]
message Config {
- option (xds.annotations.v3.message_status).work_in_progress = true;
-
// Defines a tag on a stat.
message Tag {
// The name of the tag.
string name = 1 [(validate.rules).string = {min_len: 1}];
- // The value of the tag, using :ref:`command operators <config_access_log_command_operators>`.
+ // The value of the tag, using :ref:`command operators
+ // <config_access_log_command_operators>`.
string value_format = 2 [(validate.rules).string = {min_len: 1}];
+
+ // The custom rules to generate the stat tags. Currently, the only
+ // supported input is
+ // :ref:`Stat tag value input <envoy_v3_api_msg_extensions.matching.common_inputs.stats.v3.StatTagValueInput>`.
+ // The supported actions are
+ // - :ref:`Transform stat action <envoy_v3_api_msg_extensions.matching.actions.transform_stat.v3.TransformStat>`.
+ xds.type.matcher.v3.Matcher rules = 3;
}
// Defines the name and tags of a stat.
@@ -91,6 +100,58 @@
google.protobuf.UInt64Value value_fixed = 3 [(validate.rules).uint64 = {gt: 0}];
}
+ // Configuration for a gauge stat. Gauges can be used to add, subtract, or set
+ // values, and are useful for tracking concurrency or other mutable values
+ // over time.
+ // [#next-free-field: 6]
+ message Gauge {
+ // The Set operation config.
+ message Set {
+ // The access log type to trigger the operation.
+ data.accesslog.v3.AccessLogType log_type = 1 [(validate.rules).enum = {defined_only: true}];
+ }
+
+ // The PairedAddSubtract operation config.
+ // Usage restrictions:
+ //
+ // 1. We only support add first then subtract logic and we rely on the symmetrical log types
+ // (e.g., DownstreamStart/DownstreamEnd) to increment and decrement the gauge.
+ // 2. During runtime, sub_log_type will execute if and only if add_log_type operation has
+ // been done, tracked by inflight counter in filter state.
+ // 3. If the add_log_type operation was executed, the sub_log_type will happen when the
+ // stream/connection is closed, even if the configured log type didn't happen.
+ message PairedAddSubtract {
+ // The access log type to trigger the add operation.
+ data.accesslog.v3.AccessLogType add_log_type = 1
+ [(validate.rules).enum = {defined_only: true}];
+
+ // The access log type to trigger the subtract operation.
+ data.accesslog.v3.AccessLogType sub_log_type = 2
+ [(validate.rules).enum = {defined_only: true}];
+ }
+
+ // The name and tags of this gauge.
+ Stat stat = 1 [(validate.rules).message = {required: true}];
+
+ // The format string for the value of this gauge, using :ref:`command
+ // operators <config_access_log_command_operators>`. This must evaluate to a
+ // positive number.
+ string value_format = 2
+ [(validate.rules).string = {prefix: "%" suffix: "%" ignore_empty: true}];
+
+ // A fixed value to add/subtract/set to this gauge.
+ // One of ``value_format`` or ``value_fixed`` must be configured.
+ google.protobuf.UInt64Value value_fixed = 3 [(validate.rules).uint64 = {gt: 0}];
+
+ // The PairedAddSubtract operation.
+ // Only one of PairedAddSubtract and Set can be defined.
+ PairedAddSubtract add_subtract = 4;
+
+ // The Set operation.
+ // Only one of PairedAddSubtract and Set can be defined.
+ Set set = 5;
+ }
+
// The stat prefix for the generated stats.
string stat_prefix = 1 [(validate.rules).string = {min_len: 1}];
@@ -99,4 +160,7 @@
// The counters this logger will emit.
repeated Counter counters = 4;
+
+ // The gauges this logger will emit.
+ repeated Gauge gauges = 5;
}
envoy/extensions/bootstrap/reverse_tunnel/downstream_socket_interface/v3/downstream_reverse_connection_socket_interface.proto:
--- shake256:e1ef5c6288164e96ad75f885a9de2fe652bbbdfdd8a7f007ebee1983286e2b9efdd7028b76c68ba529d2783956b5e79730a868ace2c4c115c1e7107f9fefa993 envoy/extensions/bootstrap/reverse_tunnel/downstream_socket_interface/v3/downstream_reverse_connection_socket_interface.proto
+++ shake256:660c22324d1b891b24b011b8794f39d1d6d4f1524f947b128472fc55d67aa42b6672de926e3bb5936d86fbf0a8c0e07c86f9db58d73c86b702b5040cc7975e0c envoy/extensions/bootstrap/reverse_tunnel/downstream_socket_interface/v3/downstream_reverse_connection_socket_interface.proto
@@ -2,6 +2,8 @@
package envoy.extensions.bootstrap.reverse_tunnel.downstream_socket_interface.v3;
+import "envoy/config/core/v3/base.proto";
+
import "udpa/annotations/status.proto";
option java_package = "io.envoyproxy.envoy.extensions.bootstrap.reverse_tunnel.downstream_socket_interface.v3";
@@ -22,6 +24,9 @@
// Request path used when issuing the HTTP reverse-connection handshake. Defaults to
// "/reverse_connections/request".
string request_path = 1;
+
+ // Additional headers to include in the HTTP handshake request.
+ repeated config.core.v3.HeaderValueOption additional_headers = 2;
}
// Stat prefix to be used for downstream reverse connection socket interface stats.
envoy/extensions/bootstrap/reverse_tunnel/upstream_socket_interface/v3/upstream_reverse_connection_socket_interface.proto:
--- shake256:619a9180e9bacad6103038fc2244b8239b0d849569f64f226ba8bf506a296f923e2eaf23e2aaa884d68b3d2e4de525d3324ced0436a98f5697ace6c8c77c640b envoy/extensions/bootstrap/reverse_tunnel/upstream_socket_interface/v3/upstream_reverse_connection_socket_interface.proto
+++ shake256:edc29f12ce800836aae0709201e19349a88375d8beeb35cd872414892d7fd12b2d2eae8faf1ac5dfac18110c4d0702e453f385d254fc76a60e2d3cccb637d4dc envoy/extensions/bootstrap/reverse_tunnel/upstream_socket_interface/v3/upstream_reverse_connection_socket_interface.proto
@@ -19,6 +19,7 @@
// [#extension: envoy.bootstrap.reverse_tunnel.upstream_socket_interface]
// Configuration for the upstream reverse connection socket interface.
+// [#next-free-field: 6]
message UpstreamReverseConnectionSocketInterface {
// Stat prefix for upstream reverse connection socket interface stats.
string stat_prefix = 1;
@@ -36,4 +37,11 @@
// the socket interface instantiates a reporter via the configured factory.
// If unset, no reporting is done.
config.core.v3.TypedExtensionConfig reporter_config = 4;
+
+ // Enables tenant-aware isolation for reverse connections. When set to ``true``, the socket
+ // interface requires tenant identifiers in addition to node and cluster identifiers and derives
+ // composite ``tenant:node`` and ``tenant:cluster`` keys for socket tracking. Identifiers
+ // containing the ``:`` delimiter are rejected to avoid ambiguity.
+ // Defaults to ``false`` for backwards compatibility.
+ google.protobuf.BoolValue enable_tenant_isolation = 5;
}
envoy/extensions/clusters/redis/v3/redis_cluster.proto:
--- shake256:5f8a02cf67b5c30f47a9459137ed47a77744906a5bb75baafbce675671109b7038b8464dc2b5e186728bd6360fa0d889df05ff944a21894a27d3cd2d7e38218b envoy/extensions/clusters/redis/v3/redis_cluster.proto
+++ shake256:8706a8bcd77de30b9d3efcb798059a31368272605e8bac4afb66a84051a35bd6ba32ea73d4dbd9ba44d94566b7077a8dcf701410cd56b118028a0bfb5fda8070 envoy/extensions/clusters/redis/v3/redis_cluster.proto
@@ -54,7 +54,7 @@
// redirect_refresh_threshold: 10
// [#extension: envoy.clusters.redis]
-// [#next-free-field: 7]
+// [#next-free-field: 8]
message RedisClusterConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.cluster.redis.RedisClusterConfig";
@@ -83,4 +83,14 @@
// If not set, this defaults to 0, which disables the topology refresh due to degraded or
// unhealthy host.
uint32 host_degraded_refresh_threshold = 6;
+
+ // Enable zone discovery via INFO command. When enabled, the cluster will
+ // send INFO command to each node to discover its availability_zone field,
+ // which is then used for zone-aware routing.
+ //
+ // Note: This feature currently works with Valkey only. Valkey exposes
+ // availability_zone in its INFO response. Standard Redis does not support this field.
+ //
+ // If not set, this defaults to false.
+ google.protobuf.BoolValue enable_zone_discovery = 7;
}
envoy/extensions/clusters/reverse_connection/v3/reverse_connection.proto:
--- shake256:713d411cee39f04b628ebfc3532d4a8af422cfb8885f372599ed0d86dd4011f743d160c66485159be9dee939ecf66de5c323cd1fc4523f1c3be62bde4e3bbbac envoy/extensions/clusters/reverse_connection/v3/reverse_connection.proto
+++ shake256:8bd676a0a41122ddf383c0520812f564cc4d8cc6692f5b20c8b3cbce34fe14c1e808e961327b8b1f48b909d477dd15262ace366b6554899243bf18c286cc77b7 envoy/extensions/clusters/reverse_connection/v3/reverse_connection.proto
@@ -46,4 +46,29 @@
//
// If the format string evaluates to an empty value, the request will not be routed.
string host_id_format = 2 [(validate.rules).string = {min_len: 1}];
+
+ // Tenant identifier format string for tenant-aware isolation.
+ //
+ // This format string is evaluated against the downstream request context to compute
+ // the tenant identifier when tenant isolation is enabled. The format string supports
+ // the same Envoy formatter syntax as ``host_id_format``.
+ //
+ // **REQUIRED** when tenant isolation is enabled (via ``enable_tenant_isolation`` in the
+ // reverse tunnel filter configuration).
+ //
+ // When tenant isolation is enabled and this field is set, the tenant identifier must be
+ // derivable from the request context (i.e., the formatter must evaluate to a non-empty
+ // value). If the tenant identifier cannot be inferred, host selection will fail and the
+ // request will not be routed.
+ //
+ // Examples:
+ //
+ // * ``%REQ(x-tenant-id)%``: Extract tenant ID from request header.
+ // * ``%DYNAMIC_METADATA(envoy.filters.network.reverse_tunnel:tenant_id)%``: Use metadata from reverse tunnel filter.
+ // * ``%CEL(request.headers['x-tenant-id'] | orValue('default'))%``: Use CEL with fallback.
+ //
+ // The delimiter used for concatenation is internal and not configurable. Users should
+ // ensure that tenant identifiers and host identifiers do not contain the delimiter character
+ // (``:``) to avoid ambiguity.
+ string tenant_id_format = 3 [(validate.rules).string = {max_len: 1024 ignore_empty: true}];
}
envoy/extensions/common/ratelimit/v3/ratelimit.proto:
--- shake256:1c6def9643491a1c8aa4b53cb2d0bb744acce4945d9eb63a3e7733d3f6a568c3a1d90531b42787d751a6ce3bbc861db13d1ac2a031892895ee3a2b66c70877db envoy/extensions/common/ratelimit/v3/ratelimit.proto
+++ shake256:4771d57c4812b0bd79a53d87a3ee09c02be588cd5294b234b897890b456c12ce11ac31f77bb70794d61f646b95ec19ffe3d17054cb672d838c2868152b3e06ac envoy/extensions/common/ratelimit/v3/ratelimit.proto
@@ -129,6 +129,11 @@
// Optional hits_addend for the rate limit descriptor. If set the value will override the
// request level hits_addend.
google.protobuf.UInt64Value hits_addend = 3;
+
+ // If true, the hits_addend value will be treated as negative, effectively adding to
+ // the rate limit budget instead of consuming from it. This can be used to refill previously consumed
+ // rate limit tokens.
+ bool is_negative_hits = 4;
}
// Configuration used to enable local rate limiting.
@@ -144,6 +149,9 @@
// Token Bucket algorithm for local ratelimiting.
type.v3.TokenBucket token_bucket = 2 [(validate.rules).message = {required: true}];
+
+ // Mark the descriptor as shadow. When the values is true, envoy allow requests to the backend.
+ bool shadow_mode = 3;
}
// Configuration used to enable local cluster level rate limiting where the token buckets
envoy/extensions/compression/gzip/compressor/v3/gzip.proto:
--- shake256:478847c0e8b17d45ba72ce23d3c0e658e8f479ddb8e70217a2b01f95f5005559432f958ffc1f3bbe524ec1afaa9d3c743f3d7e6b23380863847e37c4b309c537 envoy/extensions/compression/gzip/compressor/v3/gzip.proto
+++ shake256:61448ff01a63766c220b1c8b3baaf98cc51b1919293df1db680e62f80203f0809a8dad91ee72f06be9b49ac0dbe071ca8851c29f2608983c13a4e9a684a03897 envoy/extensions/compression/gzip/compressor/v3/gzip.proto
@@ -19,61 +19,106 @@
// [#next-free-field: 6]
message Gzip {
// All the values of this enumeration translate directly to zlib's compression strategies.
- // For more information about each strategy, please refer to zlib manual.
+ // For more information about each strategy, please refer to the
+ // `zlib manual <https://www.zlib.net/manual.html>`_.
enum CompressionStrategy {
+ // Default compression strategy.
DEFAULT_STRATEGY = 0;
+
+ // Filtered compression strategy, designed for data produced by a filter or predictor.
FILTERED = 1;
+
+ // Huffman-only compression strategy, which uses Huffman encoding only.
HUFFMAN_ONLY = 2;
+
+ // Run-length encoding (RLE) compression strategy, designed for image data.
RLE = 3;
+
+ // Fixed compression strategy, which prevents the use of dynamic Huffman codes.
FIXED = 4;
}
+ // Compression level values for zlib. Higher levels provide better compression at the cost of
+ // increased latency and CPU usage.
enum CompressionLevel {
option allow_alias = true;
+ // Default compression level, equivalent to ``COMPRESSION_LEVEL_6``.
DEFAULT_COMPRESSION = 0;
+
+ // Fastest compression with minimal compression ratio, equivalent to ``COMPRESSION_LEVEL_1``.
BEST_SPEED = 1;
+
+ // Compression level 1 (fastest).
COMPRESSION_LEVEL_1 = 1;
+
+ // Compression level 2.
COMPRESSION_LEVEL_2 = 2;
+
+ // Compression level 3.
COMPRESSION_LEVEL_3 = 3;
+
+ // Compression level 4.
COMPRESSION_LEVEL_4 = 4;
+
+ // Compression level 5.
COMPRESSION_LEVEL_5 = 5;
+
+ // Compression level 6.
COMPRESSION_LEVEL_6 = 6;
+
+ // Compression level 7.
COMPRESSION_LEVEL_7 = 7;
+
+ // Compression level 8.
COMPRESSION_LEVEL_8 = 8;
+
+ // Compression level 9 (best compression).
COMPRESSION_LEVEL_9 = 9;
+
+ // Best compression ratio with highest latency, equivalent to ``COMPRESSION_LEVEL_9``.
BEST_COMPRESSION = 9;
}
// Value from 1 to 9 that controls the amount of internal memory used by zlib. Higher values
- // use more memory, but are faster and produce better compression results. The default value is 5.
+ // use more memory, but are faster and produce better compression results.
+ //
+ // Defaults to ``5``.
google.protobuf.UInt32Value memory_level = 1 [(validate.rules).uint32 = {lte: 9 gte: 1}];
// A value used for selecting the zlib compression level. This setting will affect speed and
- // amount of compression applied to the content. "BEST_COMPRESSION" provides higher compression
- // at the cost of higher latency and is equal to "COMPRESSION_LEVEL_9". "BEST_SPEED" provides
- // lower compression with minimum impact on response time, the same as "COMPRESSION_LEVEL_1".
- // "DEFAULT_COMPRESSION" provides an optimal result between speed and compression. According
- // to zlib's manual this level gives the same result as "COMPRESSION_LEVEL_6".
- // This field will be set to "DEFAULT_COMPRESSION" if not specified.
+ // amount of compression applied to the content. ``BEST_COMPRESSION`` provides higher compression
+ // at the cost of higher latency and is equal to ``COMPRESSION_LEVEL_9``. ``BEST_SPEED`` provides
+ // lower compression with minimum impact on response time, the same as ``COMPRESSION_LEVEL_1``.
+ // ``DEFAULT_COMPRESSION`` provides an optimal result between speed and compression. According
+ // to zlib's manual, this level gives the same result as ``COMPRESSION_LEVEL_6``.
+ //
+ // Defaults to ``DEFAULT_COMPRESSION``.
CompressionLevel compression_level = 2 [(validate.rules).enum = {defined_only: true}];
// A value used for selecting the zlib compression strategy which is directly related to the
- // characteristics of the content. Most of the time "DEFAULT_STRATEGY" will be the best choice,
- // which is also the default value for the parameter, though there are situations when
- // changing this parameter might produce better results. For example, run-length encoding (RLE)
- // is typically used when the content is known for having sequences which same data occurs many
- // consecutive times. For more information about each strategy, please refer to zlib manual.
+ // characteristics of the content. Most of the time ``DEFAULT_STRATEGY`` will be the best choice,
+ // though there are situations when changing this parameter might produce better results. For
+ // example, run-length encoding (RLE) is typically used when the content is known for having
+ // sequences in which the same data occurs many consecutive times. For more information about
+ // each strategy, please refer to the `zlib manual <https://www.zlib.net/manual.html>`_.
+ //
+ // Defaults to ``DEFAULT_STRATEGY``.
CompressionStrategy compression_strategy = 3 [(validate.rules).enum = {defined_only: true}];
// Value from 9 to 15 that represents the base two logarithmic of the compressor's window size.
- // Larger window results in better compression at the expense of memory usage. The default is 12
- // which will produce a 4096 bytes window. For more details about this parameter, please refer to
- // zlib manual > deflateInit2.
+ // Larger window results in better compression at the expense of memory usage. For more details
+ // about this parameter, please refer to the
+ // `zlib manual <https://www.zlib.net/manual.html>`_ for ``deflateInit2``.
+ //
+ // Defaults to ``12``, which will produce a 4096 bytes window.
google.protobuf.UInt32Value window_bits = 4 [(validate.rules).uint32 = {lte: 15 gte: 9}];
- // Value for Zlib's next output buffer. If not set, defaults to 4096.
- // See https://www.zlib.net/manual.html for more details. Also see
- // https://github.com/envoyproxy/envoy/issues/8448 for context on this filter's performance.
+ // Value for zlib's next output buffer. See the
+ // `zlib manual <https://www.zlib.net/manual.html>`_ for more details. Also see
+ // `envoy#8448 <https://github.com/envoyproxy/envoy/issues/8448>`_ for context on this filter's
+ // performance.
+ //
+ // Defaults to ``4096``.
google.protobuf.UInt32Value chunk_size = 5 [(validate.rules).uint32 = {lte: 65536 gte: 4096}];
}
envoy/extensions/dynamic_modules/v3/dynamic_modules.proto:
--- shake256:9807d3ebad080c0acd2fbcc4286e17d94c2ea09233f52c89455ec54d6d1fb13b19b841faa36608cabf8e1e85f9f23fc0bf0f317ea5bf3a03c792c399121e980e envoy/extensions/dynamic_modules/v3/dynamic_modules.proto
+++ shake256:174933bd8f46d956cf29a5dcaff4f8711209faead4e33d83910b72c03bd1eb33b065e2dffbe51a94ccbbfc974cdff44fbd6b01cfab0b9cd0a4736064de122738 envoy/extensions/dynamic_modules/v3/dynamic_modules.proto
@@ -2,8 +2,9 @@
package envoy.extensions.dynamic_modules.v3;
+import "envoy/config/core/v3/base.proto";
+
import "udpa/annotations/status.proto";
-import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.extensions.dynamic_modules.v3";
option java_outer_classname = "DynamicModulesProto";
@@ -25,22 +26,29 @@
// reused.
//
// A module must be compatible with the ABI specified in :repo:`abi.h
-// <source/extensions/dynamic_modules/abi.h>`. Currently, compatibility is only guaranteed by an
+// <source/extensions/dynamic_modules/abi/abi.h>`. Currently, compatibility is only guaranteed by an
// exact version match between the Envoy codebase and the dynamic module SDKs. In the future, after
// the ABI is stabilized, this restriction will be revisited. Until then, Envoy checks the hash of
// the ABI header files to ensure that the dynamic modules are built against the same version of the
// ABI.
+// [#next-free-field: 8]
message DynamicModuleConfig {
// The name of the dynamic module.
//
// The client is expected to have some configuration indicating where to search for the module. In
- // Envoy, the search path can only be configured via the environment variable
+ // Envoy, the search path can be configured via the environment variable
// ``ENVOY_DYNAMIC_MODULES_SEARCH_PATH``. The actual search path is
- // ``${ENVOY_DYNAMIC_MODULES_SEARCH_PATH}/lib${name}.so``.
+ // ``${ENVOY_DYNAMIC_MODULES_SEARCH_PATH}/lib${name}.so``. If not set, the current working directory is
+ // used as the search path. After Envoy fails to find the module in the search path, it will also
+ // try to find the module from a standard system library path (e.g., ``/usr/lib``) following the
+ // platform's default behavior for ``dlopen``.
+ //
+ // This field is optional if the ``module`` field is set. When both ``name`` and ``module`` are
+ // specified, the ``module`` field takes precedence.
//
// .. note::
// There is some remaining work to make the search path configurable via command line options.
- string name = 1 [(validate.rules).string = {min_len: 1}];
+ string name = 1;
// If true, prevents the module from being unloaded with ``dlclose``.
//
@@ -51,7 +59,7 @@
// Defaults to ``false``.
bool do_not_close = 3;
- // If true, the dynamic module is loaded with the ``RTLD_GLOBAL`` flag.
+ // If ``true``, the dynamic module is loaded with the ``RTLD_GLOBAL`` flag.
//
// The dynamic module is loaded with the ``RTLD_LOCAL`` flag by default to avoid symbol conflicts
// when multiple modules are loaded. Set this to ``true`` to load the module with the
@@ -66,4 +74,42 @@
//
// Defaults to ``false``.
bool load_globally = 4;
+
+ // The namespace prefix for metrics emitted by this dynamic module.
+ //
+ // This allows users to customize the prefix used for all metrics created by the dynamic module.
+ // The prefix is prepended to all metric names. In prometheus output, metrics will appear with
+ // the standard ``envoy_`` prefix followed by this namespace. For example, if this is set to
+ // ``myapp``, a counter ``requests`` would appear as ``envoy_myapp_requests_total``.
+ //
+ // Defaults to ``dynamicmodulescustom``.
+ string metrics_namespace = 5;
+
+ // The dynamic module binary to load. Supports local file paths via ``local.filename``
+ // and remote HTTP sources via ``remote``.
+ //
+ // When using ``remote``, the module is fetched asynchronously during listener initialization.
+ // If the fetch fails (network error, SHA256 mismatch, invalid binary, etc.), the filter
+ // is **not installed** and requests pass through unfiltered (fail-open).
+ //
+ // When both ``name`` and ``module`` are set, ``module`` takes precedence.
+ config.core.v3.AsyncDataSource module = 6;
+
+ // Controls how a cache miss for a remote module is handled.
+ //
+ // When true (NACK mode), a cache miss causes an immediate NACK of the xDS config update.
+ // A background fetch is started and the module will be available on the next config push if
+ // the fetch succeeds.
+ //
+ // When false (default, warming mode), the server blocks during initialization until the fetch
+ // completes or exhausts retries. This mode requires an init manager and is not available in
+ // ECDS or per-route configurations.
+ //
+ // When using ``module.remote`` with ECDS or per-route configurations, this must be set to
+ // ``true``.
+ //
+ // Only applies when ``module.remote`` is set.
+ //
+ // Defaults to ``false``.
+ bool nack_on_cache_miss = 7;
}
envoy/extensions/filters/http/composite/v3/composite.proto:
--- shake256:002cd85799c5af02bd7a35f7d889014754cb0265dfb84cc39b9e8b569beb221ae9950bcd19b5580b9c50e016cf405b080946c52b7802bb63eef81279471798f0 envoy/extensions/filters/http/composite/v3/composite.proto
+++ shake256:5eda6bb5729dc34ac1a0ba6390df58021e94e61d5f540442d551ef15db94d015d68916535f4363ac1a7c99aed706048ffbe1a30396aaea913a32d110aea39ec9 envoy/extensions/filters/http/composite/v3/composite.proto
@@ -6,6 +6,8 @@
import "envoy/config/core/v3/config_source.proto";
import "envoy/config/core/v3/extension.proto";
+import "xds/type/matcher/v3/matcher.proto";
+
import "udpa/annotations/migrate.proto";
import "udpa/annotations/status.proto";
import "validate/validate.proto";
@@ -38,6 +40,19 @@
// This is useful when the same filter chain needs to be applied across many routes,
// as it avoids duplicating the filter chain configuration.
map<string, FilterChainConfiguration> named_filter_chains = 1;
+
+ // [#not-implemented-hide:]
+ // The match tree that will be used to select an action to execute. The action type should be
+ // :ref:`ExecuteFilterAction
+ // <envoy_v3_api_msg_extensions.filters.http.composite.v3.ExecuteFilterAction>`.
+ xds.type.matcher.v3.Matcher matcher = 2;
+}
+
+// Per-route configuration for the Composite filter.
+// [#not-implemented-hide:]
+message CompositePerRoute {
+ // Override of the match tree for this route.
+ xds.type.matcher.v3.Matcher matcher = 1 [(validate.rules).message = {required: true}];
}
// A list of filter configurations to be called in order. Note that this can be used as the type
envoy/extensions/filters/http/compressor/v3/compressor.proto:
--- shake256:81791ad5ea2a3098874b479dccc17f83f0c81af3589b0c1edc99b99fef85ff69ee544e25b234ba6a3dc717e49df5a45f0adba27df13f5d1d56a6c8a4c7e6246f envoy/extensions/filters/http/compressor/v3/compressor.proto
+++ shake256:88198818f68c7bb6aaec8fcfb16a43209feb9eb510006e5a05ec4e9098101e6dfd5015112d0e231861cc39e12a46b630d9a103c42157953340980d9da3cf656a envoy/extensions/filters/http/compressor/v3/compressor.proto
@@ -62,15 +62,26 @@
}
// Configuration for filter behavior on the response direction.
- // [#next-free-field: 6]
+ // [#next-free-field: 7]
message ResponseDirectionConfig {
CommonDirectionConfig common_config = 1;
// When this field is ``true``, disables compression when the response contains an ``ETag`` header.
// When this field is ``false``, the filter will preserve weak ``ETag`` values and remove those that
- // require strong validation.
+ // require strong validation (unless ``weaken_etag_on_compress`` is set).
+ // When both ``disable_on_etag_header`` and ``weaken_etag_on_compress`` are ``true``,
+ // ``weaken_etag_on_compress`` takes precedence (compression is applied and the ETag is weakened).
bool disable_on_etag_header = 2;
+ // When this field is ``true`` and the filter compresses a response that contains a strong
+ // ``ETag``, the filter will weaken the ETag by prepending ``W/`` to its value instead of
+ // removing it. This allows caching and conditional requests to work while indicating the
+ // response body was modified by compression. When ``false`` (default), strong ETags are
+ // removed when compression is applied. When both ``weaken_etag_on_compress`` and
+ // ``disable_on_etag_header`` are ``true``, this field takes precedence so that compression
+ // is applied and the ETag is weakened, supporting gradual rollout to clients and servers.
+ bool weaken_etag_on_compress = 6;
+
// When this field is ``true``, removes ``Accept-Encoding`` from the request headers before dispatching
// the request to the upstream so that responses do not get compressed before reaching the filter.
//
envoy/extensions/filters/http/dynamic_modules/v3/dynamic_modules.proto:
--- shake256:9e76a22c9cdead3f586feeec0952f4809fe77c613adbaea2ffc25d357cdea64c3468f7b960227208a372f53ac5a25345af4db2bfd9a93a1562efb0e2d4e8323b envoy/extensions/filters/http/dynamic_modules/v3/dynamic_modules.proto
+++ shake256:9abbc21d8abf790f661403eabb964d0e639ff04c4411c5bd7580483cda9296b56bf525831af47395d1f4c96e9b729e95eae77a062d01ef016d6816b31ba21173 envoy/extensions/filters/http/dynamic_modules/v3/dynamic_modules.proto
@@ -6,6 +6,7 @@
import "google/protobuf/any.proto";
+import "envoy/annotations/deprecation.proto";
import "udpa/annotations/status.proto";
option java_package = "io.envoyproxy.envoy.extensions.filters.http.dynamic_modules.v3";
@@ -90,16 +91,32 @@
// receives this configuration, it passes the ``per_route_config_name`` to the dynamic module's
// HTTP per-route filter config init function together with the ``filter_config``. That way a
// module can decide which in-module filter implementation to use based on the name at load time.
- string per_route_config_name = 2;
+ //
+ // .. note::
+ // This is deprecated in favor of ``filter_name``. Please use ``filter_name`` instead of
+ // ``per_route_config_name`` to specify the name for the filter implementation.
+ // If both ``per_route_config_name`` and ``filter_name`` are specified, Envoy uses
+ // ``filter_name`` and ignores ``per_route_config_name``.
+ //
+ string per_route_config_name = 2
+ [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
+
+ // The name for this filter configuration.
+ //
+ // This can be used to distinguish between different filter implementations inside a dynamic
+ // module. For example, a module can have completely different filter implementations. When Envoy
+ // receives this configuration, it passes the ``filter_name`` to the dynamic module's
+ // HTTP per-route filter config init function together with the ``filter_config``. That way a
+ // module can decide which in-module filter implementation to use based on the name at load time.
+ string filter_name = 4;
- // The configuration for the filter chosen by ``per_route_config_name``.
+ // The configuration for the filter chosen by ``filter_name``.
//
// This is passed to the module's HTTP per-route filter initialization function. Together with
- // the ``per_route_config_name``, the module can decide which in-module filter implementation to
- // use and fine-tune the behavior of the filter on a specific route.
+ // the ``filter_name``, the module can decide which in-module filter implementation to use and fine-tune the behavior of the filter on a specific route.
//
// For example, if a module has two filter implementations, one for logging and one for header
- // manipulation, ``per_route_config_name`` is used to choose either logging or header
+ // manipulation, ``filter_name`` is used to choose either logging or header
// manipulation. The ``filter_config`` can be used to configure the logging level or the header
// manipulation behavior.
//
envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto:
--- shake256:5753ad827ada06f3e3f0f98a57a0b70e93a6bbdd8b8b8a969e9c34d99804516e4593ed746c4e132edc3354c404be5ccff2a2f8553dd32667d4a3d6e7db8feaf0 envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
+++ shake256:b5adab52f4b770083cb54fb1866189dc3e58a36587925aa32003e04a864e666f1013c3af16b69ef346302534291b604fc04ce9b5507e69cd421e2ecc3a9682e7 envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
@@ -30,7 +30,7 @@
// External Authorization :ref:`configuration overview <config_http_filters_ext_authz>`.
// [#extension: envoy.filters.http.ext_authz]
-// [#next-free-field: 32]
+// [#next-free-field: 33]
message ExtAuthz {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.http.ext_authz.v3.ExtAuthz";
@@ -359,6 +359,64 @@
//
// Defaults to ``false``.
bool enforce_response_header_limits = 31;
+
+ // When set to ``true``, the filter operates in shadow mode. In shadow mode the
+ // filter still calls the external authorization service and processes the response,
+ // but never terminates the request. Instead of sending a local reply on a denied or
+ // error response, the filter writes the authorization decision (engine result, status
+ // code, response headers) into the request's
+ // :ref:`FilterState <arch_overview_data_sharing_between_filters>` as a
+ // :ref:`ShadowDecision
+ // <envoy_v3_api_msg_extensions.filters.http.ext_authz.v3.ShadowDecision>` object so
+ // that subsequent filters can read and optionally enforce it.
+ //
+ // The FilterState key is the filter's configured ``name`` in the filter chain with a
+ // ``.shadow`` suffix (``envoy.filters.http.ext_authz.shadow`` by default). Multiple ext_authz
+ // filters in the same chain must already have distinct names and therefore write to distinct
+ // keys automatically.
+ //
+ // The auth server's denied-response body is intentionally **not** carried on the
+ // ShadowDecision: bodies can be arbitrarily large and no downstream consumer in the
+ // shadow-comparison flow needs them. A consumer that wants to reproduce the auth
+ // server's full denied response must read it from its own source of truth rather
+ // than replaying it from FilterState.
+ //
+ // Header and query-parameter mutations from an OK response are still applied to the
+ // request as usual.
+ //
+ // Defaults to ``false``.
+ bool shadow_mode = 32;
+}
+
+// Serialized form of the shadow-mode authorization decision written to FilterState
+// when :ref:`shadow_mode
+// <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.shadow_mode>` is
+// enabled. Consumed by a downstream filter that decides whether to enforce the
+// decision.
+message ShadowDecision {
+ // The decision the auth server returned.
+ enum CheckResult {
+ UNSPECIFIED = 0;
+ OK = 1;
+ DENIED = 2;
+ ERROR = 3;
+ }
+
+ // The decision the auth server returned.
+ CheckResult check_result = 1;
+
+ // Response status code associated with the decision. For ``DENIED`` and ``ERROR`` this is
+ // the code the filter would have set on termination (the auth server's code for ``DENIED``,
+ // or :ref:`status_on_error
+ // <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.status_on_error>` fallback
+ // for ``ERROR``). For ``OK`` this defaults to ``200`` so consumers always see a populated
+ // value — the upstream response code is not known at shadow-decision time.
+ uint32 status_code = 2 [(validate.rules).uint32 = {lte: 599 gte: 100 ignore_empty: true}];
+
+ // Response headers the auth server asked to set on a denied response
+ // (e.g. ``WWW-Authenticate``, ``Set-Cookie``). Populated for ``DENIED`` only.
+ // Preserves ordering and duplicate header names.
+ repeated config.core.v3.HeaderValue response_headers = 3;
}
// Configuration for buffering the request data.
@@ -426,7 +484,7 @@
// metadata as well as body may be added to the client's response. See :ref:`allowed_client_headers
// <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.AuthorizationResponse.allowed_client_headers>`
// for details.
-// [#next-free-field: 10]
+// [#next-free-field: 11]
message HttpService {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.http.ext_authz.v2.HttpService";
@@ -437,8 +495,13 @@
config.core.v3.HttpUri server_uri = 1;
// Sets a prefix to the value of authorization request header ``Path``.
+ // Only one of ``path_prefix`` or ``path_override`` may be set.
string path_prefix = 2;
+ // Replaces the value of authorization request header ``Path`` with this value.
+ // Only one of ``path_prefix`` or ``path_override`` may be set.
+ string path_override = 10;
+
// Settings used for controlling authorization request metadata.
AuthorizationRequest authorization_request = 7;
envoy/extensions/filters/http/ext_proc/v3/ext_proc.proto:
--- shake256:bb668849b33a7391d165b6b1e36b7049fc3ec26026d0e968c9398a8c2b56f1b2c3b5926bfe0d17ab81683a5454c0a99d36c28a61aac13b7d46dd3e754d04dd10 envoy/extensions/filters/http/ext_proc/v3/ext_proc.proto
+++ shake256:8abe6aeb9fe7bb19c1453260272f450a201be9cc72d3a160fd6a5ae3afb6268272101805eb17a3bb801dbce828b7bc989f0aa38fe501381723a95f5c4f39d01a envoy/extensions/filters/http/ext_proc/v3/ext_proc.proto
@@ -98,7 +98,7 @@
// <arch_overview_advanced_filter_state_sharing>` object in a namespace matching the filter
// name.
//
-// [#next-free-field: 26]
+// [#next-free-field: 27]
message ExternalProcessor {
// Describes the route cache action to be taken when an external processor response
// is received in response to request headers.
@@ -285,14 +285,6 @@
//
// 3. External processor may still close the stream to indicate that no more messages are needed.
//
- // .. warning::
- //
- // Flow control is a necessary mechanism to prevent the fast sender (either downstream client or upstream server)
- // from overwhelming the external processor when its processing speed is slower.
- // This protective measure is being explored and developed but has not been ready yet, so please use your own
- // discretion when enabling this feature.
- // This work is currently tracked under https://github.com/envoyproxy/envoy/issues/33319.
- //
bool observability_mode = 17;
// Prevents clearing the route-cache when the
@@ -369,6 +361,20 @@
//
// The default status is ``HTTP 500 Internal Server Error``.
type.v3.HttpStatus status_on_error = 24;
+
+ // If true, the filter will not remove the ``content-length`` header from the request/response after external processing.
+ // It is typically used in
+ // :ref:`FULL_DUPLEX_STREAMED <envoy_v3_api_enum_value_extensions.filters.http.ext_proc.v3.ProcessingMode.BodySendMode.FULL_DUPLEX_STREAMED>`
+ // mode. If the original body has been modified, the external processing server needs to set the correct content-length header in HeaderMutation
+ // that matches the modified body length.
+ //
+ // .. warning::
+ //
+ // This configuration should only be used if you are sure that the content length matches
+ // the body length after external processing. Otherwise, it may cause vulnerability issues such as
+ // request smuggling. Thus, please use your own discretion when enabling this feature.
+ //
+ bool allow_content_length_header = 26;
}
// ExtProcHttpService is used for HTTP communication between the filter and the external processing service.
envoy/extensions/filters/http/ext_proc/v3/processing_mode.proto:
--- shake256:7c47e01e6bd412b0dfa541a4e7337df6e21bafd4e16296091b1481cfafd975ec4c0405cf2262dde4f8dbe2a1227b4d344d54e2cc11f43f5ed7844279dbdd41e1 envoy/extensions/filters/http/ext_proc/v3/processing_mode.proto
+++ shake256:6ddb465da319eecc453afdb11b62ec12451d3ee7eefc0ece502e2ef912395d2e93751af26143901a8edb30aa5ab82fc30ba2e011d7364dad0d5cbe3a9b6b0ee8 envoy/extensions/filters/http/ext_proc/v3/processing_mode.proto
@@ -20,20 +20,20 @@
// [#next-free-field: 7]
message ProcessingMode {
- // Control how headers and trailers are handled
+ // Control how headers and trailers are handled.
enum HeaderSendMode {
- // When used to configure the ext_proc filter :ref:`processing_mode
- // <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.processing_mode>`,
- // the default HeaderSendMode depends on which part of the message is being processed. By
+ // When used to configure the ext_proc filter
+ // :ref:`processing_mode <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.processing_mode>`,
+ // the default ``HeaderSendMode`` depends on which part of the message is being processed. By
// default, request and response headers are sent, while trailers are skipped.
//
- // When used in :ref:`mode_override
- // <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.mode_override>` or
- // :ref:`allowed_override_modes
- // <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.allowed_override_modes>`,
- // a value of DEFAULT indicates that there is no change from the behavior that is configured for
- // the filter in :ref:`processing_mode
- // <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.processing_mode>`.
+ // When used in
+ // :ref:`mode_override <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.mode_override>`
+ // or
+ // :ref:`allowed_override_modes <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.allowed_override_modes>`,
+ // a value of ``DEFAULT`` indicates that there is no change from the behavior that is configured
+ // for the filter in
+ // :ref:`processing_mode <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.processing_mode>`.
DEFAULT = 0;
// Send the header or trailer.
@@ -43,24 +43,27 @@
SKIP = 2;
}
- // Control how the request and response bodies are handled
- // When body mutation by external processor is enabled, ext_proc filter will always remove
- // the content length header in four cases below because content length can not be guaranteed
- // to be set correctly:
- // 1) STREAMED BodySendMode: header processing completes before body mutation comes back.
- // 2) BUFFERED_PARTIAL BodySendMode: body is buffered and could be injected in different phases.
- // 3) BUFFERED BodySendMode + SKIP HeaderSendMode: header processing (e.g., update content-length) is skipped.
- // 4) FULL_DUPLEX_STREAMED BodySendMode: header processing completes before body mutation comes back.
- //
- // In Envoy's http1 codec implementation, removing content length will enable chunked transfer
- // encoding whenever feasible. The recipient (either client or server) must be able
- // to parse and decode the chunked transfer coding.
+ // Control how the request and response bodies are handled.
+ //
+ // When body mutation by the external processor is enabled, the ext_proc filter will always remove the
+ // content length header in the following four cases, unless
+ // :ref:`allow_content_length_header <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.allow_content_length_header>`
+ // is enabled. This is because the content length cannot be guaranteed to be set correctly:
+ //
+ // 1) ``STREAMED`` BodySendMode: header processing completes before body mutation comes back.
+ // 2) ``BUFFERED_PARTIAL`` BodySendMode: body is buffered and could be injected in different phases.
+ // 3) ``BUFFERED`` BodySendMode + ``SKIP`` HeaderSendMode: header processing (e.g., update content-length) is skipped.
+ // 4) ``FULL_DUPLEX_STREAMED`` BodySendMode: header processing completes before body mutation comes back.
+ //
+ // In Envoy's HTTP/1 codec implementation, removing content length will enable chunked transfer
+ // encoding whenever feasible. The recipient (either client or server) must be able to parse and
+ // decode the chunked transfer coding
// (see `details in RFC9112 <https://tools.ietf.org/html/rfc9112#section-7.1>`_).
//
- // In BUFFERED BodySendMode + SEND HeaderSendMode, content length header is allowed but it is
- // external processor's responsibility to set the content length correctly matched to the length
- // of mutated body. If they don't match, the corresponding body mutation will be rejected and
- // local reply will be sent with an error message.
+ // In ``BUFFERED`` BodySendMode + ``SEND`` HeaderSendMode, content length header is allowed but it
+ // is the external processor's responsibility to set the content length correctly matched to the
+ // length of the mutated body. If they don't match, the corresponding body mutation will be
+ // rejected and a local reply will be sent with an error message.
enum BodySendMode {
// Do not send the body at all. This is the default.
NONE = 0;
@@ -80,73 +83,88 @@
// The ext_proc client (the data plane) streams the body to the server in pieces as they arrive.
//
- // 1) The server may choose to buffer any number chunks of data before processing them.
- // After it finishes buffering, the server processes the buffered data. Then it splits the processed
- // data into any number of chunks, and streams them back to the ext_proc client one by one.
- // The server may continuously do so until the complete body is processed.
- // The individual response chunk size is recommended to be no greater than 64K bytes, or
- // :ref:`max_receive_message_length <envoy_v3_api_field_config.core.v3.GrpcService.EnvoyGrpc.max_receive_message_length>`
- // if EnvoyGrpc is used.
- //
- // 2) The server may also choose to buffer the entire message, including the headers (if header mode is
- // ``SEND``), the entire body, and the trailers (if present), before sending back any response.
- // The server response has to maintain the headers-body-trailers ordering.
+ // 1) The server may choose to buffer any number of chunks of data before processing them.
+ // After it finishes buffering, the server processes the buffered data. Then it splits the
+ // processed data into any number of chunks, and streams them back to the ext_proc client one
+ // by one. The server may continuously do so until the complete body is processed. The
+ // individual response chunk size is recommended to be no greater than 64K bytes, or
+ // :ref:`max_receive_message_length <envoy_v3_api_field_config.core.v3.GrpcService.EnvoyGrpc.max_receive_message_length>`
+ // if EnvoyGrpc is used.
+ //
+ // 2) The server may also choose to buffer the entire message, including the headers (if header
+ // mode is ``SEND``), the entire body, and the trailers (if present), before sending back any
+ // response. The server response has to maintain the headers-body-trailers ordering.
//
- // 3) Note that the server might also choose not to buffer data. That is, upon receiving a
- // body request, it could process the data and send back a body response immediately.
+ // 3) Note that the server might also choose not to buffer data. That is, upon receiving a body
+ // request, it could process the data and send back a body response immediately.
//
// In this body mode:
+ //
// * The corresponding trailer mode has to be set to ``SEND``.
- // * The client will send body and trailers (if present) to the server as they arrive.
- // Sending the trailers (if present) is to inform the server the complete body arrives.
- // In case there are no trailers, then the client will set
+ // * The client will send body and trailers (if present) to the server as they arrive. Sending
+ // the trailers (if present) is to inform the server that the complete body has arrived. In
+ // case there are no trailers, then the client will set
// :ref:`end_of_stream <envoy_v3_api_field_service.ext_proc.v3.HttpBody.end_of_stream>`
- // to true as part of the last body chunk request to notify the server that no other data is to be sent.
+ // to ``true`` as part of the last body chunk request to notify the server that no other data
+ // is to be sent.
// * The server needs to send
// :ref:`StreamedBodyResponse <envoy_v3_api_msg_service.ext_proc.v3.StreamedBodyResponse>`
// to the client in the body response.
- // * The client will stream the body chunks in the responses from the server to the upstream/downstream as they arrive.
-
+ // * The client will stream the body chunks in the responses from the server to the
+ // upstream/downstream as they arrive.
FULL_DUPLEX_STREAMED = 4;
// [#not-implemented-hide:]
- // A mode for gRPC traffic. This is similar to ``FULL_DUPLEX_STREAMED``,
- // except that instead of sending raw chunks of the HTTP/2 DATA frames,
- // the ext_proc client will de-frame the individual gRPC messages inside
- // the HTTP/2 DATA frames, and as each message is de-framed, it will be
- // sent to the ext_proc server as a :ref:`request_body
- // <envoy_v3_api_field_service.ext_proc.v3.ProcessingRequest.request_body>`
- // or :ref:`response_body
- // <envoy_v3_api_field_service.ext_proc.v3.ProcessingRequest.response_body>`.
+ // A mode for gRPC traffic. This is similar to ``FULL_DUPLEX_STREAMED``, except that instead of
+ // sending raw chunks of the HTTP/2 DATA frames, the ext_proc client will de-frame the
+ // individual gRPC messages inside the HTTP/2 DATA frames, and as each message is de-framed, it
+ // will be sent to the ext_proc server as a
+ // :ref:`request_body <envoy_v3_api_field_service.ext_proc.v3.ProcessingRequest.request_body>`
+ // or
+ // :ref:`response_body <envoy_v3_api_field_service.ext_proc.v3.ProcessingRequest.response_body>`.
// The ext_proc server will stream back individual gRPC messages in the
// :ref:`StreamedBodyResponse <envoy_v3_api_msg_service.ext_proc.v3.StreamedBodyResponse>`
- // field, but the number of messages sent by the ext_proc server
- // does not need to equal the number of messages sent by the data
- // plane. This allows the ext_proc server to change the number of
- // messages sent on the stream.
- // In this mode, the client will send body and trailers to the server as
- // they arrive.
+ // field, but the number of messages sent by the ext_proc server does not need to equal the
+ // number of messages sent by the data plane. This allows the ext_proc server to change the
+ // number of messages sent on the stream. In this mode, the client will send body and trailers
+ // to the server as they arrive.
GRPC = 5;
}
- // How to handle the request header. Default is "SEND".
- // Note this field is ignored in :ref:`mode_override
- // <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.mode_override>`, since mode
- // overrides can only affect messages exchanged after the request header is processed.
+ // How to handle the request header.
+ //
+ // .. note::
+ //
+ // This field is ignored in
+ // :ref:`mode_override <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.mode_override>`,
+ // since mode overrides can only affect messages exchanged after the request header is
+ // processed.
+ //
+ // Defaults to ``SEND``.
HeaderSendMode request_header_mode = 1 [(validate.rules).enum = {defined_only: true}];
- // How to handle the response header. Default is "SEND".
+ // How to handle the response header.
+ //
+ // Defaults to ``SEND``.
HeaderSendMode response_header_mode = 2 [(validate.rules).enum = {defined_only: true}];
- // How to handle the request body. Default is "NONE".
+ // How to handle the request body.
+ //
+ // Defaults to ``NONE``.
BodySendMode request_body_mode = 3 [(validate.rules).enum = {defined_only: true}];
- // How do handle the response body. Default is "NONE".
+ // How to handle the response body.
+ //
+ // Defaults to ``NONE``.
BodySendMode response_body_mode = 4 [(validate.rules).enum = {defined_only: true}];
- // How to handle the request trailers. Default is "SKIP".
+ // How to handle the request trailers.
+ //
+ // Defaults to ``SKIP``.
HeaderSendMode request_trailer_mode = 5 [(validate.rules).enum = {defined_only: true}];
- // How to handle the response trailers. Default is "SKIP".
+ // How to handle the response trailers.
+ //
+ // Defaults to ``SKIP``.
HeaderSendMode response_trailer_mode = 6 [(validate.rules).enum = {defined_only: true}];
}
envoy/extensions/filters/http/geoip/v3/geoip.proto:
--- shake256:f1ce76dc162b62f57898c3f089e2afdd5c6543e14fed6ad02a2ebbc220d55f53378ee6e19f05eb1a2cb4c5b6836ebcd125d3abbc26012190cf544c9ce97717ce envoy/extensions/filters/http/geoip/v3/geoip.proto
+++ shake256:4d560d9e92f505b94c8443df5ca069765297648c1cf28576cae11cdf571689c90dc5fb2b4b9cf9718fb5352dd1057df56bd5f5da8be4bbc194494fa7b3026404 envoy/extensions/filters/http/geoip/v3/geoip.proto
@@ -4,8 +4,6 @@
import "envoy/config/core/v3/extension.proto";
-import "xds/annotations/v3/status.proto";
-
import "udpa/annotations/status.proto";
import "validate/validate.proto";
@@ -14,7 +12,6 @@
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/geoip/v3;geoipv3";
option (udpa.annotations.file_status).package_version_status = ACTIVE;
-option (xds.annotations.v3.file_status).work_in_progress = true;
// [#protodoc-title: Geoip]
// Geoip :ref:`configuration overview <config_http_filters_geoip>`.
envoy/extensions/filters/http/mcp/v3/mcp.proto:
--- shake256:465bfc5258cfc02a55d62f64738c2e9c23266138751628c32cbe61da84cc8d12bdfb7a19577e3fb4e433cbc9c30cbea7d7d0d61d5a8119996380c0fab161a8e2 envoy/extensions/filters/http/mcp/v3/mcp.proto
+++ shake256:328867464937b631c46b21ab01d87750ba39570d9092007aa9ca09c8443e54829c4872b77e7e310ac1245b6871f5c9e9e59b4f8e49385eeace4abd24cb2d7d67 envoy/extensions/filters/http/mcp/v3/mcp.proto
@@ -21,6 +21,7 @@
// [#extension: envoy.filters.http.mcp]
// This filter will inspect and get attributes from MCP traffic.
+// [#next-free-field: 8]
message Mcp {
// Traffic handling mode for non-MCP traffic.
enum TrafficMode {
@@ -32,9 +33,34 @@
// Valid MCP requests are:
// - POST requests with JSON-RPC 2.0 messages
// - GET requests for SSE streams (with Accept: text/event-stream)
+ // - DELETE requests for session termination (with MCP-Session-Id header)
REJECT_NO_MCP = 1;
}
+ // Where to store parsed MCP request attributes.
+ enum RequestStorageMode {
+ // Unspecified. Uses default behavior (same as DYNAMIC_METADATA).
+ MODE_UNSPECIFIED = 0;
+
+ // Store request attributes in dynamic metadata only.
+ // This is the default behavior.
+ DYNAMIC_METADATA = 1;
+
+ // Store request attributes in filter state only.
+ FILTER_STATE = 2;
+
+ // Store request attributes in both dynamic metadata and filter state.
+ DYNAMIC_METADATA_AND_FILTER_STATE = 3;
+ }
+
+ message TraceContextPropagationConfig {
+ option (xds.annotations.v3.message_status).work_in_progress = true;
+ }
+
+ message BaggagePropagationConfig {
+ option (xds.annotations.v3.message_status).work_in_progress = true;
+ }
+
// Configures how the filter handles non-MCP traffic.
TrafficMode traffic_mode = 1 [(validate.rules).enum = {defined_only: true}];
@@ -54,6 +80,33 @@
// Parser configuration, this provide the attribute extraction override.
ParserConfig parser_config = 4;
+
+ // Where to store parsed MCP request attributes.
+ // Controls whether attributes are written to dynamic metadata, filter state, or both.
+ // Default is DYNAMIC_METADATA when unspecified.
+ RequestStorageMode request_storage_mode = 5 [(validate.rules).enum = {defined_only: true}];
+
+ // If set, extract and validate W3C trace context from the MCP request body
+ // (params._meta.traceparent & params._meta.tracestate) and propagate it in HTTP headers
+ // ``traceparent`` and ``tracestate`` (respectively).
+ //
+ // The traceparent and tracestate fields are validated and propagated according to the spec at
+ // ``https://www.w3.org/TR/trace-context/``.
+ //
+ // If unset (default), do not extract or inject trace context.
+ TraceContextPropagationConfig propagate_trace_context = 6;
+
+ // If set, extract and validate W3C baggage from the MCP request body (params._meta.baggage) and
+ // copy it to the HTTP header ``baggage``.
+ //
+ // The baggage field is validated according to the spec at ``https://www.w3.org/TR/baggage/``.
+
+ // Note that this is independent of ``propagate_trace_context``.
+ // Also note that if this is set, the downstream request's baggage header will be overwritten if
+ // the MCP request body contains a valid baggage field.
+ //
+ // If unset (default), do not extract or inject baggage.
+ BaggagePropagationConfig propagate_baggage = 7;
}
// Parser configuration with method-specific rules.
envoy/extensions/filters/http/oauth2/v3/oauth.proto:
--- shake256:9f939fda4e1780444a5842e1b5a8c49ea62094afc0b6d83dbfd7479bfa3623be6a5c876538f9e4f7494fce932d88b9f04169da5ff732e44b87b8b318e85a7841 envoy/extensions/filters/http/oauth2/v3/oauth.proto
+++ shake256:ee6caa86d0cdc97ae3c573a296a30936418d625215a6d2e80817c78eb964bd650e0a00297972fd96420001a4745e97dfbda51fa61501cc26064f7784ba532d58 envoy/extensions/filters/http/oauth2/v3/oauth.proto
@@ -127,8 +127,9 @@
string client_id = 1 [(validate.rules).string = {min_len: 1}];
// The secret used to retrieve the access token. This value will be URL encoded when sent to the OAuth server.
- transport_sockets.tls.v3.SdsSecretConfig token_secret = 2
- [(validate.rules).message = {required: true}];
+ // This field is required unless :ref:`auth_type <envoy_v3_api_field_extensions.filters.http.oauth2.v3.OAuth2Config.auth_type>`
+ // is set to ``TLS_CLIENT_AUTH``, in which case authentication is done via the client certificate.
+ transport_sockets.tls.v3.SdsSecretConfig token_secret = 2;
// Configures how the secret token should be created.
oneof token_formation {
@@ -150,7 +151,7 @@
// OAuth config
//
-// [#next-free-field: 27]
+// [#next-free-field: 28]
message OAuth2Config {
enum AuthType {
// The ``client_id`` and ``client_secret`` will be sent in the URL encoded request body.
@@ -159,6 +160,14 @@
// The ``client_id`` and ``client_secret`` will be sent using HTTP Basic authentication scheme.
BASIC_AUTH = 1;
+
+ // The client will be authenticated using mutual TLS (mTLS) with a client certificate.
+ // The ``client_secret`` is not required and will not be sent in the request to the
+ // authorization server.
+ // The client certificate must be configured in the cluster used by ``token_endpoint`` via
+ // transport socket configuration.
+ // This implements OAuth 2.0 Mutual-TLS Client Authentication as defined in RFC 8705.
+ TLS_CLIENT_AUTH = 2;
}
// Endpoint on the authorization server to retrieve the access token from.
@@ -283,10 +292,32 @@
// This option should only be used in secure environments where token encryption is not required.
// Default is false (tokens are encrypted).
bool disable_token_encryption = 26;
+
+ // Any request that matches any of the provided matchers will be allowed to continue to upstream
+ // even if OAuth validation fails (missing, invalid, or expired credentials).
+ // This is useful for services that can handle both authenticated and unauthenticated requests,
+ // enabling graceful degradation patterns.
+ //
+ // When triggered, all OAuth cookies are stripped from the request and the request proceeds as unauthenticated.
+ // Context headers ``x-envoy-oauth-status: failed`` and ``x-envoy-oauth-failure-reason`` are added to inform upstream.
+ //
+ // Note: If a request matches pass_through_matcher, it bypasses OAuth validation and this matcher won't be evaluated.
+ // This matcher takes precedence over deny_redirect_matcher.
+ repeated config.route.v3.HeaderMatcher allow_failed_matcher = 27;
+}
+
+// Per-route OAuth2 config.
+//
+// This message supplies an OAuth2Config for the matched route.
+// It overrides the filter-level config for requests matching the route.
+// If neither the global config nor a per-route config is specified, OAuth2 is disabled for the route.
+message OAuth2PerRoute {
+ // Full OAuth2 config for this route.
+ OAuth2Config config = 1 [(validate.rules).message = {required: true}];
}
// Filter config.
message OAuth2 {
- // Leave this empty to disable OAuth2 for a specific route, using per filter config.
+ // The OAuth2 filter config.
OAuth2Config config = 1;
}
envoy/extensions/filters/http/proto_api_scrubber/v3/config.proto:
--- shake256:1ae73302964f63f0d1e375ad6a78da4859bffbf7ed184d4af5e15a9ae0753daa26ddcaf538c25e0685945ce2b2879a7718180dc599bea7a372948d126abdb520 envoy/extensions/filters/http/proto_api_scrubber/v3/config.proto
+++ shake256:d5176f9cab065fc232e3b5d4d3926abcfeae942b92fea4fe560f60fc5f854c23a36d118cac46cef1abef62ebbccb5d1805d7fa3157dd6cfab8a4706a4f0bec74 envoy/extensions/filters/http/proto_api_scrubber/v3/config.proto
@@ -41,6 +41,9 @@
// Specifies the filtering mode of this filter.
FilteringMode filtering_mode = 3;
+
+ // If true, the filter will scrub unknown fields from the protobuf messages.
+ bool scrub_unknown_fields = 4;
}
// Specifies the descriptor set for proto services.
envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto:
--- shake256:f6b9dcc9dfb1e6fbaa6b7a84c89c621eb79ec5c7341c179bbe08c3382de9aa3ed34fb549aa090e2c770693b966b3ca9851caf6746064d71c82909c549b2961d7 envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto
+++ shake256:9357baac054d71b1b6361fe24de5fd0b9ee746375f66e9cff832d5c836611c71319ecab5634d12f2cc4bd73d395f85ebb2abb06ce8921b856d6c5b862e927e49 envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto
@@ -60,7 +60,7 @@
[(validate.rules).string = {in: "internal" in: "external" in: "both" in: ""}];
// The timeout in milliseconds for the rate limit service RPC. If not
- // set, this defaults to 20ms.
+ // set, this defaults to 20ms. A value of 0 disables the timeout (infinite).
google.protobuf.Duration timeout = 4;
// The filter's behaviour in case the rate limiting service does
envoy/extensions/filters/http/set_filter_state/v3/set_filter_state.proto:
--- shake256:d38cb8d1499d4aca120889be75342aa6a764b98840210510553bba03db976148eb33f935fa8d18fdbb6a306bb5fcf39bf01cd143b51a7308566638858ba2c8e3 envoy/extensions/filters/http/set_filter_state/v3/set_filter_state.proto
+++ shake256:4f6237ab57ff613d95e3b9f9ec380142454c200e4043a624d8647aeda312ee2e16e1eecb33f8b88730ea02a71ce5044c949a42f117830bd4ec8b724256201200 envoy/extensions/filters/http/set_filter_state/v3/set_filter_state.proto
@@ -24,4 +24,9 @@
// A sequence of the filter state values to apply in the specified order
// when a new request is received.
repeated common.set_filter_state.v3.FilterStateValue on_request_headers = 1;
+
+ // Clear the route cache for the current client request. This is necessary
+ // if the route configuration may depend on the filter state values set by
+ // this filter.
+ bool clear_route_cache = 2;
}
envoy/extensions/filters/http/stateful_session/v3/stateful_session.proto:
--- shake256:da97c315f9061cb3ed2e89bd696f2f6adc39416b878ae97e5727af3f7b85523eb976d0ff80b28d93cd51923fb49113b14fd54ea90861caed40e570ae541899da envoy/extensions/filters/http/stateful_session/v3/stateful_session.proto
+++ shake256:61fee391431b5282046a8291b84e17f9c225425b25ff7ee3893bb3360c31cd15960fa97d6b468f62d493aba0566267ce8c47107d8e444d11ae81a704462c0389 envoy/extensions/filters/http/stateful_session/v3/stateful_session.proto
@@ -25,9 +25,11 @@
config.core.v3.TypedExtensionConfig session_state = 1;
// Determines whether the HTTP request must be strictly routed to the requested destination. When set to ``true``,
- // if the requested destination is unavailable, Envoy will return a 503 status code. The default value is ``false``,
- // which allows Envoy to fall back to its load balancing mechanism. In this case, if the requested destination is not
- // found, the request will be routed according to the load balancing algorithm.
+ // if the requested destination is not found in the set of available endpoints, Envoy will return a status code
+ // determined by ``status_on_strict_destination_not_found``. If the destination exists but is unhealthy, Envoy will
+ // always return ``503`` regardless of ``status_on_strict_destination_not_found``. The default value is ``false``,
+ // which allows Envoy to fall back to its load balancing mechanism and route the request according to the load
+ // balancing algorithm.
bool strict = 2;
// Optional stat prefix. If specified, the filter will emit statistics in the
@@ -38,6 +40,12 @@
// Per-route configuration overrides do not support statistics and will not emit stats even if this field is set
// in the per-route config.
string stat_prefix = 3;
+
+ // The HTTP status code to return when ``strict`` mode is enabled and the requested destination
+ // is not found in the set of available endpoints. This does not apply when the destination exists
+ // but is unhealthy. This field has no effect when ``strict`` is set to ``false`` and will be
+ // ignored. Defaults to ``503`` (Service Unavailable) if not specified or set to ``0``.
+ uint32 status_on_strict_destination_not_found = 4;
}
message StatefulSessionPerRoute {
envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto:
--- shake256:ab4879612ab6ac4cd7e0baeda3622cda45273b419ad9bd1d79bdc707aaf11f9cca1b5fbecc5c290cb93e63d7396d6d0fbe9c1beee5d3305f72252035f8604fd4 envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
+++ shake256:5276dadd0bf0197f13e594b00a4b753a1cf6343d0096227d3fb065e3b8b670d3b879f6002183992964b8dd9f9d27b50864572c7ff4ff437bf89878f89992376e envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
@@ -39,7 +39,7 @@
// HTTP connection manager :ref:`configuration overview <config_http_conn_man>`.
// [#extension: envoy.filters.network.http_connection_manager]
-// [#next-free-field: 61]
+// [#next-free-field: 62]
message HttpConnectionManager {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager";
@@ -141,7 +141,18 @@
UNESCAPE_AND_FORWARD = 4;
}
- // [#next-free-field: 13]
+ // The format to use when writing the
+ // :ref:`config_http_conn_man_headers_x-forwarded-client-cert` (XFCC) header value.
+ enum ForwardClientCertFormat {
+ // Use the :ref:`text format <config_http_conn_man_headers_x-forwarded-client-cert_text>`.
+ // This is the default.
+ TEXT = 0;
+
+ // Use the :ref:`JSON format <config_http_conn_man_headers_x-forwarded-client-cert_json>`.
+ JSON = 1;
+ }
+
+ // [#next-free-field: 14]
message Tracing {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager.Tracing";
@@ -243,6 +254,20 @@
// :ref:`HTTP access logging <config_access_log>` applies here, however
// unknown specifier values are replaced with the empty string instead of ``-``.
string upstream_operation = 12;
+
+ // If set to true, trace context propagation is disabled, meaning that trace context headers
+ // (e.g. ``traceparent``, ``tracestate`` for OpenTelemetry/W3C, or ``X-B3-*`` headers for Zipkin)
+ // will not be injected when proxying requests to upstreams.
+ //
+ // This is useful for scenarios where you want to report spans from a proxy (e.g., an egress
+ // gateway) while preventing trace context from being propagated to external services,
+ // effectively stopping the trace at the mesh boundary.
+ //
+ // Note that span reporting is still performed when this is set to true - only context
+ // propagation is disabled.
+ //
+ // Default: false (context propagation is enabled)
+ bool no_context_propagation = 13;
}
message InternalAddressConfig {
@@ -258,7 +283,7 @@
repeated config.core.v3.CidrRange cidr_ranges = 2;
}
- // [#next-free-field: 7]
+ // [#next-free-field: 8]
message SetCurrentClientCertDetails {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager."
@@ -287,14 +312,26 @@
// Whether to forward the URI type Subject Alternative Name of the client cert. Defaults to
// false.
bool uri = 5;
+
+ // The format for the header. When the :ref:`forward_client_cert_details
+ // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.forward_client_cert_details>`
+ // is APPEND_FORWARD and an existing XFCC header is present, the format of the existing header
+ // is used. The configured format is used when there is no existing header value
+ // (APPEND_FORWARD with no prior XFCC header, or SANITIZE_SET which always replaces the value).
+ ForwardClientCertFormat format = 7;
}
- // The configuration for forwarding client cert details.
+ // The configuration for forwarding client cert details, used as the action config in a
+ // :ref:`forward_client_cert_matcher
+ // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.forward_client_cert_matcher>`.
message ForwardClientCertConfig {
// How to handle the XFCC header.
ForwardClientCertDetails forward_client_cert_details = 1;
- // How to set the current client cert details.
+ // The fields in the client certificate to forward. See
+ // :ref:`set_current_client_cert_details
+ // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.set_current_client_cert_details>`
+ // for details.
SetCurrentClientCertDetails set_current_client_cert_details = 2;
}
@@ -539,14 +576,16 @@
//
// Currently some protocol codecs impose limits on the maximum size of a single header.
//
- // * HTTP/2 (when using nghttp2) limits a single header to around 100kb.
- // * HTTP/3 limits a single header to around 1024kb.
+ // * HTTP/2 (when using nghttp2) limits a single header to around 100 KB by default. This can be
+ // adjusted via :ref:`max_header_field_size_kb
+ // <envoy_v3_api_field_config.core.v3.Http2ProtocolOptions.max_header_field_size_kb>`.
+ // * HTTP/3 limits a single header to around 1024 KB.
//
google.protobuf.UInt32Value max_request_headers_kb = 29
[(validate.rules).uint32 = {lte: 8192 gt: 0}];
// The stream idle timeout for connections managed by the connection manager.
- // If not specified, this defaults to 5 minutes. The default value was selected
+ // If not specified, this defaults to ``5 minutes``. The default value was selected
// so as not to interfere with any smaller configured timeouts that may have
// existed in configurations prior to the introduction of this feature, while
// introducing robustness to TCP connections that terminate without a FIN.
@@ -555,28 +594,29 @@
// :ref:`route-level idle_timeout
// <envoy_v3_api_field_config.route.v3.RouteAction.idle_timeout>`. Even on a stream in
// which the override applies, prior to receipt of the initial request
- // headers, the :ref:`stream_idle_timeout
- // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.stream_idle_timeout>`
- // applies. Each time an encode/decode event for headers or data is processed
- // for the stream, the timer will be reset. If the timeout fires, the stream
- // is terminated with a 408 Request Timeout error code if no upstream response
- // header has been received, otherwise a stream reset occurs.
- //
- // If the :ref:`overload action <config_overload_manager_overload_actions>` "envoy.overload_actions.reduce_timeouts"
- // is configured, this timeout is scaled according to the value for
+ // headers, the ``stream_idle_timeout`` applies. Each time an encode/decode event
+ // for headers or data is processed for the stream, the timer will be reset. If the
+ // timeout fires, the stream is terminated with a ``408 Request Timeout`` error code
+ // if no upstream response header has been received, otherwise a stream reset occurs.
+ //
+ // If the :ref:`overload action <config_overload_manager_overload_actions>`
+ // ``envoy.overload_actions.reduce_timeouts`` is configured, this timeout is scaled
+ // according to the value for
// :ref:`HTTP_DOWNSTREAM_STREAM_IDLE <envoy_v3_api_enum_value_config.overload.v3.ScaleTimersOverloadActionConfig.TimerType.HTTP_DOWNSTREAM_STREAM_IDLE>`.
//
- // Note that it is possible to idle timeout even if the wire traffic for a stream is non-idle, due
- // to the granularity of events presented to the connection manager. For example, while receiving
- // very large request headers, it may be the case that there is traffic regularly arriving on the
- // wire while the connection manage is only able to observe the end-of-headers event, hence the
- // stream may still idle timeout.
+ // .. note::
+ //
+ // It is possible to idle timeout even if the wire traffic for a stream is non-idle, due
+ // to the granularity of events presented to the connection manager. For example, while receiving
+ // very large request headers, it may be the case that there is traffic regularly arriving on the
+ // wire while the connection manager is only able to observe the end-of-headers event, hence the
+ // stream may still idle timeout.
//
- // A value of 0 will completely disable the connection manager stream idle
+ // A value of ``0`` will completely disable the connection manager stream idle
// timeout, although per-route idle timeout overrides will continue to apply.
//
- // This timeout is also used as the default value for :ref:`stream_flush_timeout
- // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.stream_flush_timeout>`.
+ // This timeout is also used as the default value for
+ // :ref:`stream_flush_timeout <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.stream_flush_timeout>`.
google.protobuf.Duration stream_idle_timeout = 24
[(udpa.annotations.security).configure_for_untrusted_downstream = true];
@@ -1051,6 +1091,49 @@
// This should be set to ``false`` in cases where Envoy's view of the downstream address may not correspond to the
// actual client address, for example, if there's another proxy in front of the Envoy.
google.protobuf.BoolValue add_proxy_protocol_connection_state = 53;
+
+ // Configuration for controlling how the ``x-forwarded-proto`` header is set.
+ // This allows customization of protocol inference, including support for inferring the original
+ // protocol (HTTP or HTTPS) from the PROXY protocol destination port.
+ //
+ // This is useful when a Layer 4 load balancer (such as AWS NLB) terminates TLS and uses
+ // PROXY protocol to communicate with Envoy.
+ //
+ // When configured and the local address was restored from PROXY protocol (indicating the
+ // original destination address is available), the ``x-forwarded-proto`` header will be set
+ // based on whether the destination port is in ``https_destination_ports`` or
+ // ``http_destination_ports``.
+ //
+ // Example configuration:
+ //
+ // .. code-block:: yaml
+ //
+ // http_connection_manager:
+ // forward_proto_config:
+ // https_destination_ports: [443, 8443]
+ // http_destination_ports: [80, 8080]
+ //
+ // If not configured, defaults to disabled and the standard behavior applies (using connection
+ // TLS status or trusted downstream headers).
+ ForwardProtoConfig forward_proto_config = 61;
+}
+
+// Configuration options for setting the ``x-forwarded-proto`` header.
+// This message provides flexibility for future enhancements to protocol inference.
+message ForwardProtoConfig {
+ // List of destination ports that should be treated as HTTPS.
+ // When the PROXY protocol destination port matches one of these ports,
+ // ``x-forwarded-proto`` will be set to ``https``.
+ //
+ // Common values: 443, 8443
+ repeated uint32 https_destination_ports = 1;
+
+ // List of destination ports that should be treated as HTTP.
+ // When the PROXY protocol destination port matches one of these ports,
+ // ``x-forwarded-proto`` will be set to ``http``.
+ //
+ // Common values: 80, 8080
+ repeated uint32 http_destination_ports = 2;
}
// The configuration to customize local reply returned by Envoy.
envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto:
--- shake256:c533295400884a2028aebefc3c33e91ac5f04292175bbe92f403d268e72f956da90fa837cf7427f0b7b195ae4ac6d8b20b2f26fefbccfbf38f82f0b4d10bc3ef envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto
+++ shake256:338225826a4001053668b439d7bde202bd2c7ad1c91debd6345db3d2ab25fddc7417edf2aa65a2b7874188333b4430c04e93b5f21b150f856275d7a0a6259498 envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto
@@ -61,6 +61,23 @@
// Read from any node of the cluster. A random node is selected among the primary and
// replicas, healthy nodes have precedent over unhealthy nodes.
ANY = 4;
+
+ // Read from replicas in the same availability zone as the Envoy proxy. If no replicas
+ // are available in the same zone, fall back to any replica. If no replicas are available
+ // at all, fall back to the primary.
+ //
+ // Note: Zone discovery currently works with Valkey only. Valkey exposes availability_zone
+ // in its INFO response. Standard Redis does not support this field.
+ //
+ // The client zone is determined from Envoy's :ref:`locality zone <envoy_v3_api_field_config.core.v3.Locality.zone>`.
+ LOCAL_ZONE_AFFINITY = 5;
+
+ // Similar to LOCAL_ZONE_AFFINITY, but also considers the primary node for same-zone routing.
+ // Priority order: replicas in same zone -> primary in same zone -> any replica -> primary.
+ // This is useful when reducing cross-zone traffic is more important than read distribution.
+ //
+ // Note: Zone discovery currently works with Valkey only.
+ LOCAL_ZONE_AFFINITY_REPLICAS_AND_PRIMARY = 6;
}
// Per-operation timeout in milliseconds. The timer starts when the first
envoy/extensions/filters/network/reverse_tunnel/v3/reverse_tunnel.proto:
--- shake256:2b79397942da5d50b1f2e3a350b069126a771b2449592441e1d34be8f2ff15eb0433de0557ed71a68a874bb18b86e373a0fba9beebd612c34ae2ecf2f57b9857 envoy/extensions/filters/network/reverse_tunnel/v3/reverse_tunnel.proto
+++ shake256:e0ac16da7df32102eea87b502c619e734b84c9b3fb4b079fac46855d7289d7e1246d02d410fa6fec6b286b55c3c99a68c68e77e701640108b875e51597d754e8 envoy/extensions/filters/network/reverse_tunnel/v3/reverse_tunnel.proto
@@ -20,8 +20,9 @@
// [#extension: envoy.filters.network.reverse_tunnel]
// Validation configuration for reverse tunnel identifiers.
-// Validates the node ID and cluster ID extracted from reverse tunnel handshake headers
+// Validates the node ID, cluster ID, and tenant ID extracted from reverse tunnel handshake headers
// against expected values specified using format strings.
+// [#next-free-field: 6]
message Validation {
// Format string to extract the expected node identifier for validation.
// The formatted value is compared against the ``x-envoy-reverse-tunnel-node-id`` header
@@ -63,12 +64,24 @@
//
string cluster_id_format = 2 [(validate.rules).string = {max_len: 1024}];
+ // Format string to extract the expected tenant identifier for validation.
+ // The formatted value is compared against the ``x-envoy-reverse-tunnel-tenant-id`` header
+ // from the incoming handshake request. If they do not match, the connection is rejected
+ // with HTTP ``403 Forbidden``.
+ //
+ // Supports the same :ref:`command operators <config_access_log_command_operators>` as
+ // ``node_id_format``.
+ //
+ // If empty, tenant ID validation is skipped.
+ string tenant_id_format = 5 [(validate.rules).string = {max_len: 1024}];
+
// Whether to emit validation results as dynamic metadata.
// When enabled, the filter emits metadata under the namespace specified by
// ``dynamic_metadata_namespace`` containing:
//
// * ``node_id``: The actual node ID from the handshake request.
// * ``cluster_id``: The actual cluster ID from the handshake request.
+ // * ``tenant_id``: The actual tenant ID from the handshake request.
// * ``validation_result``: Either ``allowed`` or ``denied``.
//
// This metadata can be used by subsequent filters or for access logging.
@@ -108,10 +121,11 @@
// If not specified (``METHOD_UNSPECIFIED``), this defaults to ``GET``.
config.core.v3.RequestMethod request_method = 4 [(validate.rules).enum = {defined_only: true}];
- // Optional validation configuration for node and cluster identifiers.
- // If specified, the filter validates the ``x-envoy-reverse-tunnel-node-id`` and
- // ``x-envoy-reverse-tunnel-cluster-id`` headers against expected values extracted
- // using format strings. Requests that fail validation are rejected with HTTP ``403 Forbidden``.
+ // Optional validation configuration for node, cluster, and tenant identifiers.
+ // If specified, the filter validates the ``x-envoy-reverse-tunnel-node-id``,
+ // ``x-envoy-reverse-tunnel-cluster-id``, and ``x-envoy-reverse-tunnel-tenant-id`` headers
+ // against expected values extracted using format strings. Requests that fail validation
+ // are rejected with HTTP ``403 Forbidden``.
Validation validation = 5;
// Required cluster name for validating reverse tunnel connection initiations.
envoy/extensions/filters/network/set_filter_state/v3/set_filter_state.proto:
--- shake256:4da937ae2f2013c8ab4c4b708457a63ed4acb07c2afac20418e6c55fde423553fcaadd570763a827644373da80f6ba861f1f0f6f407aa49f65b551add68f985b envoy/extensions/filters/network/set_filter_state/v3/set_filter_state.proto
+++ shake256:3932cd34cdbfeb0dff85b354d1b42a4dcf7e54c4715c6fb13d2ce16331ef5c0108337c92c9ddbcc5d5915a5dc27602d8a769f5dba97d8f1cf162efe034965dec envoy/extensions/filters/network/set_filter_state/v3/set_filter_state.proto
@@ -31,4 +31,8 @@
// For non-TLS downstream connections (where there is no TLS handshake), this
// list is applied when a new connection is received.
repeated common.set_filter_state.v3.FilterStateValue on_downstream_tls_handshake = 2;
+
+ // A sequence of the filter state values to apply in the specified order
+ // when data is first received from the downstream connection.
+ repeated common.set_filter_state.v3.FilterStateValue on_downstream_data = 3;
}
envoy/extensions/filters/network/tcp_proxy/v3/tcp_proxy.proto:
--- shake256:883c1ea8b63022032112fac2bdb495ae2b5f80041c3d955b3e7f5e7dbf21025fccbdd1d656ebb024ef61220a85e330791f1bc2794bb19a389e65fddfe8ecf9fa envoy/extensions/filters/network/tcp_proxy/v3/tcp_proxy.proto
+++ shake256:8ff13155179a98aba30f110331cedf1d77369597acbf5c87d52f414c484aef53a2820a949db85adf813e1be5d3bc867f4e0748b949ce4f13bc624913ff17078a envoy/extensions/filters/network/tcp_proxy/v3/tcp_proxy.proto
@@ -51,13 +51,36 @@
// and negotiated parameters, which can be used for routing decisions or passed as metadata
// to the upstream.
//
+ // This mode requires ``max_early_data_bytes`` to be set (can be zero to disable buffering).
+ //
// .. note::
// This mode is only effective when the downstream connection uses TLS. For non-TLS
// connections, it behaves the same as ``IMMEDIATE``.
ON_DOWNSTREAM_TLS_HANDSHAKE = 2;
}
-// [#next-free-field: 23]
+// Specifies how TLVs in ``proxy_protocol_tlvs`` are merged with existing PROXY protocol state
+// (e.g., downstream TLVs parsed by the proxy_protocol listener filter).
+enum ProxyProtocolTlvMergePolicy {
+ // Add configured TLVs only if no PROXY protocol state exists (e.g., no downstream TLVs).
+ // If state exists, ignore configured TLVs and use only the existing TLVs.
+ // This is the default for backward compatibility.
+ ADD_IF_ABSENT = 0;
+
+ // Overwrite existing TLVs (e.g., downstream TLVs) by type with configured TLVs.
+ // Non-conflicting TLVs from both sources are preserved.
+ // If no state exists, add all configured TLVs.
+ // Source/destination addresses from existing state are preserved.
+ OVERWRITE_BY_TYPE_IF_EXISTS_OR_ADD = 1;
+
+ // Append configured TLVs to existing TLVs (e.g., downstream TLVs), preserving all TLVs
+ // from both sources (PROXY protocol v2 allows duplicate types).
+ // If no state exists, add all configured TLVs.
+ // Source/destination addresses from existing state are preserved.
+ APPEND_IF_EXISTS_OR_ADD = 2;
+}
+
+// [#next-free-field: 24]
message TcpProxy {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.network.tcp_proxy.v2.TcpProxy";
@@ -139,7 +162,7 @@
// The path used with the POST method. The default path is ``/``. If this field is specified and
// :ref:`use_post field <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.TunnelingConfig.use_post>`
- // is not set to true, the configuration will be rejected.
+ // is not set to ``true``, the configuration will be rejected.
string post_path = 5;
// Save response trailers to the downstream connection's filter state for consumption
@@ -204,9 +227,12 @@
google.protobuf.Duration access_log_flush_interval = 1
[(validate.rules).duration = {gte {nanos: 1000000}}];
- // If set to true, the access log is flushed when the TCP proxy successfully establishes a
+ // If set to ``true``, the access log is flushed when the TCP proxy successfully establishes a
// connection with the upstream. If the connection fails, the access log is not flushed.
bool flush_access_log_on_connected = 2;
+
+ // If set to ``true``, the access log is flushed when the TCP proxy accepts a connection.
+ bool flush_access_log_on_start = 3;
}
reserved 6;
@@ -322,23 +348,23 @@
// Additional access log options for the TCP proxy.
TcpAccessLogOptions access_log_options = 17;
- // If set, the specified ``PROXY`` protocol TLVs (Type-Length-Value) are added to the ``PROXY`` protocol state
- // created by the TCP proxy filter. These TLVs are sent in the PROXY protocol v2 header to the upstream.
- //
- // This field only takes effect when the TCP proxy filter is creating new ``PROXY`` protocol state and an
- // upstream proxy protocol transport socket is configured in the cluster. If the connection already
- // contains ``PROXY`` protocol state (including any TLVs) parsed by a downstream proxy protocol listener
- // upstream proxy protocol transport socket is configured in the cluster. If the connection already
- // contains PROXY protocol state (including any TLVs) parsed by a downstream proxy protocol listener
- // filter, the TLVs specified here are ignored.
+ // TLVs to add to the PROXY protocol header sent upstream. Behavior when PROXY protocol
+ // state already exists (e.g., downstream TLVs from proxy_protocol listener filter) is
+ // controlled by ``proxy_protocol_tlv_merge_policy``.
//
// .. note::
- // To ensure the specified TLVs are allowed in the upstream ``PROXY`` protocol header, you must also
- // configure passthrough TLVs on the upstream proxy protocol transport. See
- // :ref:`core.v3.ProxyProtocolConfig.pass_through_tlvs <envoy_v3_api_field_config.core.v3.ProxyProtocolConfig.pass_through_tlvs>`
- // for details.
+ // To ensure the TLVs are allowed upstream, configure passthrough TLVs on the upstream
+ // proxy protocol transport. See :ref:`core.v3.ProxyProtocolConfig.pass_through_tlvs
+ // <envoy_v3_api_field_config.core.v3.ProxyProtocolConfig.pass_through_tlvs>` for details.
repeated config.core.v3.TlvEntry proxy_protocol_tlvs = 19;
+ // Specifies how TLVs in ``proxy_protocol_tlvs`` are merged with existing PROXY protocol state
+ // (e.g., downstream TLVs from the proxy_protocol listener filter). See
+ // :ref:`ProxyProtocolTlvMergePolicy
+ // <envoy_v3_api_enum_extensions.filters.network.tcp_proxy.v3.ProxyProtocolTlvMergePolicy>`.
+ ProxyProtocolTlvMergePolicy proxy_protocol_tlv_merge_policy = 23
+ [(validate.rules).enum = {defined_only: true}];
+
// Specifies when to establish the upstream connection.
//
// When not specified, defaults to ``IMMEDIATE`` for backward compatibility.
@@ -358,7 +384,7 @@
// buffered and forwarded once the upstream connection is ready. When the buffer exceeds
// this limit, the downstream connection is read-disabled to prevent excessive memory usage.
//
- // This field is required when ``upstream_connect_mode`` is ``ON_DOWNSTREAM_DATA``.
+ // This field is required when ``upstream_connect_mode`` is not ``IMMEDIATE``.
//
// .. note::
// Use this carefully with server-first protocols. The upstream may send data before
envoy/extensions/geoip_providers/common/v3/common.proto:
--- shake256:27e7ea433e4e41e8bf8bee95418d6cad45942674cea4f325f7888bd75ca5851a678f728c72fd13140659fef678d15c1d1b6303c31512879253f2f3339d4d46c0 envoy/extensions/geoip_providers/common/v3/common.proto
+++ shake256:96629664c7c164d5b09c236350eb28c92429295779ef16310c26d29220de1b7e65ac18544cb1670636aa7ec7eed11350aed1428ee425c317eeb92a8ce41cf4c3 envoy/extensions/geoip_providers/common/v3/common.proto
@@ -19,7 +19,7 @@
message CommonGeoipProviderConfig {
// The set of geolocation headers to add to request. If any of the configured headers is present
// in the incoming request, it will be overridden by the :ref:`HTTP GeoIP filter <config_http_filters_geoip>`.
- // [#next-free-field: 13]
+ // [#next-free-field: 14]
//
// .. attention::
// This field is deprecated in favor of :ref:`geo_field_keys
@@ -39,9 +39,15 @@
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
// If set, the header will be used to populate the ASN associated with the IP address.
+ // Note: If both ISP and ASN databases are configured, only the ASN database is used for lookup.
string asn = 4
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
+ // If set, the header will be used to populate the autonomous system organization associated with the IP address.
+ // Note: If both ISP and ASN databases are configured, only the ASN database is used for lookup.
+ string asn_org = 13
+ [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
+
// This field is deprecated; use ``anon`` instead.
string is_anon = 5 [
deprecated = true,
@@ -92,7 +98,7 @@
// - The :ref:`Network GeoIP filter <config_network_filters_geoip>` stores results in the
// connection's filter state under the well-known key ``envoy.geoip``.
//
- // [#next-free-field: 12]
+ // [#next-free-field: 13]
message GeolocationFieldKeys {
// If set, the key will be used to populate the country ISO code associated with the IP address.
string country = 1;
@@ -107,6 +113,9 @@
// If set, the key will be used to populate the ASN associated with the IP address.
string asn = 4;
+ // If set, the key will be used to populate the autonomous system organization associated with the IP address.
+ string asn_org = 12;
+
// If set, the IP address will be checked if it belongs to any type of anonymization network
// (e.g., VPN, public proxy). The result will be stored with this key. Value will be set to
// either ``true`` or ``false`` depending on the check result.
envoy/extensions/http/ext_proc/processing_request_modifiers/mapped_attribute_builder/v3/mapped_attribute_builder.proto:
--- shake256:4e474273521f8df5a92019d315c4bc4435a04903b0de9fd31d8700d36c88e87058eb07dbeb966abb786d6969182e55c89d16771df219dfd6448f73a0fb01c682 envoy/extensions/http/ext_proc/processing_request_modifiers/mapped_attribute_builder/v3/mapped_attribute_builder.proto
+++ shake256:47e359ec4e204c0d7623942989b9110e37eba23976d1f484b6b699644afc2b2c19ceaa307ae3827f4d34052c819ba44b66fe289ff63c2d25ad8fecf8b7e3c03f envoy/extensions/http/ext_proc/processing_request_modifiers/mapped_attribute_builder/v3/mapped_attribute_builder.proto
@@ -16,17 +16,19 @@
// [#protodoc-title: Mapped Attribute Builder for the external processor]
// [#extension: envoy.http.ext_proc.processing_request_modifiers.mapped_attribute_builder]
-// Extension to build custom attributes in the :ref:`request
-// <envoy_v3_api_msg_service.ext_proc.v3.ProcessingRequest>` based on a configurable mapping. The
-// native implementation uses the CEL expression as the key, which is not always desirable. Using this
-// extension, one can re-map a CEL expression that references internal filter state into a more
-// user-friendly key that decouples the value from the underlying filter implementation.
-//
-// If a given CEL expression fails to eval, it will not be present in the attributes struct.
-//
-// If this extension is configured, then the original :ref:`ProcessingRequest
-// <envoy_v3_api_msg_service.ext_proc.v3.ProcessingRequest>`'s ``request_attributes`` are ignored,
-// and all attributes should be explicitly set via this extension.
+// Extension to build custom attributes in the
+// :ref:`ProcessingRequest <envoy_v3_api_msg_service.ext_proc.v3.ProcessingRequest>` based on a
+// configurable mapping. The native implementation uses the CEL expression as the key, which is
+// not always desirable. Using this extension, one can re-map a CEL expression that references
+// internal filter state into a more user-friendly key that decouples the value from the underlying
+// filter implementation.
+//
+// If a given CEL expression fails to evaluate, it will not be present in the attributes struct.
+//
+// If this extension is configured, then the original
+// :ref:`ProcessingRequest <envoy_v3_api_msg_service.ext_proc.v3.ProcessingRequest>`'s
+// ``request_attributes`` are ignored, and all attributes should be explicitly set via this
+// extension.
//
// An example configuration may look like so:
//
@@ -36,8 +38,10 @@
// "request.path": "request.path"
// "source.country": "metadata.filter_metadata['com.example.location_filter']['country_code']"
//
-// In the above example, the complex filter_metadata expression is evaluated via CEL, and the value
-// is stored under the friendlier ``source.country`` key. ``The ProcessingRequest`` would look like:
+// In the above example, the complex ``filter_metadata`` expression is evaluated via CEL, and the
+// value is stored under the friendlier ``source.country`` key. The
+// :ref:`ProcessingRequest <envoy_v3_api_msg_service.ext_proc.v3.ProcessingRequest>` would look
+// like:
//
// .. code-block:: text
//
@@ -60,21 +64,24 @@
// }
//
// .. note::
-// Processing request modifiers are currently in alpha.
+//
+// Processing request modifiers are currently in alpha.
//
message MappedAttributeBuilder {
- // A map of request attributes to set in the attributes struct.
- // The key is the attribute name, the value is the attribute value,
- // interpretable by CEL. This allows for the re-mapping of attributes, which is not supported
- // by the native attribute building logic.
+ // A map of request attributes to set in the
+ // :ref:`attributes <envoy_v3_api_field_service.ext_proc.v3.ProcessingRequest.attributes>` struct.
+ // The key is the attribute name, and the value is the CEL expression to evaluate. This allows
+ // for the re-mapping of attributes, which is not supported by the native attribute building
+ // logic.
map<string, string> mapped_request_attributes = 1;
- // Similar to ``mapped_request_attributes``, but for response attributes. The
- // response nomenclature here just indicates that the attributes, whatever they may be, are sent
- // with a response headers, body, or trailers ext_proc call.
- // If a value contains a request key, e.g., ``request.host``, then the attribute would
- // just be sent along in the response. This is useful if a given ext_proc extension is only
- // enabled for response handling, e.g., ``RESPONSE_HEADERS`` but the backend wants to access request
+ // Similar to ``mapped_request_attributes``, but for response attributes. The "response"
+ // nomenclature here indicates that the attributes, whatever they may be, are sent with a
+ // response headers, body, or trailers ext_proc call.
+ //
+ // If a value contains a request key (e.g., ``request.host``), then the attribute would just be
+ // sent along in the response. This is useful if a given ext_proc extension is only enabled for
+ // response handling (e.g., ``RESPONSE_HEADERS``) but the backend wants to access request
// metadata.
map<string, string> mapped_response_attributes = 2;
}
envoy/extensions/http/ext_proc/response_processors/save_processing_response/v3/save_processing_response.proto:
--- shake256:c851fc9464f1389754d1246830fae57cb7caa2c3ea5904bb69e394a07cb0ce6e9459fa2499fdc619cf0acde50832b8cfe0198e4691a23023e95d12bc7a914269 envoy/extensions/http/ext_proc/response_processors/save_processing_response/v3/save_processing_response.proto
+++ shake256:5999af4497b9ad766b8edfe2fd866d2c76644b61ca5351763e96fdf5b043326589afd770694056b3d7ac0f87a6a4914f6a95c48e8e00d57389c3e06d17cce570 envoy/extensions/http/ext_proc/response_processors/save_processing_response/v3/save_processing_response.proto
@@ -13,55 +13,69 @@
option (udpa.annotations.file_status).package_version_status = ACTIVE;
option (xds.annotations.v3.file_status).work_in_progress = true;
-// [#protodoc-title: Save Processing Response from external processor.]
+// [#protodoc-title: Save Processing Response from external processor]
// [#extension: envoy.http.ext_proc.response_processors.save_processing_response]
-// Extension to save the :ref:`response
-// <envoy_v3_api_msg_service.ext_proc.v3.ProcessingResponse>` from the external processor as
-// filter state with name
-// "envoy.http.ext_proc.response_processors.save_processing_response[.:ref:`filter_state_name_suffix
-// <envoy_v3_api_field_extensions.http.ext_proc.response_processors.save_processing_response.v3.SaveProcessingResponse.filter_state_name>`].
-// This extension supports saving of request and response headers and trailers,
+// Extension to save the
+// :ref:`ProcessingResponse <envoy_v3_api_msg_service.ext_proc.v3.ProcessingResponse>` from the
+// external processor as filter state with name
+// ``envoy.http.ext_proc.response_processors.save_processing_response``. If
+// :ref:`filter_state_name_suffix <envoy_v3_api_field_extensions.http.ext_proc.response_processors.save_processing_response.v3.SaveProcessingResponse.filter_state_name_suffix>`
+// is defined, it is appended to this name.
+//
+// This extension supports saving of request and response headers, request and response trailers,
// and immediate response.
//
// .. note::
-// Response processors are currently in alpha.
+//
+// Response processors are currently in alpha.
//
// [#next-free-field: 7]
message SaveProcessingResponse {
+ // Options for saving the processing response.
message SaveOptions {
- // Whether or not to save the response for the response type.
+ // When set to ``true``, saves the response for the corresponding response type.
+ //
+ // Defaults to ``false``.
bool save_response = 1;
- // When true, saves the response if there was an error when processing
- // the response from the external processor.
+ // When set to ``true``, saves the response if there was an error when processing the response
+ // from the external processor.
+ //
+ // Defaults to ``false``.
bool save_on_error = 2;
}
// The default filter state name is
- // "envoy.http.ext_proc.response_processors.save_processing_response".
- // If defined, ``filter_state_name_suffix`` is appended to this.
- // For example, setting ``filter_state_name_suffix`` to "xyz" will set the
- // filter state name to "envoy.http.ext_proc.response_processors.save_processing_response.xyz"
+ // ``envoy.http.ext_proc.response_processors.save_processing_response``.
+ // If defined, ``filter_state_name_suffix`` is appended to this name.
+ //
+ // For example, setting ``filter_state_name_suffix`` to ``xyz`` will set the filter state name
+ // to ``envoy.http.ext_proc.response_processors.save_processing_response.xyz``.
string filter_state_name_suffix = 1;
- // Save the response to filter state when :ref:`request_headers
- // <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.request_headers>` is set.
+ // Save the response to filter state when
+ // :ref:`request_headers <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.request_headers>`
+ // is set.
SaveOptions save_request_headers = 2;
- // Save the response to filter state when :ref:`response_headers
- // <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.response_headers>` is set.
+ // Save the response to filter state when
+ // :ref:`response_headers <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.response_headers>`
+ // is set.
SaveOptions save_response_headers = 3;
- // Save the response to filter state when :ref:`request_trailers
- // <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.request_trailers>` is set.
+ // Save the response to filter state when
+ // :ref:`request_trailers <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.request_trailers>`
+ // is set.
SaveOptions save_request_trailers = 4;
- // Save the response to filter state when :ref:`response_trailers
- // <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.response_trailers>` is set.
+ // Save the response to filter state when
+ // :ref:`response_trailers <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.response_trailers>`
+ // is set.
SaveOptions save_response_trailers = 5;
- // Save the response to filter state when :ref:`immediate_response
- // <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.immediate_response>` is set.
+ // Save the response to filter state when
+ // :ref:`immediate_response <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.immediate_response>`
+ // is set.
SaveOptions save_immediate_response = 6;
}
envoy/extensions/load_balancing_policies/override_host/v3/override_host.proto:
--- shake256:07b9ce71f7219bcc1d79957620a25c0896986b305f8139cc9a74d047e56e919af6596351ae2f887cc0f3c6b08802550affdde52eeb717be2c4b7c0f3b7accbba envoy/extensions/load_balancing_policies/override_host/v3/override_host.proto
+++ shake256:37bae37d222f8f1ff12c8b6b8295cdbc5e965791ac9188d30204dcf606e803624ed3a4e18654f892db5c1f8920313fefd9ae8556f2382f6cb1fadf114d76da00 envoy/extensions/load_balancing_policies/override_host/v3/override_host.proto
@@ -36,15 +36,30 @@
// .. code-block:: yaml
//
// override_host_sources:
-// - header: "x-gateway-destination-endpoint"
-// - metadata:
-// key: "envoy.lb"
-// path:
-// - key: "x-gateway-destination-endpoint"
+// - header: "x-gateway-destination-endpoint"
+// - metadata:
+// key: "envoy.lb"
+// path:
+// - key: "x-gateway-destination-endpoint"
//
// If no valid host in the override host list, then the specified fallback load balancing policy is used. This allows load
// balancing to degrade to a a built in policy (i.e. Round Robin) in case external endpoint picker fails.
//
+// In addition to specifying ``override_host_sources``, the policy can be configured to inform downstream filters
+// of the selected endpoint through dynamic metadata or response headers through ``selected_endpoint_key``:
+//
+// .. code-block:: yaml
+//
+// override_host_sources:
+// - metadata:
+// key: "envoy.lb"
+// path:
+// - key: "x-gateway-destination-endpoint"
+// selected_host_key:
+// key: "envoy.lb"
+// path:
+// - key: "x-gateway-destination-endpoint-served"
+//
// See the :ref:`load balancing architecture
// overview<arch_overview_load_balancing_types>` for more information.
//
@@ -72,6 +87,10 @@
repeated OverrideHostSource override_host_sources = 1
[(validate.rules).repeated = {min_items: 1}];
+ // The metadata key to populate with the selected host address. This is optional and
+ // may be used to inform downstream filters of the host address selected by load balancing policy.
+ type.metadata.v3.MetadataKey selected_host_key = 2;
+
// The child LB policy to use in case neither header nor metadata with selected
// hosts is present.
config.cluster.v3.LoadBalancingPolicy fallback_policy = 3
envoy/extensions/matching/common_inputs/network/v3/network_inputs.proto:
--- shake256:b22fb32e8f220cb821a316a53743bd76e1b451f2cd1ee36a8ddb9f3ff52f1f6d3ea9512edd7df45bba24f80b6af8b23de34793e48672ff2d384b675883aa5a7c envoy/extensions/matching/common_inputs/network/v3/network_inputs.proto
+++ shake256:ce21d7db1101a8a8b79497593efbc032e91b4e8da080074a586618d01f82861eb0d73d92e9274eabb8ed0afe2ac1243b3024f8497d35c9ec227ade235f346524 envoy/extensions/matching/common_inputs/network/v3/network_inputs.proto
@@ -98,10 +98,33 @@
}
// Input that matches by a specific filter state key.
-// The value of the provided filter state key will be the raw string representation of the filter state object
+// The value of the provided filter state key will be the raw string representation of the filter state object.
+//
+// When ``field`` is specified and the filter state object supports field access
+// (i.e. ``hasFieldSupport()`` returns true), the value of the specified field will be returned
+// instead of the serialized representation of the entire object. This enables direct matching
+// on individual fields within composite filter state objects, such as proxy protocol TLV values
+// stored in the shared ``envoy.network.proxy_protocol.tlv`` object.
+//
+// Example configuration with field access:
+//
+// .. code-block:: yaml
+//
+// input:
+// name: filter_state
+// typed_config:
+// "@type": type.googleapis.com/envoy.extensions.matching.common_inputs.network.v3.FilterStateInput
+// key: "envoy.network.proxy_protocol.tlv"
+// field: "aws_vpce_id"
+//
// [#extension: envoy.matching.inputs.filter_state]
message FilterStateInput {
string key = 1 [(validate.rules).string = {min_len: 1}];
+
+ // Optional field name to retrieve from the filter state object.
+ // When set and the filter state object supports field access, the value of this specific
+ // field is returned instead of the serialized string representation of the whole object.
+ string field = 2;
}
// Input that matches dynamic metadata by key.
envoy/extensions/matching/common_inputs/stats/v3/stats.proto:
--- shake256:5be0d34d2448031378eb44f676a6f51827f9d2d2546ab6df3b67c5c3da1011face37d508a8a0b95bdc4cce3abd94ea5f1fa591428646ff478a153466eae1494f envoy/extensions/matching/common_inputs/stats/v3/stats.proto
+++ shake256:8a545f6c3ca62dfe9a7c26ce58617fe6a752fa76b9fa0cbf747d41fb7f3c4d0fad3370f0597ddb7a6c7a6940433fab76d8cdd27a3174a9944b8c4c3be44afada envoy/extensions/matching/common_inputs/stats/v3/stats.proto
@@ -15,3 +15,7 @@
// Specifies the way to match stats with full name.
message StatFullNameMatchInput {
}
+
+// Specifies the way to match stat tags with value.
+message StatTagValueInput {
+}
envoy/extensions/request_id/uuid/v3/uuid.proto:
--- shake256:acedfc0d080637f91af6bd52396281588d2e7216106d9c0fe4db78bb876e85f60e5cb8da19952d04c610e0889f43e14c3074485c4886a7262c3d4cabf2b13435 envoy/extensions/request_id/uuid/v3/uuid.proto
+++ shake256:0c367876d65e4a12cb13d075a4b1fe22f867b59210e8003911ebd930e58e1909087da0cfc5f1e6ce3ff60bcafcdabc36bc76314974623961a55e55b18cd80a28 envoy/extensions/request_id/uuid/v3/uuid.proto
@@ -23,9 +23,9 @@
// 2. Request ID is a universally unique identifier `(UUID4)
// <https://en.wikipedia.org/wiki/Universally_unique_identifier#Version_4_(random)>`_.
//
-// 3. Tracing decision (sampled, forced, etc) is set in 14th nibble of the UUID. By default this will
+// 3. Tracing decision (sampled, forced, etc) is set in 13th nibble of the UUID. By default this will
// overwrite existing UUIDs received in the ``x-request-id`` header if the trace sampling decision
-// is changed. The 14th nibble of the UUID4 has been chosen because it is fixed to '4' by the
+// is changed. The 13th nibble of the UUID4 has been chosen because it is fixed to '4' by the
// standard. Thus, '4' indicates a default UUID and no trace status. This nibble is swapped to:
//
// a. '9': Sampled.
envoy/extensions/stat_sinks/open_telemetry/v3/open_telemetry.proto:
--- shake256:689c6756c416364b43a239d885aed8e13d410aa5f2efdb60e5240f8e709925c29a1574bd32b3d5f7c4e663581ac0d69b00379cd8e2b29ed880483d0e4f2ac33c envoy/extensions/stat_sinks/open_telemetry/v3/open_telemetry.proto
+++ shake256:bffab6b3fe18a9471932c49ff69ad67b2f4082bb3cbbbd90f28202e2281cc5a58df44d992feee581b7ccff04d7ee782b374f12da34ecc39a08d45ddcfaa342ae envoy/extensions/stat_sinks/open_telemetry/v3/open_telemetry.proto
@@ -4,6 +4,7 @@
import "envoy/config/core/v3/extension.proto";
import "envoy/config/core/v3/grpc_service.proto";
+import "envoy/config/core/v3/http_service.proto";
import "google/protobuf/wrappers.proto";
@@ -23,7 +24,7 @@
// Stats configuration proto schema for ``envoy.stat_sinks.open_telemetry`` sink.
// [#extension: envoy.stat_sinks.open_telemetry]
-// [#next-free-field: 9]
+// [#next-free-field: 10]
message SinkConfig {
// ConversionAction is used to convert a stat to a metric. If a stat matches,
// the metric_name and static_metric_labels will be
@@ -46,6 +47,17 @@
// The upstream gRPC cluster that implements the OTLP/gRPC collector.
config.core.v3.GrpcService grpc_service = 1 [(validate.rules).message = {required: true}];
+
+ // The upstream HTTP cluster that implements the OTLP/HTTP collector.
+ // See `OTLP/HTTP <https://opentelemetry.io/docs/specs/otlp/#otlphttp>`_.
+ //
+ // .. note::
+ //
+ // The ``request_headers_to_add`` property in the OTLP HTTP exporter service
+ // does not support the :ref:`format specifier <config_access_log_format>`.
+ // The values configured are added as HTTP headers on the OTLP export request
+ // without any formatting applied.
+ config.core.v3.HttpService http_service = 9;
}
// Attributes to be associated with the resource in the OTLP message.
envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.proto:
--- shake256:c89926efa58f9b00f2eef628d75352686701d1e12b269de0ffba93f7649233152a576759931350ba542d7ab374ddb4a982e8a248be9bb2297ae096cf86149293 envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.proto
+++ shake256:2527dc14cd40918626811d9bb44b51485e0274df57d6b561d41d8bc01a9abb1ff838d5f6423c6bbf7fb35698d9cf49e3ead38e3f45b0d9bc1098387340bbd444 envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.proto
@@ -2,6 +2,7 @@
package envoy.extensions.transport_sockets.http_11_proxy.v3;
+import "envoy/config/core/v3/address.proto";
import "envoy/config/core/v3/base.proto";
import "udpa/annotations/status.proto";
@@ -32,7 +33,14 @@
// using the key ``envoy.http11_proxy_transport_socket.proxy_address`` and the
// proxy address in ``config::core::v3::Address`` format.
//
+// If the ``default_proxy_address`` is set and proxy address is not found in
+// ``typed_filter_metadata``, the default proxy address is used.
+//
message Http11ProxyUpstreamTransport {
// The underlying transport socket being wrapped. Defaults to plaintext (raw_buffer) if unset.
config.core.v3.TransportSocket transport_socket = 1;
+
+ // Specifies the default proxy address to use if the proxy address is not present in the
+ // ``typed_filter_metadata`` of the endpoint.
+ config.core.v3.Address default_proxy_address = 2;
}
envoy/extensions/transport_sockets/tls/cert_mappers/sni/v3/config.proto:
--- shake256:34211b28c5a19fa7da842985be337476e1bac2c0c5c71b81a5e3aa2e2d9a9aee72aa176897d0ac7cefda676c705ff47799f06efa85eab306eb0b0d616342e9f6 envoy/extensions/transport_sockets/tls/cert_mappers/sni/v3/config.proto
+++ shake256:f9b7269bddff63967913951d1a2b7f26a6b4f5801f8cf72f588ab5a2ac4f5327b9221d16ac4110b6688757df796084c485bc602fb7c63412b2d3665cc174d8c6 envoy/extensions/transport_sockets/tls/cert_mappers/sni/v3/config.proto
@@ -14,7 +14,7 @@
// [#protodoc-title: SNI certificate mapper]
// [#extension: envoy.tls.certificate_mappers.sni]
-// Uses the SNI value from the TLS client hello as the secret resource name.
+// Uses the SNI value from the TLS client hello as the secret resource name in the downstream selector.
message SNI {
// The value to use as the secret name when SNI is empty or absent.
string default_value = 1 [(validate.rules).string = {min_len: 1}];
envoy/extensions/transport_sockets/tls/cert_selectors/on_demand_secret/v3/config.proto:
--- shake256:882661bb841648d59bb1f2acb187a340814f68ef6185cfa69dfe831ee21a826a7ecd8079ce8e511bf98598402649240a9459a17899ae8434aeed66f2c468e733 envoy/extensions/transport_sockets/tls/cert_selectors/on_demand_secret/v3/config.proto
+++ shake256:e5dbd1b9e40b697b3127f79c747979d4ed57c6c17d5bfb7d9c63fe02d449117f4d1ad4dec60916c39d170c8915de1675ce3f76b74b2505c5868a496c52ffe513 envoy/extensions/transport_sockets/tls/cert_selectors/on_demand_secret/v3/config.proto
@@ -30,8 +30,10 @@
config.core.v3.ConfigSource config_source = 1 [(validate.rules).message = {required: true}];
// Extension point to specify a function to compute the secret name. The extension is called
- // during the TLS handshake after receiving the "CLIENT HELLO" message from the client.
- // [#extension-category: envoy.tls.certificate_mappers]
+ // during the TLS handshake after receiving the *CLIENT HELLO* message from the client for the
+ // downstream certificate selector, and using the transport socket options and *SERVER HELLO* for
+ // the upstream certificate selector.
+ // [#extension-category: envoy.tls.certificate_mappers,envoy.tls.upstream_certificate_mappers]
config.core.v3.TypedExtensionConfig certificate_mapper = 2
[(validate.rules).message = {required: true}];
envoy/extensions/transport_sockets/tls/v3/tls.proto:
--- shake256:f6ab25059c8421c806ba9672ecac55c6d74fc37d4b102962632c85a088cfc621f4953537f7605b8fd27ddfd4d842d6ebdf6b6ade161ded40e9d625f94773c69e envoy/extensions/transport_sockets/tls/v3/tls.proto
+++ shake256:96fc1618d65403ba6252ac34923a8a845f502983f41ed0b6573c7514d19bed6783f4103e08c8b0c0b50ee50a4361cc74889027aad77e3ab89dca6d7e5361000b envoy/extensions/transport_sockets/tls/v3/tls.proto
@@ -77,11 +77,12 @@
// the ``keyUsage`` is incompatible with TLS usage.
//
// .. note::
- // The default value is ``false`` (i.e., enforcement off). It is expected to change to ``true`` in a future release.
+ // The default value is ``true`` (i.e., enforcement on).
//
// The ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` metric will be incremented
// for configurations that would fail if this option were enabled.
- google.protobuf.BoolValue enforce_rsa_key_usage = 5;
+ google.protobuf.BoolValue enforce_rsa_key_usage = 5
+ [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
}
// [#next-free-field: 12]
@@ -297,10 +298,13 @@
// Custom TLS certificate selector.
//
- // Select TLS certificate based on TLS client hello.
- // If empty, defaults to native TLS certificate selection behavior:
- // DNS SANs or Subject Common Name in TLS certificates is extracted as server name pattern to match SNI.
- // [#extension-category: envoy.tls.certificate_selectors]
+ // For the downstream TLS socket, select a TLS certificate based on TLS client hello. If empty,
+ // defaults to native TLS certificate selection behavior: DNS SANs or Subject Common Name in TLS
+ // certificates is extracted as server name pattern to match SNI.
+ //
+ // For the upstream TLS socket, select a TLS certificate based on TLS server hello and the
+ // transport socket options.
+ // [#extension-category: envoy.tls.certificate_selectors,envoy.tls.upstream_certificate_selectors]
config.core.v3.TypedExtensionConfig custom_tls_certificate_selector = 16;
// Certificate provider for fetching TLS certificates.
envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.proto:
--- shake256:ef69428a40297702fd453f6613f08e24a434f80a18b1cb7099ecf856ef9eaee3fa624afe50fd0c50f311ea91d070338d43f31ea8a0717bfee51f935d6170c47b envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.proto
+++ shake256:87dbfd87aa0ac4c340aeb8f72428fcc3a1b9f5cba458596be1133b585a6a89c099e2c321d70497714b3a115c849055052d44e8259c70bd790bcc539a166d86e9 envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.proto
@@ -45,6 +45,10 @@
// - :ref:`allow_expired_certificate <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.allow_expired_certificate>` to allow expired certificates.
// - :ref:`match_typed_subject_alt_names <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.match_typed_subject_alt_names>` to match **URI** SAN of certificates. Unlike the default validator, SPIFFE validator only matches **URI** SAN (which equals to SVID in SPIFFE terminology) and ignore other SAN types.
//
+// To support multi-tenant use cases, a filter state object ``envoy.tls.cert_validator.spiffe.workload_trust_domain``
+// should be used to define the per-connection workload trust domain. When matching a peer trust domain, both the
+// workload and the peer trust domains are used in selecting the validation certificate. The filter state object
+// should be shared with the upstream to be used in the upstream TLS context SPIFFE validation context.
message SPIFFECertValidatorConfig {
message TrustDomain {
// Name of the trust domain, ``example.com``, ``foo.bar.gov`` for example.
@@ -53,6 +57,11 @@
// Specify a data source holding x.509 trust bundle used for validating incoming SVID(s) in this trust domain.
config.core.v3.DataSource trust_bundle = 2;
+
+ // Optional workload trust domain selection condition. The filter object
+ // ``envoy.tls.cert_validator.spiffe.workload_trust_domain`` must match exactly the value of this field.
+ // If not specified, the filter state object must be absent or be empty to match this trust domain.
+ string workload_trust_domain = 3;
}
// This field specifies trust domains used for validating incoming X.509-SVID(s).
envoy/service/ext_proc/v3/external_processor.proto:
--- shake256:5606420f7e0e3365e9bdaa012bb3380ef16ab399b2b010998c9524e73e3a2bf40e844ebb97cab1ad5ede1b84351ad026c49cf596865b4b3711b10e60fbd7f545 envoy/service/ext_proc/v3/external_processor.proto
+++ shake256:8d3a41874a7414428779106a5a908cbc94a63c3ed00301b07b5591947ca5653e8bd49e2ca3e51a2c45e6d6dc8a4db1dc74541850e1c980ec61997568ea6bba85 envoy/service/ext_proc/v3/external_processor.proto
@@ -23,37 +23,31 @@
// [#protodoc-title: External processing service]
-// A service that can access and modify HTTP requests and responses
-// as part of a filter chain.
+// A service that can access and modify HTTP requests and responses as part of a filter chain.
// The overall external processing protocol works like this:
//
// 1. The data plane sends to the service information about the HTTP request.
-// 2. The service sends back a ProcessingResponse message that directs
-// the data plane to either stop processing, continue without it, or send
-// it the next chunk of the message body.
-// 3. If so requested, the data plane sends the server the message body in
-// chunks, or the entire body at once. In either case, the server may send
-// back a ProcessingResponse for each message it receives, or wait for
-// a certain amount of body chunks received before streaming back the
-// ProcessingResponse messages.
-// 4. If so requested, the data plane sends the server the HTTP trailers,
-// and the server sends back a ProcessingResponse.
-// 5. At this point, request processing is done, and we pick up again
-// at step 1 when the data plane receives a response from the upstream
-// server.
-// 6. At any point above, if the server closes the gRPC stream cleanly,
-// then the data plane proceeds without consulting the server.
-// 7. At any point above, if the server closes the gRPC stream with an error,
-// then the data plane returns a 500 error to the client, unless the filter
-// was configured to ignore errors.
+// 2. The service sends back a ``ProcessingResponse`` message that directs the data plane to either
+// stop processing, continue without it, or send it the next chunk of the message body.
+// 3. If so requested, the data plane sends the server the message body in chunks, or the entire
+// body at once. In either case, the server may send back a ``ProcessingResponse`` for each
+// message it receives, or wait for a certain amount of body chunks to be received before
+// streaming back the ``ProcessingResponse`` messages.
+// 4. If so requested, the data plane sends the server the HTTP trailers, and the server sends back
+// a ``ProcessingResponse``.
+// 5. At this point, request processing is done, and we pick up again at step 1 when the data plane
+// receives a response from the upstream server.
+// 6. At any point above, if the server closes the gRPC stream cleanly, then the data plane
+// proceeds without consulting the server.
+// 7. At any point above, if the server closes the gRPC stream with an error, then the data plane
+// returns a ``500`` error to the client, unless the filter was configured to ignore errors.
//
-// In other words, the process is a request/response conversation, but
-// using a gRPC stream to make it easier for the server to
-// maintain state.
+// In other words, the process is a request/response conversation, but using a gRPC stream to make
+// it easier for the server to maintain state.
service ExternalProcessor {
// This begins the bidirectional stream that the data plane will use to
// give the server control over what the filter does. The actual
- // protocol is described by the ProcessingRequest and ProcessingResponse
+ // protocol is described by the ``ProcessingRequest`` and ``ProcessingResponse``
// messages below.
rpc Process(stream ProcessingRequest) returns (stream ProcessingResponse) {
}
@@ -61,23 +55,25 @@
// This message specifies the filter protocol configurations which will be sent to the ext_proc
// server in a :ref:`ProcessingRequest <envoy_v3_api_msg_service.ext_proc.v3.ProcessingRequest>`.
-// If the server does not support these protocol configurations, it may choose to close the gRPC stream.
-// If the server supports these protocol configurations, it should respond based on the API specifications.
+// If the server does not support these protocol configurations, it may choose to close the gRPC
+// stream. If the server supports these protocol configurations, it should respond based on the
+// API specifications.
message ProtocolConfiguration {
- // Specify the filter configuration :ref:`request_body_mode
- // <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ProcessingMode.request_body_mode>`
+ // Specifies the filter configuration
+ // :ref:`request_body_mode <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ProcessingMode.request_body_mode>`.
envoy.extensions.filters.http.ext_proc.v3.ProcessingMode.BodySendMode request_body_mode = 1
[(validate.rules).enum = {defined_only: true}];
- // Specify the filter configuration :ref:`response_body_mode
- // <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ProcessingMode.response_body_mode>`
+ // Specifies the filter configuration
+ // :ref:`response_body_mode <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ProcessingMode.response_body_mode>`.
envoy.extensions.filters.http.ext_proc.v3.ProcessingMode.BodySendMode response_body_mode = 2
[(validate.rules).enum = {defined_only: true}];
- // Specify the filter configuration :ref:`send_body_without_waiting_for_header_response
- // <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.send_body_without_waiting_for_header_response>`
- // If the client is waiting for a header response from the server, setting ``true`` means the client will send body to the server
- // as they arrive. Setting ``false`` means the client will buffer the arrived data and not send it to the server immediately.
+ // Specifies the filter configuration
+ // :ref:`send_body_without_waiting_for_header_response <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.send_body_without_waiting_for_header_response>`.
+ // If the client is waiting for a header response from the server, setting to ``true`` means the
+ // client will send the body to the server as it arrives. Setting to ``false`` means the client
+ // will buffer the arrived data and not send it to the server immediately.
bool send_body_without_waiting_for_header_response = 3;
}
@@ -97,31 +93,31 @@
// Information about the HTTP request headers, as well as peer info and additional
// properties. Unless ``observability_mode`` is ``true``, the server must send back a
- // HeaderResponse message, an ImmediateResponse message, or close the stream.
+ // ``HeaderResponse`` message, an ``ImmediateResponse`` message, or close the stream.
HttpHeaders request_headers = 2;
// Information about the HTTP response headers, as well as peer info and additional
// properties. Unless ``observability_mode`` is ``true``, the server must send back a
- // HeaderResponse message or close the stream.
+ // ``HeaderResponse`` message or close the stream.
HttpHeaders response_headers = 3;
- // A chunk of the HTTP request body. Unless ``observability_mode`` is true, the server must send back
- // a BodyResponse message, an ImmediateResponse message, or close the stream.
+ // A chunk of the HTTP request body. Unless ``observability_mode`` is ``true``, the server must
+ // send back a ``BodyResponse`` message, an ``ImmediateResponse`` message, or close the stream.
HttpBody request_body = 4;
- // A chunk of the HTTP response body. Unless ``observability_mode`` is ``true``, the server must send back
- // a BodyResponse message or close the stream.
+ // A chunk of the HTTP response body. Unless ``observability_mode`` is ``true``, the server must
+ // send back a ``BodyResponse`` message or close the stream.
HttpBody response_body = 5;
// The HTTP trailers for the request path. Unless ``observability_mode`` is ``true``, the server
- // must send back a TrailerResponse message or close the stream.
+ // must send back a ``TrailerResponse`` message or close the stream.
//
// This message is only sent if the trailers processing mode is set to ``SEND`` and
// the original downstream request has trailers.
HttpTrailers request_trailers = 6;
// The HTTP trailers for the response path. Unless ``observability_mode`` is ``true``, the server
- // must send back a TrailerResponse message or close the stream.
+ // must send back a ``TrailerResponse`` message or close the stream.
//
// This message is only sent if the trailers processing mode is set to ``SEND`` and
// the original upstream response has trailers.
@@ -137,17 +133,16 @@
// :ref:`attributes <arch_overview_attributes>` supported in the data plane.
map<string, google.protobuf.Struct> attributes = 9;
- // Specify whether the filter that sent this request is running in :ref:`observability_mode
- // <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.observability_mode>`
- // and defaults to false.
+ // Specifies whether the filter that sent this request is running in
+ // :ref:`observability_mode <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.observability_mode>`.
//
- // * A value of ``false`` indicates that the server must respond
- // to this message by either sending back a matching ProcessingResponse message,
- // or by closing the stream.
+ // * A value of ``false`` indicates that the server must respond to this message by either
+ // sending back a matching ``ProcessingResponse`` message, or by closing the stream.
// * A value of ``true`` indicates that the server should not respond to this message, as any
- // responses will be ignored. However, it may still close the stream to indicate that no more messages
- // are needed.
+ // responses will be ignored. However, it may still close the stream to indicate that no more
+ // messages are needed.
//
+ // Defaults to ``false``.
bool observability_mode = 10;
// Specify the filter protocol configurations to be sent to the server.
@@ -156,14 +151,14 @@
}
// This represents the different types of messages the server may send back to the data plane
-// when the ``observability_mode`` field in the received ProcessingRequest is set to false.
+// when the ``observability_mode`` field in the received ``ProcessingRequest`` is set to ``false``.
//
// * If the corresponding ``BodySendMode`` in the
// :ref:`processing_mode <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.processing_mode>`
-// is not set to ``FULL_DUPLEX_STREAMED``, then for every received ProcessingRequest,
-// the server must send back exactly one ProcessingResponse message.
+// is not set to ``FULL_DUPLEX_STREAMED``, then for every received ``ProcessingRequest``,
+// the server must send back exactly one ``ProcessingResponse`` message.
// * If it is set to ``FULL_DUPLEX_STREAMED``, the server must follow the API defined
-// for this mode to send the ProcessingResponse messages.
+// for this mode to send the ``ProcessingResponse`` messages.
// [#next-free-field: 13]
message ProcessingResponse {
// The response type that is sent by the server.
@@ -204,17 +199,19 @@
ImmediateResponse immediate_response = 7;
// The server sends back this message to initiate or continue local response streaming.
- // The server must initiate local response streaming with the ``headers_response`` in response to a ProcessingRequest
- // with the ``request_headers`` only.
- // The server may follow up with multiple messages containing ``body_response``. The server must indicate
- // end of stream by setting ``end_of_stream`` to ``true`` in the ``headers_response``
+ // The server must initiate local response streaming with the ``headers_response`` in response
+ // to a ``ProcessingRequest`` with the ``request_headers`` only.
+ // The server may follow up with multiple messages containing ``body_response``. The server must
+ // indicate end of stream by setting ``end_of_stream`` to ``true`` in the ``headers_response``
// or ``body_response`` message or by sending a ``trailers_response`` message.
- // The client may send a ``request_body`` or ``request_trailers`` to the server depending on configuration.
+ // The client may send a ``request_body`` or ``request_trailers`` to the server depending on
+ // configuration.
// The streaming local response can only be sent when the ``request_header_mode`` in the filter
// :ref:`processing_mode <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.processing_mode>`
- // is set to ``SEND``. The ext_proc server should not send StreamedImmediateResponse if it did not observe request headers,
- // as it will result in the race with the upstream server response and reset of the client request.
- // Presently only the FULL_DUPLEX_STREAMED or NONE body modes are supported.
+ // is set to ``SEND``. The ext_proc server should not send ``StreamedImmediateResponse`` if it
+ // did not observe request headers, as it will result in a race with the upstream server
+ // response and reset of the client request.
+ // Presently only the ``FULL_DUPLEX_STREAMED`` or ``NONE`` body modes are supported.
StreamedImmediateResponse streamed_immediate_response = 11;
}
@@ -223,19 +220,17 @@
// field name(s) of the struct.
google.protobuf.Struct dynamic_metadata = 8;
- // Override how parts of the HTTP request and response are processed
- // for the duration of this particular request/response only. Servers
- // may use this to intelligently control how requests are processed
- // based on the headers and other metadata that they see.
- // This field is only applicable when servers responding to the header requests.
- // If it is set in the response to the body or trailer requests, it will be ignored by the data plane.
+ // Override how parts of the HTTP request and response are processed for the duration of this
+ // particular request/response only. Servers may use this to intelligently control how requests
+ // are processed based on the headers and other metadata that they see.
+ //
+ // This field is only applicable when servers are responding to the header requests. If it is set
+ // in the response to the body or trailer requests, it will be ignored by the data plane.
// It is also ignored by the data plane when the ext_proc filter config
- // :ref:`allow_mode_override
- // <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.allow_mode_override>`
- // is set to false, or
- // :ref:`send_body_without_waiting_for_header_response
- // <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.send_body_without_waiting_for_header_response>`
- // is set to true.
+ // :ref:`allow_mode_override <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.allow_mode_override>`
+ // is set to ``false``, or
+ // :ref:`send_body_without_waiting_for_header_response <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.send_body_without_waiting_for_header_response>`
+ // is set to ``true``.
envoy.extensions.filters.http.ext_proc.v3.ProcessingMode mode_override = 9;
// [#not-implemented-hide:]
@@ -251,70 +246,64 @@
// client had already sent before it saw the ext_proc stream termination.
bool request_drain = 12;
- // When ext_proc server receives a request message, in case it needs more
- // time to process the message, it sends back a ProcessingResponse message
- // with a new timeout value. When the data plane receives this response
- // message, it ignores other fields in the response, just stop the original
- // timer, which has the timeout value specified in
- // :ref:`message_timeout
- // <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.message_timeout>`
- // and start a new timer with this ``override_message_timeout`` value and keep the
- // data plane ext_proc filter state machine intact.
- // Has to be >= 1ms and <=
- // :ref:`max_message_timeout <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.max_message_timeout>`
- // Such message can be sent at most once in a particular data plane ext_proc filter processing state.
- // To enable this API, one has to set ``max_message_timeout`` to a number >= 1ms.
+ // When the ext_proc server receives a request message and needs more time to process it, it
+ // sends back a ``ProcessingResponse`` message with a new timeout value. When the data plane
+ // receives this response message, it ignores other fields in the response, stops the original
+ // timer (which has the timeout value specified in
+ // :ref:`message_timeout <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.message_timeout>`),
+ // and starts a new timer with this ``override_message_timeout`` value while keeping the data
+ // plane ext_proc filter state machine intact.
+ //
+ // The value must be >= 1ms and <=
+ // :ref:`max_message_timeout <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.max_message_timeout>`.
+ // Such a message can be sent at most once in a particular data plane ext_proc filter processing
+ // state. To enable this API, ``max_message_timeout`` must be set to a value >= 1ms.
google.protobuf.Duration override_message_timeout = 10;
}
// The following are messages that are sent to the server.
-// This message is sent to the external server when the HTTP request and responses
+// This message is sent to the external server when the HTTP request and response headers
// are first received.
message HttpHeaders {
- // The HTTP request headers. All header keys will be
- // lower-cased, because HTTP header keys are case-insensitive.
- // The header value is encoded in the
+ // The HTTP request headers. All header keys will be lower-cased, because HTTP header keys are
+ // case-insensitive. The header value is encoded in the
// :ref:`raw_value <envoy_v3_api_field_config.core.v3.HeaderValue.raw_value>` field.
config.core.v3.HeaderMap headers = 1;
// [#not-implemented-hide:]
- // This field is deprecated and not implemented. Attributes will be sent in
- // the top-level :ref:`attributes <envoy_v3_api_field_service.ext_proc.v3.ProcessingRequest.attributes`
- // field.
+ // This field is deprecated and not implemented. Attributes will be sent in the top-level
+ // :ref:`attributes <envoy_v3_api_field_service.ext_proc.v3.ProcessingRequest.attributes>` field.
map<string, google.protobuf.Struct> attributes = 2
[deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
- // If ``true``, then there is no message body associated with this
- // request or response.
+ // If ``true``, then there is no message body associated with this request or response.
bool end_of_stream = 3;
}
-// This message is sent to the external server when the HTTP request and
-// response bodies are received.
+// This message is sent to the external server when the HTTP request and response bodies are
+// received.
message HttpBody {
- // The contents of the body in the HTTP request/response. Note that in
- // streaming mode multiple ``HttpBody`` messages may be sent.
+ // The contents of the body in the HTTP request/response. Note that in streaming mode multiple
+ // ``HttpBody`` messages may be sent.
//
- // In ``GRPC`` body send mode, a separate ``HttpBody`` message will be
- // sent for each message in the gRPC stream.
+ // In ``GRPC`` body send mode, a separate ``HttpBody`` message will be sent for each message in
+ // the gRPC stream.
bytes body = 1;
- // If ``true``, this will be the last ``HttpBody`` message that will be sent and no
- // trailers will be sent for the current request/response.
+ // If ``true``, this will be the last ``HttpBody`` message that will be sent and no trailers
+ // will be sent for the current request/response.
bool end_of_stream = 2;
- // This field is used in ``GRPC`` body send mode when ``end_of_stream`` is
- // true and ``body`` is empty. Those values would normally indicate an
- // empty message on the stream with the end-of-stream bit set.
- // However, if the half-close happens after the last message on the
- // stream was already sent, then this field will be true to indicate an
- // end-of-stream with *no* message (as opposed to an empty message).
+ // This field is used in ``GRPC`` body send mode when ``end_of_stream`` is ``true`` and ``body``
+ // is empty. Those values would normally indicate an empty message on the stream with the
+ // end-of-stream bit set. However, if the half-close happens after the last message on the stream
+ // was already sent, then this field will be ``true`` to indicate an end-of-stream with *no*
+ // message (as opposed to an empty message).
bool end_of_stream_without_message = 3;
- // This field is used in ``GRPC`` body send mode to indicate whether
- // the message is compressed. This will never be set to true by gRPC
- // but may be set to true by a proxy like Envoy.
+ // This field is used in ``GRPC`` body send mode to indicate whether the message is compressed.
+ // This will never be set to ``true`` by gRPC but may be set to ``true`` by a proxy like Envoy.
bool grpc_message_compressed = 4;
}
@@ -352,13 +341,14 @@
HeaderMutation header_mutation = 1;
}
-// This message is sent by the external server to the data plane after ``HttpHeaders``
-// to initiate local response streaming. The server may follow up with multiple messages containing ``body_response``.
-// The server must indicate end of stream by setting ``end_of_stream`` to ``true`` in the ``headers_response``
-// or ``body_response`` message or by sending a ``trailers_response`` message.
+// This message is sent by the external server to the data plane after ``HttpHeaders`` to initiate
+// local response streaming. The server may follow up with multiple messages containing
+// ``body_response``. The server must indicate end of stream by setting ``end_of_stream`` to
+// ``true`` in the ``headers_response`` or ``body_response`` message or by sending a
+// ``trailers_response`` message.
message StreamedImmediateResponse {
oneof response {
- // Response headers to be sent downstream. The ":status" header must be set.
+ // Response headers to be sent downstream. The ``:status`` header must be set.
HttpHeaders headers_response = 1;
// Response body to be sent downstream.
@@ -384,7 +374,7 @@
// further messages for this request or response even if the processing
// mode is configured to do so.
//
- // When used in response to a request_headers or response_headers message,
+ // When used in response to a ``request_headers`` or ``response_headers`` message,
// this status makes it possible to either completely replace the body
// while discarding the original body, or to add a body to a message that
// formerly did not have one.
@@ -401,23 +391,22 @@
ResponseStatus status = 1 [(validate.rules).enum = {defined_only: true}];
// Instructions on how to manipulate the headers. When responding to an
- // HttpBody request, header mutations will only take effect if
- // the current processing mode for the body is BUFFERED.
+ // ``HttpBody`` request, header mutations will only take effect if the current processing mode
+ // for the body is ``BUFFERED``.
HeaderMutation header_mutation = 2;
- // Replace the body of the last message sent to the remote server on this
- // stream. If responding to an HttpBody request, simply replace or clear
- // the body chunk that was sent with that request. Body mutations may take
- // effect in response either to ``header`` or ``body`` messages. When it is
- // in response to ``header`` messages, it only take effect if the
+ // Replace the body of the last message sent to the remote server on this stream. If responding
+ // to an ``HttpBody`` request, simply replace or clear the body chunk that was sent with that
+ // request. Body mutations may take effect in response either to ``header`` or ``body`` messages.
+ // When it is in response to ``header`` messages, it only takes effect if the
// :ref:`status <envoy_v3_api_field_service.ext_proc.v3.CommonResponse.status>`
- // is set to CONTINUE_AND_REPLACE.
+ // is set to ``CONTINUE_AND_REPLACE``.
BodyMutation body_mutation = 3;
// [#not-implemented-hide:]
- // Add new trailers to the message. This may be used when responding to either a
- // HttpHeaders or HttpBody message, but only if this message is returned
- // along with the CONTINUE_AND_REPLACE status.
+ // Add new trailers to the message. This may be used when responding to either an
+ // ``HttpHeaders`` or ``HttpBody`` message, but only if this message is returned
+ // along with the ``CONTINUE_AND_REPLACE`` status.
// The header value is encoded in the
// :ref:`raw_value <envoy_v3_api_field_config.core.v3.HeaderValue.raw_value>` field.
config.core.v3.HeaderMap trailers = 4;
@@ -429,34 +418,32 @@
bool clear_route_cache = 5;
}
-// This message causes the filter to attempt to create a locally
-// generated response, send it downstream, stop processing
-// additional filters, and ignore any additional messages received
-// from the remote server for this request or response. If a response
-// has already started, then this will either ship the reply directly
-// to the downstream codec, or reset the stream.
+// This message causes the filter to attempt to create a locally generated response, send it
+// downstream, stop processing additional filters, and ignore any additional messages received
+// from the remote server for this request or response. If a response has already started, then
+// this will either ship the reply directly to the downstream codec, or reset the stream.
// [#next-free-field: 6]
message ImmediateResponse {
// The response code to return.
type.v3.HttpStatus status = 1 [(validate.rules).message = {required: true}];
- // Apply changes to the default headers, which will include content-type.
+ // Apply changes to the default headers, which will include ``content-type``.
HeaderMutation headers = 2;
// The message body to return with the response which is sent using the
- // text/plain content type, or encoded in the grpc-message header.
+ // ``text/plain`` content type, or encoded in the ``grpc-message`` header.
bytes body = 3;
// If set, then include a gRPC status trailer.
GrpcStatus grpc_status = 4;
// A string detailing why this local reply was sent, which may be included
- // in log and debug output (e.g. this populates the %RESPONSE_CODE_DETAILS%
+ // in log and debug output (e.g., this populates the ``%RESPONSE_CODE_DETAILS%``
// command operator field for use in access logging).
string details = 5;
}
-// This message specifies a gRPC status for an ImmediateResponse message.
+// This message specifies a gRPC status for an ``ImmediateResponse`` message.
message GrpcStatus {
// The actual gRPC status.
uint32 status = 1;
@@ -484,26 +471,24 @@
// a serialized gRPC message to be passed to the upstream/downstream by the data plane.
bytes body = 1;
- // The server sets this flag to true if it has received a body request with
- // :ref:`end_of_stream <envoy_v3_api_field_service.ext_proc.v3.HttpBody.end_of_stream>` set to true,
- // and this is the last chunk of body responses.
- // Note that in ``GRPC`` body send mode, this allows the ext_proc
- // server to tell the data plane to send a half close after a client
- // message, which will result in discarding any other messages sent by
- // the client application.
+ // The server sets this flag to ``true`` if it has received a body request with
+ // :ref:`end_of_stream <envoy_v3_api_field_service.ext_proc.v3.HttpBody.end_of_stream>` set to
+ // ``true``, and this is the last chunk of body responses.
+ //
+ // Note that in ``GRPC`` body send mode, this allows the ext_proc server to tell the data plane
+ // to send a half close after a client message, which will result in discarding any other
+ // messages sent by the client application.
bool end_of_stream = 2;
- // This field is used in ``GRPC`` body send mode when ``end_of_stream`` is
- // true and ``body`` is empty. Those values would normally indicate an
- // empty message on the stream with the end-of-stream bit set.
- // However, if the half-close happens after the last message on the
- // stream was already sent, then this field will be true to indicate an
- // end-of-stream with *no* message (as opposed to an empty message).
+ // This field is used in ``GRPC`` body send mode when ``end_of_stream`` is ``true`` and ``body``
+ // is empty. Those values would normally indicate an empty message on the stream with the
+ // end-of-stream bit set. However, if the half-close happens after the last message on the stream
+ // was already sent, then this field will be ``true`` to indicate an end-of-stream with *no*
+ // message (as opposed to an empty message).
bool end_of_stream_without_message = 3;
- // This field is used in ``GRPC`` body send mode to indicate whether
- // the message is compressed. This will never be set to true by gRPC
- // but may be set to true by a proxy like Envoy.
+ // This field is used in ``GRPC`` body send mode to indicate whether the message is compressed.
+ // This will never be set to ``true`` by gRPC but may be set to ``true`` by a proxy like Envoy.
bool grpc_message_compressed = 4;
}
@@ -517,11 +502,10 @@
// is not set to ``FULL_DUPLEX_STREAMED`` or ``GRPC``.
bytes body = 1;
- // Clear the corresponding body chunk.
- // Should only be used when the corresponding ``BodySendMode`` in the
+ // Clear the corresponding body chunk. Should only be used when the corresponding
+ // ``BodySendMode`` in the
// :ref:`processing_mode <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.processing_mode>`
// is not set to ``FULL_DUPLEX_STREAMED`` or ``GRPC``.
- // Clear the corresponding body chunk.
bool clear_body = 2;
// Must be used when the corresponding ``BodySendMode`` in the
envoy/service/extension/v3/config_discovery.proto:
--- shake256:8ed6ff32eba9f5a768ed19ffa70ed80227a7beca9ab61da117f3858af346fc3f5445d14aa839231c6d5c8a8a64988a1e3623a3a61132b0120fdfcfbf10a01bb6 envoy/service/extension/v3/config_discovery.proto
+++ shake256:d33d7e3c73ba3134309e4646921cb897c06f9ed845e87b52293263592877f35295c22d222464969f1900ed0f8a5eb84b4bf8a154a0603bfbf2fe4c3345a84001 envoy/service/extension/v3/config_discovery.proto
@@ -16,7 +16,6 @@
option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Extension config discovery service (ECDS)]
-
// A service that supports dynamic configuration updates for a specific filter.
// Currently, ECDS is supported for network filters, HTTP filters, UDP session filters, and listener filters.
// Please check :ref:`Extension Config Discovery Service (ECDS) API <config_overview_extension_discovery>`.
@@ -40,7 +39,7 @@
// .. note::
// Filters that are configured using ECDS are warmed. For more details see
// :ref:`ExtensionConfigSource <envoy_v3_api_msg_config.core.v3.ExtensionConfigSource>`.
-//
+
// Return extension configurations.
service ExtensionConfigDiscoveryService {
option (envoy.annotations.resource).type = "envoy.config.core.v3.TypedExtensionConfig";
envoy/service/health/v3/hds.proto:
--- shake256:8dc8e6bba48aa83023d8af0412d52cebd600eab03b0561a5c1c26b0ee561058eb3e11edf4ece580c2c5b8360a28264dc47c3a9e496701f2c796515dce5ed80fb envoy/service/health/v3/hds.proto
+++ shake256:c7da7d4042efb8fe51bda5cc47c94c3711a2a4d99905018c7900a94f16a468a5b4910619c719edd97ce7f1fa313242f294817eb643a21b89b15ff0f3b12b779d envoy/service/health/v3/hds.proto
@@ -10,6 +10,7 @@
import "google/api/annotations.proto";
import "google/protobuf/duration.proto";
+import "google/protobuf/struct.proto";
import "envoy/annotations/deprecation.proto";
import "udpa/annotations/status.proto";
@@ -109,6 +110,19 @@
config.endpoint.v3.Endpoint endpoint = 1;
config.core.v3.HealthStatus health_status = 2;
+
+ // Optional metadata about the health check result, populated by the active
+ // health checker and forwarded to the management server for richer health
+ // state interpretation.
+ //
+ // Well-known keys:
+ //
+ // ``http_status_code`` (number)
+ // Set by the HTTP health checker. Contains the HTTP response status code
+ // returned by the upstream endpoint during the most recent health check,
+ // e.g. ``200``, ``503``. Only present when the health check received a
+ // complete HTTP response; absent on connection failures or timeouts.
+ google.protobuf.Struct health_metadata = 3;
}
// Group endpoint health by locality under each cluster.
envoy/type/matcher/v3/address.proto:
--- shake256:b8aeb0435ab80c4f331ede8ee6367cf5eb25df2219c291e177b1be3dae38269671d7d2c2855e045c88058f0e973fdd447875a154228148abb5f00e94f4c47281 envoy/type/matcher/v3/address.proto
+++ shake256:eea057b217ab05e62596fe425a5113b5be7ba039f1eb674ae81328d6a527fb8c2753efc2cf7506f0be75f565bee3aa70ec51cb2e2e95ce6aaf0569843173f2d1 envoy/type/matcher/v3/address.proto
@@ -19,4 +19,10 @@
// filter state object as an IP.
message AddressMatcher {
repeated xds.core.v3.CidrRange ranges = 1;
+
+ // If true, the match result will be inverted. Defaults to false.
+ //
+ // * If set to false (default), the matcher will return true if the IP matches any of the CIDR ranges.
+ // * If set to true, the matcher will return true if the IP does NOT match any of the CIDR ranges.
+ bool invert_match = 2;
}
envoy/type/matcher/v3/status_code_input.proto:
--- shake256:262bde80e71fe6a168dd1b6a9ee1d1b27d3bbfe0e9e1e91129921cc0732f28380f5bb1cb18c041c29d57c93848b8c2ce35a16b0d4428d4df4e044c0fd6624bf0 envoy/type/matcher/v3/status_code_input.proto
+++ shake256:8bc193ee6750429235cf2707073a86b5799c243d431fd22fae1dcc1034a34b302494989b269a1a11226c1c5c7f110a8f50c403e8d176d03483322c033c7bda63 envoy/type/matcher/v3/status_code_input.proto
@@ -21,3 +21,15 @@
// response status code. For eg: 1xx, 2xx, 3xx, 4xx or 5xx.
message HttpResponseStatusCodeClassMatchInput {
}
+
+// This match input determines whether the response is a local reply which gets
+// generated by Envoy or a response from the upstream.
+//
+// The input string is ``true`` for local replies and ``false`` for the upstream
+// responses.
+//
+// It can be used with the ``custom_response`` filter to apply policies only to
+// the Envoy generated local replies.
+// [#extension: envoy.matching.inputs.local_reply]
+message HttpResponseLocalReplyMatchInput {
+}
| { | ||
| "module_name": "envoyproxy/envoy", | ||
| "latest_reference": "v1.37.2" | ||
| "latest_reference": "v1.38.0" |
There was a problem hiding this comment.
[Posted at 2026-04-24T12:22:27Z]
Overall transition
$ casdiff v1.37.2 \
v1.38.0 \
--format=markdown89 files changed: 0 removed, 0 renamed, 27 added, 62 changed content.
Files added:
+ shake256:444199d12077c1e966a9fc88c848f327d799bade7320ee83689ae2a8b667ffbc16f3748d4b5b7b166f6cd8a9e7c889fb4bd361c02747425cb2807156a746ba32 contrib/envoy/extensions/filters/network/peer_metadata/v3/peer_metadata.proto
+ shake256:ae74dc3f9e4c39da3cece4cd6fef65e2befdd352087667e7b8cac9f069acc4be8d82e8a4b19b3e0f6662a13d981d24b19135b21cc6b08775c4fd14138ca60185 contrib/envoy/extensions/private_key_providers/kae/v3alpha/kae.proto
+ shake256:0a3f8fc79164864e519f1840ba8455491910c39b6afad749adb8aae753090f82952d30b6003ad61b0d1c960bb982b3906189e1f98a7efd63975026643b07c6d8 contrib/envoy/extensions/reverse_tunnel_reporters/v3alpha/clients/grpc_client/grpc_client.proto
+ shake256:de126f26a091d6af4440d921b6a3a17d53608fcf2252aa67fe666fc4bcd9f35d980e29cba4fc1ea00b9d4ce79d8070a38c8f3ee33fced84711826f24ba9d4fc5 contrib/envoy/extensions/reverse_tunnel_reporters/v3alpha/clients/grpc_client/stream_reverse_tunnels.proto
+ shake256:bd8a77ad07cb81378caff3ffafde08afcb4554f09762d2afaab985b156feda51b3b62f82607c69039422f03a901abddad4361c029e2eda4bcedd85f6f2098cef contrib/envoy/extensions/reverse_tunnel_reporters/v3alpha/reporters/event_reporter.proto
+ shake256:9426a91c7672867a3f924ff2f4c9a4dba9c12ec763e234c2753c17d568332668eb19ab507f6bf2fca15d07d239e8097907246a216b74cee66ebe9dba66840e51 contrib/envoy/extensions/stat_sinks/kafka/v3/kafka_stats_sink.proto
+ shake256:e04d47d578900b98d66bf887201464c1bcf114d5dd9b2e29e9618d2f1c12958bef5848aa1491c219715b964dde29da2078cc77cbf973556ebaddff954d737ecf envoy/extensions/clusters/dynamic_modules/v3/cluster.proto
+ shake256:cf351b8d71d7f45e7cc327ecafde019c884ed6a3ddc31953e89d1dc2fdbb1ee4ad86df0465599f4a3c6a032b0006094f07ffebf800794b2f9c5186a2c603283b envoy/extensions/clusters/mcp_multicluster/v3/cluster.proto
+ shake256:34728d7ec4daa19f650ce7eb66d0edeea4fe7bc65418d27759524bf61b03574dfd6d0c48ff6b02a0c46278ac6394bd3c97191b872dd1e989a54989f452bfe695 envoy/extensions/content_parsers/json/v3/json_content_parser.proto
+ shake256:6b9d0ad70f60da843ebb34273554082f4164a7e97e67399d45597a5a261002ee47d9deace89a3fac8cddc739ac0f61fd4053d268c0b7580ee373b04bc576568a envoy/extensions/filters/http/a2a/v3/a2a.proto
+ shake256:b0a4c8a654df0f58e79b4f41bf72b96bb3a304bf4b5d2ff4b259817152362eb5a059b896e4c2487b317c487e03c9288b913109a79d63e2bfa271fbfcee8139d1 envoy/extensions/filters/http/file_server/v3/file_server.proto
+ shake256:7481e541607d3560e2fde1540b5201201cc2bc76a80a24c6bf09f89f9191930d3a4df0cde01662f33a416672013fb77d15b4116378cdb150085cfb9afaf76e49 envoy/extensions/filters/http/mcp_json_rest_bridge/v3/mcp_json_rest_bridge.proto
+ shake256:afaad9e459e62a9c787edc64889fbc6e2e57e544dac8cdc521a68fdeed078e4bf5fa5de74265ea738f94ff0ef783ce824ec7f4e5b869b9f8946b6133567a0331 envoy/extensions/filters/http/sse_to_metadata/v3/sse_to_metadata.proto
+ shake256:b5e9b3d848e79b2ed596d66d6aedd93f5a0ebfb98c46a2ff57fe2217c94b0beb5dd7fd3b63a4c6b66aa7445bbeb30deba24eddc29a70069c04a7877e79387de1 envoy/extensions/filters/listener/set_filter_state/v3/set_filter_state.proto
+ shake256:e94342f931679294c5668dadbbcbdd2d43d962e44a6017de46363582a4b449fad96be21769cb82507df29a74fe55489922e3fefe9bec6904eae3250a3ec1b00a envoy/extensions/filters/network/reverse_tunnel/v3/drain_aware_hcm.proto
+ shake256:1d4dc1e6a0f50919946903618d31b158a7dd5f729328719d0f8be8ba80d98f0e9503375cd1e1ba16682be00de12225a86b31c602e564efee97967bf00fad3cf9 envoy/extensions/filters/network/tcp_bandwidth_limit/v3/tcp_bandwidth_limit.proto
+ shake256:235ea9784a64a6ac54dd57d627c16d93c642f25a9aa463e2e249abfc6c652f0709ed3d3375428cf7664afb5773a0eb297c5d48ffdfb57f7529b3e28829dcb8ee envoy/extensions/formatter/file_content/v3/file_content.proto
+ shake256:c833a876b2df74ab0f5fc98642b2d3d526526ce1130718f9d2d0124703d8edcf926764e6ebcf252f0b32d47bf86ce3edd091df433b3df8c35a5dcaa822ded134 envoy/extensions/formatter/generic_secret/v3/generic_secret.proto
+ shake256:6dcbe87f52378e27eb00d8a6512887c67f69cc672b7351f046694cae52e4f0b6ffa5d48f598ade81799dbbe84172d297e79c6beda4db9f12f5621dbf8659bacc envoy/extensions/load_balancing_policies/dynamic_modules/v3/dynamic_modules.proto
+ shake256:acf4ff9c546497c44a9f5e040898e1d8e9cd8caa73add2af8152815a327db594286d7c3200c81165c72da67a06fc630cdede8bb66ac706d1c2e86b42cd743330 envoy/extensions/matching/actions/transform_stat/v3/transform_stat.proto
+ shake256:67a0605b9de1b29cc5afa547fce19ac7c867bd77508de0cf62a744eab3ab004ece5a946677baf90b5e56f9ed74a8d18eece9be46a4a3badb68badab7eee71e15 envoy/extensions/matching/http/dynamic_modules/v3/dynamic_modules.proto
+ shake256:134ea10cdb70aa7d229fc2cd26d1abe6cac8b9193e435419fe0c568bdd167e48789358082414f687ab6318c073d22c82ae1f09b5ca665c182045ba2370fead69 envoy/extensions/matching/input_matchers/dynamic_modules/v3/dynamic_modules.proto
+ shake256:86abd3fe28157697761afbf44d695b5e10253790c51245796c511e963f613a2d68b18115c994b88a6e676c269e5bf34d65de23a6fee5d650472c3eb4dd4fccb5 envoy/extensions/network/dns_resolver/hickory/v3/hickory_dns_resolver.proto
+ shake256:389b3dcebe44e1c0ea1edbf8cb24b13c0737d253ea00ba19d5ceb4072e8f586f3cecaa60ef2cacaf0d084374ebda39c73bf0e6f5d99106058cb1e33e7e665f72 envoy/extensions/tracers/dynamic_modules/v3/dynamic_modules.proto
+ shake256:fbbc91de81f1f92dae79116f73b0ca0f85b9a2c8b84f3f2628e90da14632bd639f559092fe9f964b4079c5efdef3ee539cbd7f6179136aab4bcdd51fb470134b envoy/extensions/transport_sockets/tls/cert_mappers/filter_state_override/v3/config.proto
+ shake256:4faffcc609f77fb1b39e6b4cb78d8ad3d9df19a3a23a99cddc2fd3a6ae17c5267f8bbf2d82663ca8e5033b41c7952850df5da2ff497520197b7852daa3a14b28 envoy/extensions/transport_sockets/tls/cert_validator/dynamic_modules/v3/dynamic_modules.proto
+ shake256:d9b653269e362272e2197b3b31aeef9177836baccff9973c02954f1595fa393da16e0cbd691a9c86d024528d3c8e008a706a640e1b1ac8015e375d7df9399bd1 envoy/extensions/upstreams/http/dynamic_modules/v3/dynamic_modules.protoFiles changed content:
contrib/envoy/extensions/filters/http/peer_metadata/v3/peer_metadata.proto:
--- shake256:748b4a07decc320986f74c63098d0a67eeb9f9f96c9b5f74c93aa338d40dc469bbaeaac10c43a9727ad42533dba9c73398d8db39d5218701936d632524728117 contrib/envoy/extensions/filters/http/peer_metadata/v3/peer_metadata.proto
+++ shake256:9b39880a2a78eb66b8f933d3d50844d34f1da1e16e260b27600603e577af3e3ed8cd1cfc6144022215b2222f0b5fee7de94986e1f792df80205f2e1c70742817 contrib/envoy/extensions/filters/http/peer_metadata/v3/peer_metadata.proto
@@ -19,8 +19,7 @@
// peer telemetry attributes for consumption by the telemetry filters.
// [#next-free-field: 7]
message Config {
- // DEPRECATED.
- // This method uses ``baggage`` header encoding.
+ // This method uses ``baggage`` header encoding. Only used for HTTP CONNECT tunnels.
message Baggage {
}
@@ -42,6 +41,18 @@
bool skip_external_clusters = 1;
}
+ // This method extracts peer metadata from the upstream filter state if it's available.
+ //
+ // Upstream filter state could be populated by multiple means in general, but in practice the
+ // intention here is that upstream PeerMetadata filter will populate the filter state with peer
+ // details extracted from the baggage header sent in response.
+ //
+ // Naturally this metadata discovery method only makes sense for upstream peer metadata discovery.
+ message UpstreamFilterState {
+ // Upstream filter state key that will be used to store peer metadata.
+ string peer_metadata_key = 1;
+ }
+
// An exhaustive list of the derivation methods.
message DiscoveryMethod {
oneof method_specifier {
@@ -50,6 +61,8 @@
WorkloadDiscovery workload_discovery = 2;
IstioHeaders istio_headers = 3;
+
+ UpstreamFilterState upstream_filter_state = 4;
}
}
@@ -57,6 +70,8 @@
message PropagationMethod {
oneof method_specifier {
IstioHeaders istio_headers = 1;
+
+ Baggage baggage = 2;
}
}
envoy/admin/v3/clusters.proto:
--- shake256:3ecd52c0173847a8f34a9276ea4411f01160e06109098d7b9d3d37f3271cc789b60ad62fbb175188bee7048039a5968dc6aa6488ce20d7c31d0da58bfab013f1 envoy/admin/v3/clusters.proto
+++ shake256:0fd5a070d195ea94ff5cbfb328288eefa0b9e791d3e4859629463331addefc941b5876b7bfc746be38419a5fa8c7aaed665d2e26824e9017c48d295f1a1b0350 envoy/admin/v3/clusters.proto
@@ -153,7 +153,7 @@
}
// Health status for a host.
-// [#next-free-field: 9]
+// [#next-free-field: 10]
message HostHealthStatus {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.HostHealthStatus";
@@ -181,6 +181,9 @@
// The host failed active health check due to timeout.
bool active_hc_timeout = 8;
+ // The host is currently being marked as degraded through outlier detection.
+ bool failed_degraded_outlier_detection = 9;
+
// Health status as reported by EDS.
//
// .. note::
envoy/admin/v3/server_info.proto:
--- shake256:0d874a925488c9bea4cc70351e808d73c2974bb5cd6b7974775a8655fff22c24d6868f09d929c9ef8889963e43a3fe7ebab7217c13fad02ba1efaa86dce1e5df envoy/admin/v3/server_info.proto
+++ shake256:a3701b9fe15fd9effbf59c6641ff43a8678fa55cf0a6d00988250078bcc0bfb3455788295a723433c9d9a9e234149104eb0c1fadb260b1cd572537a60ada71ad envoy/admin/v3/server_info.proto
@@ -19,7 +19,7 @@
// Proto representation of the value returned by /server_info, containing
// server version/server status information.
-// [#next-free-field: 8]
+// [#next-free-field: 9]
message ServerInfo {
option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v2alpha.ServerInfo";
@@ -57,6 +57,9 @@
// Populated node identity of this server.
config.core.v3.Node node = 7;
+
+ // Whether the server is currently initializing during a hot restart.
+ bool hot_restart_initializing = 8;
}
// [#next-free-field: 43]
envoy/config/bootstrap/v3/bootstrap.proto:
--- shake256:8ca3bb1223bba6ed2a5ca12a2eb40ec4e962299d1723bd841e22535a605358433510aeb8e81faf0fc23bb276f459dcfeddbe8481627829993a1d9bdc25ae48dd envoy/config/bootstrap/v3/bootstrap.proto
+++ shake256:7beeecf5ab4b590492940618911fa508d71fee4f33d6c787f74cbca2406ff6e1791dfb4a3f118bf447603c6fdfef5e535d0154b8c785d6884e70cba801283c8b envoy/config/bootstrap/v3/bootstrap.proto
@@ -469,6 +469,8 @@
bool ignore_global_conn_limit = 6;
// List of admin paths that are accessible. If not specified, all admin endpoints are accessible.
+ // Matchers are evaluated against the request path. For endpoints commonly queried with
+ // parameters (for example ``/stats?format=...``), prefer ``prefix`` matchers.
//
// When specified, only paths in this list will be accessible, all others will return ``HTTP 403 Forbidden``.
//
@@ -477,7 +479,8 @@
// .. code-block:: yaml
//
// allow_paths:
- // - exact: /stats
+ // - prefix: /stats
+ // - prefix: /config_dump
// - exact: /ready
// - prefix: /healthcheck
//
@@ -774,6 +777,7 @@
InlineHeaderType inline_header_type = 2 [(validate.rules).enum = {defined_only: true}];
}
+// [#next-free-field: 6]
message MemoryAllocatorManager {
// Configures tcmalloc to perform background release of free memory in amount of bytes per ``memory_release_interval`` interval.
// If equals to ``0``, no memory release will occur. Defaults to ``0``.
@@ -783,4 +787,29 @@
// interval Envoy will try to release ``bytes_to_release`` of free memory back to operating system for reuse.
// Defaults to ``1000`` milliseconds.
google.protobuf.Duration memory_release_interval = 2;
+
+ // Sets the soft memory limit for tcmalloc. When the total memory used by tcmalloc exceeds this
+ // limit, background release will be performed more aggressively to bring memory usage below the
+ // limit. If not set, no soft memory limit is applied.
+ //
+ // .. note::
+ // This is currently only supported with tcmalloc and not with ``gperftools``.
+ //
+ google.protobuf.UInt64Value soft_memory_limit_bytes = 3;
+
+ // Sets the maximum per-CPU cache size in bytes for tcmalloc. Smaller values reduce per-CPU
+ // memory overhead at the cost of increased contention on the central free list. If not set,
+ // tcmalloc's default is used.
+ //
+ // .. note::
+ // This is currently only supported with tcmalloc and not with ``gperftools``.
+ //
+ google.protobuf.UInt32Value max_per_cpu_cache_size_bytes = 4;
+
+ // The threshold of unfreed memory in bytes that triggers the heap shrinker to release memory
+ // back to the OS. When the difference between physical memory used and application-allocated
+ // memory exceeds this threshold, free memory is released.
+ //
+ // Defaults to ``104857600`` (100 MB).
+ uint64 max_unfreed_memory_bytes = 5;
}
envoy/config/cluster/v3/cluster.proto:
--- shake256:19f745562070373e23d5463423482c666d5a48b31da6eacf09d376989cf8ded9f9d067027080242b21fd712aa4587504d1f823bcbd4903351459123c3800ce63 envoy/config/cluster/v3/cluster.proto
+++ shake256:0e352afb4c3b6c449be91cfe0715f0daa54a7ae8c65ee7babb294f50f5dc8df268cc44d1e516198c3f635bf47a0349565bdd5e3b95ecff34c67e65f3c22fce0e envoy/config/cluster/v3/cluster.proto
@@ -46,7 +46,7 @@
}
// Configuration for a single upstream cluster.
-// [#next-free-field: 60]
+// [#next-free-field: 61]
message Cluster {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Cluster";
@@ -887,6 +887,12 @@
google.protobuf.UInt32Value per_connection_buffer_limit_bytes = 5
[(udpa.annotations.security).configure_for_untrusted_upstream = true];
+ // Optional timeout that controls how long an upstream connection is allowed to stay above the
+ // configured buffer high watermark before it is closed. If this timeout is not specified, or
+ // explicitly set to 0, connections will not be closed due to buffer high watermark usage.
+ google.protobuf.Duration per_connection_buffer_high_watermark_timeout = 60
+ [(validate.rules).duration = {gte {}}];
+
// The :ref:`load balancer type <arch_overview_load_balancing_types>` to use
// when picking a host in the cluster.
LbPolicy lb_policy = 6 [(validate.rules).enum = {defined_only: true}];
@@ -1343,14 +1349,18 @@
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.UpstreamConnectionOptions";
+ // [#comment: Keep this list of address types in sync with api/config/core/v3/address.proto.]
enum FirstAddressFamilyVersion {
- // respect the native ranking of destination ip addresses returned from dns
- // resolution
+ // Use the first address family encountered in the address list.
DEFAULT = 0;
V4 = 1;
V6 = 2;
+
+ PIPE = 3;
+
+ INTERNAL = 4;
}
message HappyEyeballsConfig {
envoy/config/cluster/v3/outlier_detection.proto:
--- shake256:98b1c26901946bf3ffca0a0528724578ea47c176c8de0354aad5c4d2daa7a8436b3b7444741d8645c9ce01f679b1ff83a22daebb1060af8bad082193088b4242 envoy/config/cluster/v3/outlier_detection.proto
+++ shake256:e2ceaae01a83ed14091fbeef727ef4f95253a27971e4aa64b3da4086d854a983655d391ce065997cb6f7acb341fbc3c0ae57b9b1be812ce632b9a626b5534e14 envoy/config/cluster/v3/outlier_detection.proto
@@ -21,7 +21,7 @@
// See the :ref:`architecture overview <arch_overview_outlier_detection>` for
// more information on outlier detection.
-// [#next-free-field: 26]
+// [#next-free-field: 27]
message OutlierDetection {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.cluster.OutlierDetection";
@@ -29,6 +29,8 @@
// The number of consecutive server-side error responses (for HTTP traffic,
// 5xx responses; for TCP traffic, connection failures; for Redis, failure to
// respond PONG; etc.) before a consecutive 5xx ejection occurs. Defaults to 5.
+ //
+ // If set to 0 explicitly, consecutive 5xx ejection will be disabled.
google.protobuf.UInt32Value consecutive_5xx = 1;
// The time interval between ejection analysis sweeps. This can result in
@@ -80,6 +82,8 @@
// The number of consecutive gateway failures (502, 503, 504 status codes)
// before a consecutive gateway failure ejection occurs. Defaults to 5.
+ //
+ // If set to 0 explicitly, consecutive gateway failure ejection will be disabled.
google.protobuf.UInt32Value consecutive_gateway_failure = 10;
// The % chance that a host will be actually ejected when an outlier status
@@ -101,6 +105,8 @@
// occurs. Defaults to 5. Parameter takes effect only when
// :ref:`split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// is set to true.
+ //
+ // If set to 0 explicitly, consecutive locally originated failure ejection will be disabled.
google.protobuf.UInt32Value consecutive_local_origin_failure = 13;
// The % chance that a host will be actually ejected when an outlier status
@@ -177,4 +183,13 @@
// If enabled, at least one host is ejected regardless of the value of :ref:`max_ejection_percent<envoy_v3_api_field_config.cluster.v3.OutlierDetection.max_ejection_percent>`.
// Defaults to false.
google.protobuf.BoolValue always_eject_one_host = 25;
+
+ // If set to true, outlier detection will mark hosts as degraded when they return
+ // the ``x-envoy-degraded`` header.
+ // Degraded hosts are deprioritized in load balancing but are not ejected from the cluster.
+ // The degraded state is cleared using the same backoff algorithm as ejection, with the degradation
+ // period calculated as ``base_ejection_time`` multiplied by the number of times the host
+ // has been marked as degraded, capped by ``max_ejection_time``.
+ // Defaults to false.
+ google.protobuf.BoolValue detect_degraded_hosts = 26;
}
envoy/config/core/v3/address.proto:
--- shake256:93e4a36d900d8a68ed3b3126513013b82a79bda7e7c244b59a7ec2bd2928b8a7912e856da9075624253437ca50cd3d862db39aae56e8f1c916d7bb35a1be0db9 envoy/config/core/v3/address.proto
+++ shake256:f1c646aaa5ac13d22d3932210e1be33fc0af578674c8730aafe1dc375b5d44b2f20feae205bc597d7170bfabdca39a802fd0ad7094547267d86489739cd0fb0f envoy/config/core/v3/address.proto
@@ -188,6 +188,7 @@
message Address {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Address";
+ // [#comment: Keep this list of address types in sync with UpstreamConnectionOptions.FirstAddressFamilyVersion in api/envoy/config/cluster/v3/cluster.proto.]
oneof address {
option (validate.required) = true;
envoy/config/core/v3/http_service.proto:
--- shake256:e72a9109cba19d603c43c8a5e7505dc1d710e9a8f79b135190c7e50e570b728df279d903f13f5c6aa5149f562f613fdad442aa327466650443ad43baf747fb2e envoy/config/core/v3/http_service.proto
+++ shake256:e1b7f14cc3da4e6edf1e2f32c17681bbb5c2e410e2efe43cb54292ec2b931edbd15d80971d18feeb20e4a825462bed9df9263575cd6af77a2e257cd1cda0b352 envoy/config/core/v3/http_service.proto
@@ -3,6 +3,7 @@
package envoy.config.core.v3;
import "envoy/config/core/v3/base.proto";
+import "envoy/config/core/v3/extension.proto";
import "envoy/config/core/v3/http_uri.proto";
import "udpa/annotations/status.proto";
@@ -29,7 +30,13 @@
HttpUri http_uri = 1;
// Specifies a list of HTTP headers that should be added to each request
- // handled by this virtual host.
+ // handled by this virtual host. Substitution formatters are supported.
repeated HeaderValueOption request_headers_to_add = 2
[(validate.rules).repeated = {max_items: 1000}];
+
+ // Specifies a collection of Formatter plugins that can be used in substitution formatters
+ // in ``request_headers_to_add``.
+ // See the formatters extensions documentation for details.
+ // [#extension-category: envoy.formatter]
+ repeated TypedExtensionConfig formatters = 3;
}
envoy/config/core/v3/protocol.proto:
--- shake256:996a34816af91109a4fac98e114e7c5640f583ca8f46be8567f654ca73c42d77fd53ad3f069872ecf94e5cb968d826f17381445d38c68e84f1ad91118b3baab7 envoy/config/core/v3/protocol.proto
+++ shake256:2c60031b4a2065e1deffbb622837f2c346202c538ad277891bf9d5f55565526851d0215a9963f797b671e0a45f8008ea801f2c0536bea38d2e3846196bf16ef0 envoy/config/core/v3/protocol.proto
@@ -57,7 +57,7 @@
}
// QUIC protocol options which apply to both downstream and upstream connections.
-// [#next-free-field: 12]
+// [#next-free-field: 14]
message QuicProtocolOptions {
// Config for QUIC connection migration across network interfaces, i.e. cellular to WIFI, upon
// network change events from the platform, i.e. the current network gets
@@ -173,6 +173,17 @@
// If absent, the feature will be disabled.
// [#not-implemented-hide:]
ConnectionMigrationSettings connection_migration = 11;
+
+ // Timeout for a QUIC connection to schedule memory reduction callback when the network has been idle for a while.
+ // This value should be smaller than the idle timeout to take effect.
+ // If not specified, memory reduction is set to infinite by QUIC connection (disabled).
+ google.protobuf.Duration memory_reduction_timeout = 12
+ [(validate.rules).duration = {gte {seconds: 1}}];
+
+ // If true, the QUIC connection will signal support for `SCONE <https://datatracker.ietf.org/doc/draft-ietf-scone-protocol/>`_ (Standard
+ // Communication with Network Elements) and process SCONE packets.
+ // If not present, the QUICHE default behavior will be used.
+ google.protobuf.BoolValue enable_scone = 13;
}
message UpstreamHttpProtocolOptions {
@@ -350,8 +361,10 @@
//
// Currently some protocol codecs impose limits on the maximum size of a single header.
//
- // * HTTP/2 (when using ``nghttp2``) limits a single header to around ``100kb``.
- // * HTTP/3 limits a single header to around ``1024kb``.
+ // * HTTP/2 (when using nghttp2) limits a single header to around 100 KB by default. This can be
+ // adjusted via :ref:`max_header_field_size_kb
+ // <envoy_v3_api_field_config.core.v3.Http2ProtocolOptions.max_header_field_size_kb>`.
+ // * HTTP/3 limits a single header to around 1024 KB.
//
google.protobuf.UInt32Value max_response_headers_kb = 7
[(validate.rules).uint32 = {lte: 8192 gt: 0}];
@@ -539,7 +552,7 @@
[(validate.rules).duration = {gte {nanos: 1000000}}];
}
-// [#next-free-field: 19]
+// [#next-free-field: 21]
message Http2ProtocolOptions {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.Http2ProtocolOptions";
@@ -736,6 +749,48 @@
// worth the network bandwidth saved e.g. for localhost.
// If unset, uses the data plane's default value.
google.protobuf.BoolValue enable_huffman_encoding = 18;
+
+ // Configures the maximum wire-encoded size in KB of an individual header field (name or value)
+ // that the ``nghttp2`` HPACK inflater will accept. This limit applies to the HPACK-compressed
+ // length on the wire, not the decoded length. If not specified, defaults to ``64`` KB
+ // which is the ``nghttp2`` default.
+ //
+ // This limit applies to headers received by the codec. When configured on the downstream
+ // HTTP Connection Manager, it limits individual request header fields. When configured on an
+ // upstream cluster, it limits individual response header fields.
+ //
+ // Due to Huffman encoding, the decoded header size that passes a given wire limit depends
+ // on the compression ratio of the content. For example, at the default ``64`` KB wire
+ // limit, highly compressible header values can be approximately ``100`` KB when decoded.
+ // Increasing this limit allows accepting larger individual headers at the cost of increased
+ // memory usage during HPACK decompression.
+ //
+ // This option only applies when using ``nghttp2``. It is a no-op for ``oghttp2``. The configured
+ // value of this field sets the per-header field size limit, which must not exceed the
+ // applicable aggregate total header size limit. Since a single header field cannot be larger
+ // than the total size allowed for all headers combined, this value is validated against
+ // :ref:`max_request_headers_kb <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.max_request_headers_kb>`
+ // when configured on the downstream HTTP Connection Manager, and against
+ // :ref:`max_response_headers_kb <envoy_v3_api_field_config.core.v3.HttpProtocolOptions.max_response_headers_kb>`
+ // when configured on an upstream cluster.
+ //
+ // Since ``Http2ProtocolOptions`` is configured independently for downstream and upstream,
+ // different per-header field limits can be set for each direction without requiring separate
+ // request and response fields.
+ //
+ // .. note::
+ //
+ // When increasing this limit, ensure that upstream services and other proxies in the request
+ // path can also handle the larger individual header sizes. Mismatched limits may result in
+ // request failures.
+ google.protobuf.UInt32Value max_header_field_size_kb = 19
+ [(validate.rules).uint32 = {lte: 256 gte: 64}];
+
+ // Whether to disallow obsolete text for oghttp2 in header field values.
+ // If not set, it defaults to false.
+ // From RFC 9110, https://www.rfc-editor.org/rfc/rfc9110.html#section-5.5:
+ // obs-text = %x80-FF
+ google.protobuf.BoolValue disallow_obs_text = 20;
}
// [#not-implemented-hide:]
@@ -747,7 +802,7 @@
}
// A message which allows using HTTP/3.
-// [#next-free-field: 9]
+// [#next-free-field: 10]
message Http3ProtocolOptions {
QuicProtocolOptions quic_protocol_options = 1;
@@ -789,6 +844,12 @@
// Disables connection level flow control for HTTP/3 streams. This is useful in situations where the streams share the same connection
// but originate from different end-clients, so that each stream can make progress independently at non-front-line proxies.
bool disable_connection_flow_control_for_streams = 8;
+
+ // Whether to disallow obsolete text in header field values.
+ // If not set, it defaults to true for alignment with current behavior.
+ // As defined in RFC 9110, https://www.rfc-editor.org/rfc/rfc9110.html#section-5.5:
+ // an obs-text character is a character in the range %x80-FF
+ google.protobuf.BoolValue disallow_obs_text = 9;
}
// A message to control transformations to the :scheme header
envoy/config/core/v3/socket_option.proto:
--- shake256:54fb8bdc367e04a2b306de2e85bcca91f79ee21802d963ea46a5761a344e3db3666600f3c860fe7c18052aae3141b4dcb14e9449e83adb08036e8b2e5848658b envoy/config/core/v3/socket_option.proto
+++ shake256:05ce4c7eb1355fc400087a7acf217c6ef32180d7dc39aac2da5580cc99befb82ddc648a08296153ed4b05a3ab28e8233afd2c3ba61bbd978550640235c61fb3a envoy/config/core/v3/socket_option.proto
@@ -36,7 +36,7 @@
// :ref:`admin's <envoy_v3_api_field_config.bootstrap.v3.Admin.socket_options>` socket_options etc.
//
// It should be noted that the name or level may have different values on different platforms.
-// [#next-free-field: 8]
+// [#next-free-field: 9]
message SocketOption {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.SocketOption";
@@ -51,6 +51,19 @@
STATE_LISTENING = 2;
}
+ // The `socket IP version <https://linux.die.net/man/2/socket>`_ to apply the
+ // socket option to.
+ enum SocketIpVersion {
+ // Apply the socket option to all socket IP versions.
+ SOCKET_IP_VERSION_UNSPECIFIED = 0;
+
+ // Apply the socket option to the IPv4 socket type.
+ SOCKET_IP_VERSION_IPV4 = 1;
+
+ // Apply the socket option to the IPv6 socket type.
+ SOCKET_IP_VERSION_IPV6 = 2;
+ }
+
// The `socket type <https://linux.die.net/man/2/socket>`_ to apply the socket option to.
// Only one field should be set. If multiple fields are set, the precedence order will determine
// the selected one. If none of the fields is set, the socket option will be applied to all socket types.
@@ -101,6 +114,11 @@
// Apply the socket option to the specified `socket type <https://linux.die.net/man/2/socket>`_.
// If not specified, the socket option will be applied to all socket types.
SocketType type = 7;
+
+ // Apply the socket option to the specified `socket Ip version
+ // <https://linux.die.net/man/2/socket>`_. If not specified, the socket option
+ // will be applied to all socket ip versions.
+ SocketIpVersion ip_version = 8;
}
message SocketOptionsOverride {
envoy/config/listener/v3/listener.proto:
--- shake256:bd93ad0724db9b3840188ee614b6a8fe094dacba594e4d989cc33169c3b9ac373fd95ce9c201089b70bdd91a9a9fdd1bea3d2140f524eb8156273e1716684621 envoy/config/listener/v3/listener.proto
+++ shake256:e288d340d48c4b9aeb0a445d357ce6d85c5f5e96ab2b03bcb32cec2c0c150140c4320b916fd8cd3fd963bcc6db644d32316e90bb2701720393be09fd0396db4e envoy/config/listener/v3/listener.proto
@@ -61,7 +61,7 @@
repeated xds.core.v3.CollectionEntry entries = 1;
}
-// [#next-free-field: 38]
+// [#next-free-field: 39]
message Listener {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Listener";
@@ -215,7 +215,20 @@
google.protobuf.UInt32Value per_connection_buffer_limit_bytes = 5
[(udpa.annotations.security).configure_for_untrusted_downstream = true];
+ // Optional timeout that controls how long a connection is allowed to stay above the configured
+ // buffer high watermark before it is closed. If this timeout is not specified, or explicitly set
+ // to 0, connections will not be closed due to buffer high watermark usage.
+ google.protobuf.Duration per_connection_buffer_high_watermark_timeout = 38
+ [(validate.rules).duration = {gte {}}];
+
// Listener metadata.
+ //
+ // The following pre-defined metadata could be used by Envoy to manipulate the listener behavior:
+ //
+ // * ``envoy.stats_matcher``: this metadata could be used to customize the stats emitted by the
+ // listener. See :ref:`well-known metadata <well_known_metadata_envoy_stats_matcher>` for more
+ // details.
+ //
core.v3.Metadata metadata = 6;
// [#not-implemented-hide:]
envoy/config/overload/v3/overload.proto:
--- shake256:e2127d379ca4b3095227bfca37afce4626c1f19c0f12fb5750cb96e102ad44a4b69ef87a9ffe1871025355f89b4c2a4ac2c099ff53da65237672a923c2625006 envoy/config/overload/v3/overload.proto
+++ shake256:d1956a9d7a0955671ca719b81eebec0a508392f9cc438726deaa4e215fa1f2c27888edaba38e6b570578bb2112da42aa13351b3f7443efe95a2fcc4f0f2932ae envoy/config/overload/v3/overload.proto
@@ -6,6 +6,7 @@
import "google/protobuf/any.proto";
import "google/protobuf/duration.proto";
+import "google/protobuf/wrappers.proto";
import "udpa/annotations/status.proto";
import "udpa/annotations/versioning.proto";
@@ -137,6 +138,21 @@
repeated ScaleTimer timer_scale_factors = 1 [(validate.rules).repeated = {min_items: 1}];
}
+// Typed configuration for the "envoy.overload_actions.shrink_heap" action.
+// See :ref:`the docs <config_overload_manager_shrink_heap>` for an example of how to configure
+// this action.
+message ShrinkHeapConfig {
+ // The interval at which shrink heap action checks if memory should be released.
+ // If not specified, defaults to 10 seconds.
+ google.protobuf.Duration timer_interval = 1 [(validate.rules).duration = {gte {seconds: 1}}];
+
+ // Maximum amount of unfreed memory in bytes to keep before releasing memory
+ // back to the system. This is used as the threshold passed to
+ // tcmalloc::MallocExtension::ReleaseMemoryToSystem().
+ // If not specified, defaults to 104857600 (100MB).
+ google.protobuf.UInt64Value max_unfreed_memory_bytes = 2;
+}
+
message OverloadAction {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.overload.v2alpha.OverloadAction";
envoy/config/route/v3/route_components.proto:
--- shake256:51ab5857cad263ce58c510f0da0b06eee859677c39da016d6924a2c56a8fdc49e9b07c646d8b2dd518859f467be85aa333c8640fe604e65bbacad6e5cef0ded6 envoy/config/route/v3/route_components.proto
+++ shake256:68bd8402344e4157b5cde959d3885e9c1172bba59dfa368bcdfbeff75f5f6fb1fa20c9fdf98c565def281c62284ae7da723fdc65a93ec510e7a286c0ec744189 envoy/config/route/v3/route_components.proto
@@ -7,6 +7,7 @@
import "envoy/config/core/v3/extension.proto";
import "envoy/config/core/v3/proxy_protocol.proto";
import "envoy/config/core/v3/substitution_format_string.proto";
+import "envoy/type/matcher/v3/address.proto";
import "envoy/type/matcher/v3/filter_state.proto";
import "envoy/type/matcher/v3/metadata.proto";
import "envoy/type/matcher/v3/regex.proto";
@@ -2080,11 +2081,32 @@
// Global rate limiting :ref:`architecture overview <arch_overview_global_rate_limit>`.
// Also applies to Local rate limiting :ref:`using descriptors <config_http_filters_local_rate_limit_descriptors>`.
-// [#next-free-field: 7]
+// [#next-free-field: 8]
message RateLimit {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RateLimit";
- // [#next-free-field: 13]
+ enum XRateLimitOption {
+ // X-RateLimit headers is not specified. When this enum is used at descriptor level,
+ // the behavior is to inherit the setting from the filter.
+ UNSPECIFIED = 0;
+
+ // X-RateLimit headers disabled.
+ OFF = 1;
+
+ // Use `draft RFC Version 03 <https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html>`_
+ // where 3 headers will be added:
+ //
+ // * ``X-RateLimit-Limit`` - indicates the request-quota associated to the
+ // client in the current time-window followed by the description of the
+ // quota policy. The value is returned by the maximum tokens of the token bucket.
+ // * ``X-RateLimit-Remaining`` - indicates the remaining requests in the
+ // current time-window. The value is returned by the remaining tokens in the token bucket.
+ // * ``X-RateLimit-Reset`` - indicates the number of seconds until reset of
+ // the current time-window. The value is returned by the remaining fill interval of the token bucket.
+ DRAFT_VERSION_03 = 2;
+ }
+
+ // [#next-free-field: 14]
message Action {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.route.RateLimit.Action";
@@ -2370,6 +2392,16 @@
// Query :ref:`route entry metadata <envoy_v3_api_field_config.route.v3.Route.metadata>`
ROUTE_ENTRY = 1;
+
+ // Query :ref:`cluster metadata <envoy_v3_api_field_config.cluster.v3.Cluster.metadata>`
+ CLUSTER_ENTRY = 2;
+
+ // Query :ref:`cluster locality metadata <envoy_v3_api_field_config.endpoint.v3.LbEndpoint.metadata>`
+ // Cluster locality metadata is available after upstream host selection only. To populate descriptors
+ // with cluster locality metadata it needs to be have the
+ // :ref:`apply_on_stream_done field <envoy_v3_api_field_config.route.v3.RateLimit.apply_on_stream_done>`
+ // set to ``true`` or host selection completed before the rate limit filter is executed.
+ CLUSTER_LOCALITY_ENTRY = 3;
}
// The key to use in the descriptor entry.
@@ -2465,6 +2497,53 @@
[(validate.rules).repeated = {min_items: 1}];
}
+ // The following descriptor entry is appended to the descriptor:
+ //
+ // .. code-block:: cpp
+ //
+ // ("remote_address_match", "<descriptor_value>")
+ message RemoteAddressMatch {
+ // Descriptor value of entry.
+ //
+ // The same :ref:`format specifier <config_access_log_format>` as used for
+ // :ref:`HTTP access logging <config_access_log>` applies here, however
+ // unknown specifier values are replaced with the empty string instead of ``-``.
+ //
+ // .. note::
+ //
+ // The format string can contain multiple valid substitution fields. If multiple
+ // substitution fields are present, their results will be concatenated to form the
+ // final descriptor value. If it contains no substitution fields, the value will be
+ // used as is. All substitution fields will be evaluated and their results concatenated.
+ // If the final concatenated result is empty and ``default_value`` is set, the
+ // ``default_value`` will be used. If ``default_value`` is not set and the result is
+ // empty, this descriptor will be skipped and not included in the rate limit call.
+ //
+ // For example, ``static_value`` will be used as is since there are no substitution fields.
+ // ``%REQ(:method)%`` will be replaced with the HTTP method, and
+ // ``%REQ(:method)%%REQ(:path)%`` will be replaced with the concatenation of the HTTP method and path.
+ // ``%CEL(request.headers['user-id'])%`` will use CEL to extract the user ID from request headers.
+ //
+ string descriptor_value = 1 [(validate.rules).string = {min_len: 1}];
+
+ // The key to use in the descriptor entry.
+ //
+ // Defaults to ``remote_address_match``.
+ string descriptor_key = 2;
+
+ // An optional value to use if the final concatenated ``descriptor_value`` result is empty.
+ string default_value = 3;
+
+ // Specifies an address matcher that controls whether the rate limit action is applied.
+ // The matcher checks the remote address (trusted address from
+ // :ref:`x-forwarded-for <config_http_conn_man_headers_x-forwarded-for>`)
+ // against the specified CIDR ranges. The rate limit action will be applied if
+ // the remote address matches any of the CIDR ranges (or does not match any if
+ // ``invert_match`` is set to true in the address matcher).
+ type.matcher.v3.AddressMatcher address_matcher = 4
+ [(validate.rules).message = {required: true}];
+ }
+
oneof action_specifier {
option (validate.required) = true;
@@ -2517,6 +2596,9 @@
// Rate limit on the existence of query parameters.
QueryParameterValueMatch query_parameter_value_match = 11;
+
+ // Rate limit on remote address match.
+ RemoteAddressMatch remote_address_match = 13;
}
}
@@ -2563,6 +2645,11 @@
//
// One of the ``number`` or ``format`` fields should be set but not both.
string format = 2 [(validate.rules).string = {prefix: "%" suffix: "%" ignore_empty: true}];
+
+ // If true, the hits addend value will be treated as negative, effectively adding to
+ // the rate limit budget instead of consuming from it. This can be used to refill previously consumed
+ // rate limit tokens.
+ bool is_negative_hits = 3;
}
// Refers to the stage set in the filter. The rate limit configuration only
@@ -2631,6 +2718,9 @@
//
// Currently, this is only supported by the HTTP global rate filter.
bool apply_on_stream_done = 6;
+
+ // Descriptor level X-RateLimit headers options which may override the filter level setting.
+ XRateLimitOption x_ratelimit_option = 7;
}
// .. attention::
envoy/config/trace/v3/opentelemetry.proto:
--- shake256:5c63a5548079a410d3c40d11a8761f5472beab03ad573a41f061872a8b2f32e4b33a361cbecc54cc472e3bc35072cf299dde525736aa5303bfefa5d7f73d7360 envoy/config/trace/v3/opentelemetry.proto
+++ shake256:b0a3d03c1139ce606c267a6fc1cf4a46a5d60029c99fa9740b516357cf771742ba6463099df5cd6cc671d55c58ae01fb17bd6fa2b3a61e8fd244c7f8bf340926 envoy/config/trace/v3/opentelemetry.proto
@@ -36,11 +36,9 @@
//
// .. note::
//
- // Note: The ``request_headers_to_add`` property in the OTLP HTTP exporter service
- // does not support the :ref:`format specifier <config_access_log_format>` as used for
- // :ref:`HTTP access logging <config_access_log>`.
- // The values configured are added as HTTP headers on the OTLP export request
- // without any formatting applied.
+ // The ``request_headers_to_add`` property in the OTLP HTTP exporter service supports
+ // substitution formatters. The formatters cannot access any HTTP or connection properties, but
+ // can load content such as environment variables or files or secrets.
core.v3.HttpService http_service = 3
[(udpa.annotations.field_migrate).oneof_promotion = "otlp_exporter"];
envoy/config/trace/v3/zipkin.proto:
--- shake256:47d7103d97ef0773986433d778f581ee7bf18610bca4308a1ecd757eb83a544df959c45b814cbeaeeae68a6601533e89d40b5581f0fa40e98394bdd4c94ea867 envoy/config/trace/v3/zipkin.proto
+++ shake256:1ff6ffe28457b2a8cd8b216be08e306264ce95ef295480cae4a752bbca30c7a07c395bd98e5c65f22afacbe75c6ae8e2dfe2803f926a215d4e8b2943b7a215ff envoy/config/trace/v3/zipkin.proto
@@ -22,7 +22,7 @@
// Configuration for the Zipkin tracer.
// [#extension: envoy.tracers.zipkin]
-// [#next-free-field: 10]
+// [#next-free-field: 11]
message ZipkinConfig {
option (udpa.annotations.versioning).previous_message_type = "envoy.config.trace.v2.ZipkinConfig";
@@ -173,4 +173,10 @@
// * Hostname: Uses cluster name as fallback
// * Path: ``/api/v2/spans``
core.v3.HttpService collector_service = 9;
+
+ // Determines whether trace IDs will include a timestamp in the first 4 bytes.
+ // When enabled, trace IDs are generated with the format: [32-bit epoch seconds][32-bit random].
+ // The default value is false, which results in fully random trace IDs.
+ // For 128-bit trace IDs, the timestamp is encoded in the high 32 bits of the high 64-bit word.
+ bool timestamp_trace_ids = 10;
}
envoy/data/accesslog/v3/accesslog.proto:
--- shake256:7188953c02eed213b986a7f1de8c311441e9e42cfdf01a9d8490667fd71c550d968527bc20be8592bbfc728c874f0dd998dfa3743c8adcdc04b8827b7bacd010 envoy/data/accesslog/v3/accesslog.proto
+++ shake256:e428af4c299325c89c6e0fd308d26d8de409354fee4c854ebc6d6b0ec1056ae68694bcf60fa466369b314b938c5239458129fdb5c9e6b6289c19e71c3aeba3a9 envoy/data/accesslog/v3/accesslog.proto
@@ -36,6 +36,7 @@
NotSet = 0;
TcpUpstreamConnected = 1;
TcpPeriodic = 2;
+ TcpConnectionStart = 14;
TcpConnectionEnd = 3;
DownstreamStart = 4;
DownstreamPeriodic = 5;
envoy/data/cluster/v3/outlier_detection_event.proto:
--- shake256:ee04b813c98e80ddfffbb24402adc26ea381b319e15c9c311ee9c718d4db80ad89ecabdf4ed455aa025a8a31f8c05a9508cbc69046e6ed48c78fe05d8b17914d envoy/data/cluster/v3/outlier_detection_event.proto
+++ shake256:61967733b051916f65d73c3588c9ebef8c342c7239154dd09a65ad40484df30c015938eef9dcc642cca84a3d2d33d0e94ef96fcaa475ec4d2f1673e5c5d67943 envoy/data/cluster/v3/outlier_detection_event.proto
@@ -63,6 +63,12 @@
// Runs over aggregated success rate statistics for local origin failures from every host in
// cluster and selects hosts for which ratio of failed replies is above configured value.
FAILURE_PERCENTAGE_LOCAL_ORIGIN = 6;
+
+ // Host is detected as degraded via passive health checking (outlier detection).
+ // The host returns responses with the x-envoy-degraded header, indicating it is under stress
+ // but still able to serve traffic. Degraded hosts are deprioritized in load balancing but not
+ // fully ejected.
+ DEGRADED = 7;
}
// Represents possible action applied to upstream host
envoy/extensions/access_loggers/open_telemetry/v3/logs_service.proto:
--- shake256:98893684c42a2e2520895a664623c59426eec1edc6b04ae90296ef27eb47fe1f12574a0c196d0979a001628aad4d85208c73897c8ea130ff31aa621b8284df26 envoy/extensions/access_loggers/open_telemetry/v3/logs_service.proto
+++ shake256:22d4d7d08052b89328069887d994556ba290264f6b8eb10b59f7d924da761c06d89ee28b81b3e7892a0418ecc51ccdd04ad41e97451731cea47ad6e3532c6e5b envoy/extensions/access_loggers/open_telemetry/v3/logs_service.proto
@@ -42,11 +42,9 @@
//
// .. note::
//
- // The ``request_headers_to_add`` property in the OTLP HTTP exporter service
- // does not support the :ref:`format specifier <config_access_log_format>` as used for
- // :ref:`HTTP access logging <config_access_log>`.
- // The values configured are added as HTTP headers on the OTLP export request
- // without any formatting applied.
+ // The ``request_headers_to_add`` property in the OTLP HTTP exporter service supports
+ // substitution formatters. The formatters cannot access any HTTP or connection properties, but
+ // can load content such as environment variables or files or secrets.
config.core.v3.HttpService http_service = 8;
// The upstream gRPC cluster that will receive OTLP logs.
envoy/extensions/access_loggers/stats/v3/stats.proto:
--- shake256:8279990477d97efaa433be0a4321dc7d2291ee5d8aa833d9a24487786d43ed370fc0e7f1b3a4810025e61d45c0600d5ab4900396c58cd9419b3aa281f69077a3 envoy/extensions/access_loggers/stats/v3/stats.proto
+++ shake256:4a626fd11ed77f856584896d8c115d939ce7621d4cd2c1ebb66fc308b31d4641dd38eaab9d9d1e2b91625309bf9dcf50ab15dd9b2db4c7bcbb9eae73a91d9742 envoy/extensions/access_loggers/stats/v3/stats.proto
@@ -2,9 +2,11 @@
package envoy.extensions.access_loggers.stats.v3;
+import "envoy/data/accesslog/v3/accesslog.proto";
+
import "google/protobuf/wrappers.proto";
-import "xds/annotations/v3/status.proto";
+import "xds/type/matcher/v3/matcher.proto";
import "udpa/annotations/status.proto";
import "validate/validate.proto";
@@ -27,16 +29,23 @@
// leading to a denial of service in Envoy, or can overwhelm any configured
// stat sinks by sending too many unique metrics.
+// [#next-free-field: 6]
message Config {
- option (xds.annotations.v3.message_status).work_in_progress = true;
-
// Defines a tag on a stat.
message Tag {
// The name of the tag.
string name = 1 [(validate.rules).string = {min_len: 1}];
- // The value of the tag, using :ref:`command operators <config_access_log_command_operators>`.
+ // The value of the tag, using :ref:`command operators
+ // <config_access_log_command_operators>`.
string value_format = 2 [(validate.rules).string = {min_len: 1}];
+
+ // The custom rules to generate the stat tags. Currently, the only
+ // supported input is
+ // :ref:`Stat tag value input <envoy_v3_api_msg_extensions.matching.common_inputs.stats.v3.StatTagValueInput>`.
+ // The supported actions are
+ // - :ref:`Transform stat action <envoy_v3_api_msg_extensions.matching.actions.transform_stat.v3.TransformStat>`.
+ xds.type.matcher.v3.Matcher rules = 3;
}
// Defines the name and tags of a stat.
@@ -91,6 +100,58 @@
google.protobuf.UInt64Value value_fixed = 3 [(validate.rules).uint64 = {gt: 0}];
}
+ // Configuration for a gauge stat. Gauges can be used to add, subtract, or set
+ // values, and are useful for tracking concurrency or other mutable values
+ // over time.
+ // [#next-free-field: 6]
+ message Gauge {
+ // The Set operation config.
+ message Set {
+ // The access log type to trigger the operation.
+ data.accesslog.v3.AccessLogType log_type = 1 [(validate.rules).enum = {defined_only: true}];
+ }
+
+ // The PairedAddSubtract operation config.
+ // Usage restrictions:
+ //
+ // 1. We only support add first then subtract logic and we rely on the symmetrical log types
+ // (e.g., DownstreamStart/DownstreamEnd) to increment and decrement the gauge.
+ // 2. During runtime, sub_log_type will execute if and only if add_log_type operation has
+ // been done, tracked by inflight counter in filter state.
+ // 3. If the add_log_type operation was executed, the sub_log_type will happen when the
+ // stream/connection is closed, even if the configured log type didn't happen.
+ message PairedAddSubtract {
+ // The access log type to trigger the add operation.
+ data.accesslog.v3.AccessLogType add_log_type = 1
+ [(validate.rules).enum = {defined_only: true}];
+
+ // The access log type to trigger the subtract operation.
+ data.accesslog.v3.AccessLogType sub_log_type = 2
+ [(validate.rules).enum = {defined_only: true}];
+ }
+
+ // The name and tags of this gauge.
+ Stat stat = 1 [(validate.rules).message = {required: true}];
+
+ // The format string for the value of this gauge, using :ref:`command
+ // operators <config_access_log_command_operators>`. This must evaluate to a
+ // positive number.
+ string value_format = 2
+ [(validate.rules).string = {prefix: "%" suffix: "%" ignore_empty: true}];
+
+ // A fixed value to add/subtract/set to this gauge.
+ // One of ``value_format`` or ``value_fixed`` must be configured.
+ google.protobuf.UInt64Value value_fixed = 3 [(validate.rules).uint64 = {gt: 0}];
+
+ // The PairedAddSubtract operation.
+ // Only one of PairedAddSubtract and Set can be defined.
+ PairedAddSubtract add_subtract = 4;
+
+ // The Set operation.
+ // Only one of PairedAddSubtract and Set can be defined.
+ Set set = 5;
+ }
+
// The stat prefix for the generated stats.
string stat_prefix = 1 [(validate.rules).string = {min_len: 1}];
@@ -99,4 +160,7 @@
// The counters this logger will emit.
repeated Counter counters = 4;
+
+ // The gauges this logger will emit.
+ repeated Gauge gauges = 5;
}
envoy/extensions/bootstrap/reverse_tunnel/downstream_socket_interface/v3/downstream_reverse_connection_socket_interface.proto:
--- shake256:e1ef5c6288164e96ad75f885a9de2fe652bbbdfdd8a7f007ebee1983286e2b9efdd7028b76c68ba529d2783956b5e79730a868ace2c4c115c1e7107f9fefa993 envoy/extensions/bootstrap/reverse_tunnel/downstream_socket_interface/v3/downstream_reverse_connection_socket_interface.proto
+++ shake256:660c22324d1b891b24b011b8794f39d1d6d4f1524f947b128472fc55d67aa42b6672de926e3bb5936d86fbf0a8c0e07c86f9db58d73c86b702b5040cc7975e0c envoy/extensions/bootstrap/reverse_tunnel/downstream_socket_interface/v3/downstream_reverse_connection_socket_interface.proto
@@ -2,6 +2,8 @@
package envoy.extensions.bootstrap.reverse_tunnel.downstream_socket_interface.v3;
+import "envoy/config/core/v3/base.proto";
+
import "udpa/annotations/status.proto";
option java_package = "io.envoyproxy.envoy.extensions.bootstrap.reverse_tunnel.downstream_socket_interface.v3";
@@ -22,6 +24,9 @@
// Request path used when issuing the HTTP reverse-connection handshake. Defaults to
// "/reverse_connections/request".
string request_path = 1;
+
+ // Additional headers to include in the HTTP handshake request.
+ repeated config.core.v3.HeaderValueOption additional_headers = 2;
}
// Stat prefix to be used for downstream reverse connection socket interface stats.
envoy/extensions/bootstrap/reverse_tunnel/upstream_socket_interface/v3/upstream_reverse_connection_socket_interface.proto:
--- shake256:619a9180e9bacad6103038fc2244b8239b0d849569f64f226ba8bf506a296f923e2eaf23e2aaa884d68b3d2e4de525d3324ced0436a98f5697ace6c8c77c640b envoy/extensions/bootstrap/reverse_tunnel/upstream_socket_interface/v3/upstream_reverse_connection_socket_interface.proto
+++ shake256:edc29f12ce800836aae0709201e19349a88375d8beeb35cd872414892d7fd12b2d2eae8faf1ac5dfac18110c4d0702e453f385d254fc76a60e2d3cccb637d4dc envoy/extensions/bootstrap/reverse_tunnel/upstream_socket_interface/v3/upstream_reverse_connection_socket_interface.proto
@@ -19,6 +19,7 @@
// [#extension: envoy.bootstrap.reverse_tunnel.upstream_socket_interface]
// Configuration for the upstream reverse connection socket interface.
+// [#next-free-field: 6]
message UpstreamReverseConnectionSocketInterface {
// Stat prefix for upstream reverse connection socket interface stats.
string stat_prefix = 1;
@@ -36,4 +37,11 @@
// the socket interface instantiates a reporter via the configured factory.
// If unset, no reporting is done.
config.core.v3.TypedExtensionConfig reporter_config = 4;
+
+ // Enables tenant-aware isolation for reverse connections. When set to ``true``, the socket
+ // interface requires tenant identifiers in addition to node and cluster identifiers and derives
+ // composite ``tenant:node`` and ``tenant:cluster`` keys for socket tracking. Identifiers
+ // containing the ``:`` delimiter are rejected to avoid ambiguity.
+ // Defaults to ``false`` for backwards compatibility.
+ google.protobuf.BoolValue enable_tenant_isolation = 5;
}
envoy/extensions/clusters/redis/v3/redis_cluster.proto:
--- shake256:5f8a02cf67b5c30f47a9459137ed47a77744906a5bb75baafbce675671109b7038b8464dc2b5e186728bd6360fa0d889df05ff944a21894a27d3cd2d7e38218b envoy/extensions/clusters/redis/v3/redis_cluster.proto
+++ shake256:8706a8bcd77de30b9d3efcb798059a31368272605e8bac4afb66a84051a35bd6ba32ea73d4dbd9ba44d94566b7077a8dcf701410cd56b118028a0bfb5fda8070 envoy/extensions/clusters/redis/v3/redis_cluster.proto
@@ -54,7 +54,7 @@
// redirect_refresh_threshold: 10
// [#extension: envoy.clusters.redis]
-// [#next-free-field: 7]
+// [#next-free-field: 8]
message RedisClusterConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.cluster.redis.RedisClusterConfig";
@@ -83,4 +83,14 @@
// If not set, this defaults to 0, which disables the topology refresh due to degraded or
// unhealthy host.
uint32 host_degraded_refresh_threshold = 6;
+
+ // Enable zone discovery via INFO command. When enabled, the cluster will
+ // send INFO command to each node to discover its availability_zone field,
+ // which is then used for zone-aware routing.
+ //
+ // Note: This feature currently works with Valkey only. Valkey exposes
+ // availability_zone in its INFO response. Standard Redis does not support this field.
+ //
+ // If not set, this defaults to false.
+ google.protobuf.BoolValue enable_zone_discovery = 7;
}
envoy/extensions/clusters/reverse_connection/v3/reverse_connection.proto:
--- shake256:713d411cee39f04b628ebfc3532d4a8af422cfb8885f372599ed0d86dd4011f743d160c66485159be9dee939ecf66de5c323cd1fc4523f1c3be62bde4e3bbbac envoy/extensions/clusters/reverse_connection/v3/reverse_connection.proto
+++ shake256:8bd676a0a41122ddf383c0520812f564cc4d8cc6692f5b20c8b3cbce34fe14c1e808e961327b8b1f48b909d477dd15262ace366b6554899243bf18c286cc77b7 envoy/extensions/clusters/reverse_connection/v3/reverse_connection.proto
@@ -46,4 +46,29 @@
//
// If the format string evaluates to an empty value, the request will not be routed.
string host_id_format = 2 [(validate.rules).string = {min_len: 1}];
+
+ // Tenant identifier format string for tenant-aware isolation.
+ //
+ // This format string is evaluated against the downstream request context to compute
+ // the tenant identifier when tenant isolation is enabled. The format string supports
+ // the same Envoy formatter syntax as ``host_id_format``.
+ //
+ // **REQUIRED** when tenant isolation is enabled (via ``enable_tenant_isolation`` in the
+ // reverse tunnel filter configuration).
+ //
+ // When tenant isolation is enabled and this field is set, the tenant identifier must be
+ // derivable from the request context (i.e., the formatter must evaluate to a non-empty
+ // value). If the tenant identifier cannot be inferred, host selection will fail and the
+ // request will not be routed.
+ //
+ // Examples:
+ //
+ // * ``%REQ(x-tenant-id)%``: Extract tenant ID from request header.
+ // * ``%DYNAMIC_METADATA(envoy.filters.network.reverse_tunnel:tenant_id)%``: Use metadata from reverse tunnel filter.
+ // * ``%CEL(request.headers['x-tenant-id'] | orValue('default'))%``: Use CEL with fallback.
+ //
+ // The delimiter used for concatenation is internal and not configurable. Users should
+ // ensure that tenant identifiers and host identifiers do not contain the delimiter character
+ // (``:``) to avoid ambiguity.
+ string tenant_id_format = 3 [(validate.rules).string = {max_len: 1024 ignore_empty: true}];
}
envoy/extensions/common/ratelimit/v3/ratelimit.proto:
--- shake256:1c6def9643491a1c8aa4b53cb2d0bb744acce4945d9eb63a3e7733d3f6a568c3a1d90531b42787d751a6ce3bbc861db13d1ac2a031892895ee3a2b66c70877db envoy/extensions/common/ratelimit/v3/ratelimit.proto
+++ shake256:4771d57c4812b0bd79a53d87a3ee09c02be588cd5294b234b897890b456c12ce11ac31f77bb70794d61f646b95ec19ffe3d17054cb672d838c2868152b3e06ac envoy/extensions/common/ratelimit/v3/ratelimit.proto
@@ -129,6 +129,11 @@
// Optional hits_addend for the rate limit descriptor. If set the value will override the
// request level hits_addend.
google.protobuf.UInt64Value hits_addend = 3;
+
+ // If true, the hits_addend value will be treated as negative, effectively adding to
+ // the rate limit budget instead of consuming from it. This can be used to refill previously consumed
+ // rate limit tokens.
+ bool is_negative_hits = 4;
}
// Configuration used to enable local rate limiting.
@@ -144,6 +149,9 @@
// Token Bucket algorithm for local ratelimiting.
type.v3.TokenBucket token_bucket = 2 [(validate.rules).message = {required: true}];
+
+ // Mark the descriptor as shadow. When the values is true, envoy allow requests to the backend.
+ bool shadow_mode = 3;
}
// Configuration used to enable local cluster level rate limiting where the token buckets
envoy/extensions/compression/gzip/compressor/v3/gzip.proto:
--- shake256:478847c0e8b17d45ba72ce23d3c0e658e8f479ddb8e70217a2b01f95f5005559432f958ffc1f3bbe524ec1afaa9d3c743f3d7e6b23380863847e37c4b309c537 envoy/extensions/compression/gzip/compressor/v3/gzip.proto
+++ shake256:61448ff01a63766c220b1c8b3baaf98cc51b1919293df1db680e62f80203f0809a8dad91ee72f06be9b49ac0dbe071ca8851c29f2608983c13a4e9a684a03897 envoy/extensions/compression/gzip/compressor/v3/gzip.proto
@@ -19,61 +19,106 @@
// [#next-free-field: 6]
message Gzip {
// All the values of this enumeration translate directly to zlib's compression strategies.
- // For more information about each strategy, please refer to zlib manual.
+ // For more information about each strategy, please refer to the
+ // `zlib manual <https://www.zlib.net/manual.html>`_.
enum CompressionStrategy {
+ // Default compression strategy.
DEFAULT_STRATEGY = 0;
+
+ // Filtered compression strategy, designed for data produced by a filter or predictor.
FILTERED = 1;
+
+ // Huffman-only compression strategy, which uses Huffman encoding only.
HUFFMAN_ONLY = 2;
+
+ // Run-length encoding (RLE) compression strategy, designed for image data.
RLE = 3;
+
+ // Fixed compression strategy, which prevents the use of dynamic Huffman codes.
FIXED = 4;
}
+ // Compression level values for zlib. Higher levels provide better compression at the cost of
+ // increased latency and CPU usage.
enum CompressionLevel {
option allow_alias = true;
+ // Default compression level, equivalent to ``COMPRESSION_LEVEL_6``.
DEFAULT_COMPRESSION = 0;
+
+ // Fastest compression with minimal compression ratio, equivalent to ``COMPRESSION_LEVEL_1``.
BEST_SPEED = 1;
+
+ // Compression level 1 (fastest).
COMPRESSION_LEVEL_1 = 1;
+
+ // Compression level 2.
COMPRESSION_LEVEL_2 = 2;
+
+ // Compression level 3.
COMPRESSION_LEVEL_3 = 3;
+
+ // Compression level 4.
COMPRESSION_LEVEL_4 = 4;
+
+ // Compression level 5.
COMPRESSION_LEVEL_5 = 5;
+
+ // Compression level 6.
COMPRESSION_LEVEL_6 = 6;
+
+ // Compression level 7.
COMPRESSION_LEVEL_7 = 7;
+
+ // Compression level 8.
COMPRESSION_LEVEL_8 = 8;
+
+ // Compression level 9 (best compression).
COMPRESSION_LEVEL_9 = 9;
+
+ // Best compression ratio with highest latency, equivalent to ``COMPRESSION_LEVEL_9``.
BEST_COMPRESSION = 9;
}
// Value from 1 to 9 that controls the amount of internal memory used by zlib. Higher values
- // use more memory, but are faster and produce better compression results. The default value is 5.
+ // use more memory, but are faster and produce better compression results.
+ //
+ // Defaults to ``5``.
google.protobuf.UInt32Value memory_level = 1 [(validate.rules).uint32 = {lte: 9 gte: 1}];
// A value used for selecting the zlib compression level. This setting will affect speed and
- // amount of compression applied to the content. "BEST_COMPRESSION" provides higher compression
- // at the cost of higher latency and is equal to "COMPRESSION_LEVEL_9". "BEST_SPEED" provides
- // lower compression with minimum impact on response time, the same as "COMPRESSION_LEVEL_1".
- // "DEFAULT_COMPRESSION" provides an optimal result between speed and compression. According
- // to zlib's manual this level gives the same result as "COMPRESSION_LEVEL_6".
- // This field will be set to "DEFAULT_COMPRESSION" if not specified.
+ // amount of compression applied to the content. ``BEST_COMPRESSION`` provides higher compression
+ // at the cost of higher latency and is equal to ``COMPRESSION_LEVEL_9``. ``BEST_SPEED`` provides
+ // lower compression with minimum impact on response time, the same as ``COMPRESSION_LEVEL_1``.
+ // ``DEFAULT_COMPRESSION`` provides an optimal result between speed and compression. According
+ // to zlib's manual, this level gives the same result as ``COMPRESSION_LEVEL_6``.
+ //
+ // Defaults to ``DEFAULT_COMPRESSION``.
CompressionLevel compression_level = 2 [(validate.rules).enum = {defined_only: true}];
// A value used for selecting the zlib compression strategy which is directly related to the
- // characteristics of the content. Most of the time "DEFAULT_STRATEGY" will be the best choice,
- // which is also the default value for the parameter, though there are situations when
- // changing this parameter might produce better results. For example, run-length encoding (RLE)
- // is typically used when the content is known for having sequences which same data occurs many
- // consecutive times. For more information about each strategy, please refer to zlib manual.
+ // characteristics of the content. Most of the time ``DEFAULT_STRATEGY`` will be the best choice,
+ // though there are situations when changing this parameter might produce better results. For
+ // example, run-length encoding (RLE) is typically used when the content is known for having
+ // sequences in which the same data occurs many consecutive times. For more information about
+ // each strategy, please refer to the `zlib manual <https://www.zlib.net/manual.html>`_.
+ //
+ // Defaults to ``DEFAULT_STRATEGY``.
CompressionStrategy compression_strategy = 3 [(validate.rules).enum = {defined_only: true}];
// Value from 9 to 15 that represents the base two logarithmic of the compressor's window size.
- // Larger window results in better compression at the expense of memory usage. The default is 12
- // which will produce a 4096 bytes window. For more details about this parameter, please refer to
- // zlib manual > deflateInit2.
+ // Larger window results in better compression at the expense of memory usage. For more details
+ // about this parameter, please refer to the
+ // `zlib manual <https://www.zlib.net/manual.html>`_ for ``deflateInit2``.
+ //
+ // Defaults to ``12``, which will produce a 4096 bytes window.
google.protobuf.UInt32Value window_bits = 4 [(validate.rules).uint32 = {lte: 15 gte: 9}];
- // Value for Zlib's next output buffer. If not set, defaults to 4096.
- // See https://www.zlib.net/manual.html for more details. Also see
- // https://github.com/envoyproxy/envoy/issues/8448 for context on this filter's performance.
+ // Value for zlib's next output buffer. See the
+ // `zlib manual <https://www.zlib.net/manual.html>`_ for more details. Also see
+ // `envoy#8448 <https://github.com/envoyproxy/envoy/issues/8448>`_ for context on this filter's
+ // performance.
+ //
+ // Defaults to ``4096``.
google.protobuf.UInt32Value chunk_size = 5 [(validate.rules).uint32 = {lte: 65536 gte: 4096}];
}
envoy/extensions/dynamic_modules/v3/dynamic_modules.proto:
--- shake256:9807d3ebad080c0acd2fbcc4286e17d94c2ea09233f52c89455ec54d6d1fb13b19b841faa36608cabf8e1e85f9f23fc0bf0f317ea5bf3a03c792c399121e980e envoy/extensions/dynamic_modules/v3/dynamic_modules.proto
+++ shake256:174933bd8f46d956cf29a5dcaff4f8711209faead4e33d83910b72c03bd1eb33b065e2dffbe51a94ccbbfc974cdff44fbd6b01cfab0b9cd0a4736064de122738 envoy/extensions/dynamic_modules/v3/dynamic_modules.proto
@@ -2,8 +2,9 @@
package envoy.extensions.dynamic_modules.v3;
+import "envoy/config/core/v3/base.proto";
+
import "udpa/annotations/status.proto";
-import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.extensions.dynamic_modules.v3";
option java_outer_classname = "DynamicModulesProto";
@@ -25,22 +26,29 @@
// reused.
//
// A module must be compatible with the ABI specified in :repo:`abi.h
-// <source/extensions/dynamic_modules/abi.h>`. Currently, compatibility is only guaranteed by an
+// <source/extensions/dynamic_modules/abi/abi.h>`. Currently, compatibility is only guaranteed by an
// exact version match between the Envoy codebase and the dynamic module SDKs. In the future, after
// the ABI is stabilized, this restriction will be revisited. Until then, Envoy checks the hash of
// the ABI header files to ensure that the dynamic modules are built against the same version of the
// ABI.
+// [#next-free-field: 8]
message DynamicModuleConfig {
// The name of the dynamic module.
//
// The client is expected to have some configuration indicating where to search for the module. In
- // Envoy, the search path can only be configured via the environment variable
+ // Envoy, the search path can be configured via the environment variable
// ``ENVOY_DYNAMIC_MODULES_SEARCH_PATH``. The actual search path is
- // ``${ENVOY_DYNAMIC_MODULES_SEARCH_PATH}/lib${name}.so``.
+ // ``${ENVOY_DYNAMIC_MODULES_SEARCH_PATH}/lib${name}.so``. If not set, the current working directory is
+ // used as the search path. After Envoy fails to find the module in the search path, it will also
+ // try to find the module from a standard system library path (e.g., ``/usr/lib``) following the
+ // platform's default behavior for ``dlopen``.
+ //
+ // This field is optional if the ``module`` field is set. When both ``name`` and ``module`` are
+ // specified, the ``module`` field takes precedence.
//
// .. note::
// There is some remaining work to make the search path configurable via command line options.
- string name = 1 [(validate.rules).string = {min_len: 1}];
+ string name = 1;
// If true, prevents the module from being unloaded with ``dlclose``.
//
@@ -51,7 +59,7 @@
// Defaults to ``false``.
bool do_not_close = 3;
- // If true, the dynamic module is loaded with the ``RTLD_GLOBAL`` flag.
+ // If ``true``, the dynamic module is loaded with the ``RTLD_GLOBAL`` flag.
//
// The dynamic module is loaded with the ``RTLD_LOCAL`` flag by default to avoid symbol conflicts
// when multiple modules are loaded. Set this to ``true`` to load the module with the
@@ -66,4 +74,42 @@
//
// Defaults to ``false``.
bool load_globally = 4;
+
+ // The namespace prefix for metrics emitted by this dynamic module.
+ //
+ // This allows users to customize the prefix used for all metrics created by the dynamic module.
+ // The prefix is prepended to all metric names. In prometheus output, metrics will appear with
+ // the standard ``envoy_`` prefix followed by this namespace. For example, if this is set to
+ // ``myapp``, a counter ``requests`` would appear as ``envoy_myapp_requests_total``.
+ //
+ // Defaults to ``dynamicmodulescustom``.
+ string metrics_namespace = 5;
+
+ // The dynamic module binary to load. Supports local file paths via ``local.filename``
+ // and remote HTTP sources via ``remote``.
+ //
+ // When using ``remote``, the module is fetched asynchronously during listener initialization.
+ // If the fetch fails (network error, SHA256 mismatch, invalid binary, etc.), the filter
+ // is **not installed** and requests pass through unfiltered (fail-open).
+ //
+ // When both ``name`` and ``module`` are set, ``module`` takes precedence.
+ config.core.v3.AsyncDataSource module = 6;
+
+ // Controls how a cache miss for a remote module is handled.
+ //
+ // When true (NACK mode), a cache miss causes an immediate NACK of the xDS config update.
+ // A background fetch is started and the module will be available on the next config push if
+ // the fetch succeeds.
+ //
+ // When false (default, warming mode), the server blocks during initialization until the fetch
+ // completes or exhausts retries. This mode requires an init manager and is not available in
+ // ECDS or per-route configurations.
+ //
+ // When using ``module.remote`` with ECDS or per-route configurations, this must be set to
+ // ``true``.
+ //
+ // Only applies when ``module.remote`` is set.
+ //
+ // Defaults to ``false``.
+ bool nack_on_cache_miss = 7;
}
envoy/extensions/filters/http/composite/v3/composite.proto:
--- shake256:002cd85799c5af02bd7a35f7d889014754cb0265dfb84cc39b9e8b569beb221ae9950bcd19b5580b9c50e016cf405b080946c52b7802bb63eef81279471798f0 envoy/extensions/filters/http/composite/v3/composite.proto
+++ shake256:5eda6bb5729dc34ac1a0ba6390df58021e94e61d5f540442d551ef15db94d015d68916535f4363ac1a7c99aed706048ffbe1a30396aaea913a32d110aea39ec9 envoy/extensions/filters/http/composite/v3/composite.proto
@@ -6,6 +6,8 @@
import "envoy/config/core/v3/config_source.proto";
import "envoy/config/core/v3/extension.proto";
+import "xds/type/matcher/v3/matcher.proto";
+
import "udpa/annotations/migrate.proto";
import "udpa/annotations/status.proto";
import "validate/validate.proto";
@@ -38,6 +40,19 @@
// This is useful when the same filter chain needs to be applied across many routes,
// as it avoids duplicating the filter chain configuration.
map<string, FilterChainConfiguration> named_filter_chains = 1;
+
+ // [#not-implemented-hide:]
+ // The match tree that will be used to select an action to execute. The action type should be
+ // :ref:`ExecuteFilterAction
+ // <envoy_v3_api_msg_extensions.filters.http.composite.v3.ExecuteFilterAction>`.
+ xds.type.matcher.v3.Matcher matcher = 2;
+}
+
+// Per-route configuration for the Composite filter.
+// [#not-implemented-hide:]
+message CompositePerRoute {
+ // Override of the match tree for this route.
+ xds.type.matcher.v3.Matcher matcher = 1 [(validate.rules).message = {required: true}];
}
// A list of filter configurations to be called in order. Note that this can be used as the type
envoy/extensions/filters/http/compressor/v3/compressor.proto:
--- shake256:81791ad5ea2a3098874b479dccc17f83f0c81af3589b0c1edc99b99fef85ff69ee544e25b234ba6a3dc717e49df5a45f0adba27df13f5d1d56a6c8a4c7e6246f envoy/extensions/filters/http/compressor/v3/compressor.proto
+++ shake256:88198818f68c7bb6aaec8fcfb16a43209feb9eb510006e5a05ec4e9098101e6dfd5015112d0e231861cc39e12a46b630d9a103c42157953340980d9da3cf656a envoy/extensions/filters/http/compressor/v3/compressor.proto
@@ -62,15 +62,26 @@
}
// Configuration for filter behavior on the response direction.
- // [#next-free-field: 6]
+ // [#next-free-field: 7]
message ResponseDirectionConfig {
CommonDirectionConfig common_config = 1;
// When this field is ``true``, disables compression when the response contains an ``ETag`` header.
// When this field is ``false``, the filter will preserve weak ``ETag`` values and remove those that
- // require strong validation.
+ // require strong validation (unless ``weaken_etag_on_compress`` is set).
+ // When both ``disable_on_etag_header`` and ``weaken_etag_on_compress`` are ``true``,
+ // ``weaken_etag_on_compress`` takes precedence (compression is applied and the ETag is weakened).
bool disable_on_etag_header = 2;
+ // When this field is ``true`` and the filter compresses a response that contains a strong
+ // ``ETag``, the filter will weaken the ETag by prepending ``W/`` to its value instead of
+ // removing it. This allows caching and conditional requests to work while indicating the
+ // response body was modified by compression. When ``false`` (default), strong ETags are
+ // removed when compression is applied. When both ``weaken_etag_on_compress`` and
+ // ``disable_on_etag_header`` are ``true``, this field takes precedence so that compression
+ // is applied and the ETag is weakened, supporting gradual rollout to clients and servers.
+ bool weaken_etag_on_compress = 6;
+
// When this field is ``true``, removes ``Accept-Encoding`` from the request headers before dispatching
// the request to the upstream so that responses do not get compressed before reaching the filter.
//
envoy/extensions/filters/http/dynamic_modules/v3/dynamic_modules.proto:
--- shake256:9e76a22c9cdead3f586feeec0952f4809fe77c613adbaea2ffc25d357cdea64c3468f7b960227208a372f53ac5a25345af4db2bfd9a93a1562efb0e2d4e8323b envoy/extensions/filters/http/dynamic_modules/v3/dynamic_modules.proto
+++ shake256:9abbc21d8abf790f661403eabb964d0e639ff04c4411c5bd7580483cda9296b56bf525831af47395d1f4c96e9b729e95eae77a062d01ef016d6816b31ba21173 envoy/extensions/filters/http/dynamic_modules/v3/dynamic_modules.proto
@@ -6,6 +6,7 @@
import "google/protobuf/any.proto";
+import "envoy/annotations/deprecation.proto";
import "udpa/annotations/status.proto";
option java_package = "io.envoyproxy.envoy.extensions.filters.http.dynamic_modules.v3";
@@ -90,16 +91,32 @@
// receives this configuration, it passes the ``per_route_config_name`` to the dynamic module's
// HTTP per-route filter config init function together with the ``filter_config``. That way a
// module can decide which in-module filter implementation to use based on the name at load time.
- string per_route_config_name = 2;
+ //
+ // .. note::
+ // This is deprecated in favor of ``filter_name``. Please use ``filter_name`` instead of
+ // ``per_route_config_name`` to specify the name for the filter implementation.
+ // If both ``per_route_config_name`` and ``filter_name`` are specified, Envoy uses
+ // ``filter_name`` and ignores ``per_route_config_name``.
+ //
+ string per_route_config_name = 2
+ [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
+
+ // The name for this filter configuration.
+ //
+ // This can be used to distinguish between different filter implementations inside a dynamic
+ // module. For example, a module can have completely different filter implementations. When Envoy
+ // receives this configuration, it passes the ``filter_name`` to the dynamic module's
+ // HTTP per-route filter config init function together with the ``filter_config``. That way a
+ // module can decide which in-module filter implementation to use based on the name at load time.
+ string filter_name = 4;
- // The configuration for the filter chosen by ``per_route_config_name``.
+ // The configuration for the filter chosen by ``filter_name``.
//
// This is passed to the module's HTTP per-route filter initialization function. Together with
- // the ``per_route_config_name``, the module can decide which in-module filter implementation to
- // use and fine-tune the behavior of the filter on a specific route.
+ // the ``filter_name``, the module can decide which in-module filter implementation to use and fine-tune the behavior of the filter on a specific route.
//
// For example, if a module has two filter implementations, one for logging and one for header
- // manipulation, ``per_route_config_name`` is used to choose either logging or header
+ // manipulation, ``filter_name`` is used to choose either logging or header
// manipulation. The ``filter_config`` can be used to configure the logging level or the header
// manipulation behavior.
//
envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto:
--- shake256:5753ad827ada06f3e3f0f98a57a0b70e93a6bbdd8b8b8a969e9c34d99804516e4593ed746c4e132edc3354c404be5ccff2a2f8553dd32667d4a3d6e7db8feaf0 envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
+++ shake256:b5adab52f4b770083cb54fb1866189dc3e58a36587925aa32003e04a864e666f1013c3af16b69ef346302534291b604fc04ce9b5507e69cd421e2ecc3a9682e7 envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
@@ -30,7 +30,7 @@
// External Authorization :ref:`configuration overview <config_http_filters_ext_authz>`.
// [#extension: envoy.filters.http.ext_authz]
-// [#next-free-field: 32]
+// [#next-free-field: 33]
message ExtAuthz {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.http.ext_authz.v3.ExtAuthz";
@@ -359,6 +359,64 @@
//
// Defaults to ``false``.
bool enforce_response_header_limits = 31;
+
+ // When set to ``true``, the filter operates in shadow mode. In shadow mode the
+ // filter still calls the external authorization service and processes the response,
+ // but never terminates the request. Instead of sending a local reply on a denied or
+ // error response, the filter writes the authorization decision (engine result, status
+ // code, response headers) into the request's
+ // :ref:`FilterState <arch_overview_data_sharing_between_filters>` as a
+ // :ref:`ShadowDecision
+ // <envoy_v3_api_msg_extensions.filters.http.ext_authz.v3.ShadowDecision>` object so
+ // that subsequent filters can read and optionally enforce it.
+ //
+ // The FilterState key is the filter's configured ``name`` in the filter chain with a
+ // ``.shadow`` suffix (``envoy.filters.http.ext_authz.shadow`` by default). Multiple ext_authz
+ // filters in the same chain must already have distinct names and therefore write to distinct
+ // keys automatically.
+ //
+ // The auth server's denied-response body is intentionally **not** carried on the
+ // ShadowDecision: bodies can be arbitrarily large and no downstream consumer in the
+ // shadow-comparison flow needs them. A consumer that wants to reproduce the auth
+ // server's full denied response must read it from its own source of truth rather
+ // than replaying it from FilterState.
+ //
+ // Header and query-parameter mutations from an OK response are still applied to the
+ // request as usual.
+ //
+ // Defaults to ``false``.
+ bool shadow_mode = 32;
+}
+
+// Serialized form of the shadow-mode authorization decision written to FilterState
+// when :ref:`shadow_mode
+// <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.shadow_mode>` is
+// enabled. Consumed by a downstream filter that decides whether to enforce the
+// decision.
+message ShadowDecision {
+ // The decision the auth server returned.
+ enum CheckResult {
+ UNSPECIFIED = 0;
+ OK = 1;
+ DENIED = 2;
+ ERROR = 3;
+ }
+
+ // The decision the auth server returned.
+ CheckResult check_result = 1;
+
+ // Response status code associated with the decision. For ``DENIED`` and ``ERROR`` this is
+ // the code the filter would have set on termination (the auth server's code for ``DENIED``,
+ // or :ref:`status_on_error
+ // <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.status_on_error>` fallback
+ // for ``ERROR``). For ``OK`` this defaults to ``200`` so consumers always see a populated
+ // value — the upstream response code is not known at shadow-decision time.
+ uint32 status_code = 2 [(validate.rules).uint32 = {lte: 599 gte: 100 ignore_empty: true}];
+
+ // Response headers the auth server asked to set on a denied response
+ // (e.g. ``WWW-Authenticate``, ``Set-Cookie``). Populated for ``DENIED`` only.
+ // Preserves ordering and duplicate header names.
+ repeated config.core.v3.HeaderValue response_headers = 3;
}
// Configuration for buffering the request data.
@@ -426,7 +484,7 @@
// metadata as well as body may be added to the client's response. See :ref:`allowed_client_headers
// <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.AuthorizationResponse.allowed_client_headers>`
// for details.
-// [#next-free-field: 10]
+// [#next-free-field: 11]
message HttpService {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.http.ext_authz.v2.HttpService";
@@ -437,8 +495,13 @@
config.core.v3.HttpUri server_uri = 1;
// Sets a prefix to the value of authorization request header ``Path``.
+ // Only one of ``path_prefix`` or ``path_override`` may be set.
string path_prefix = 2;
+ // Replaces the value of authorization request header ``Path`` with this value.
+ // Only one of ``path_prefix`` or ``path_override`` may be set.
+ string path_override = 10;
+
// Settings used for controlling authorization request metadata.
AuthorizationRequest authorization_request = 7;
envoy/extensions/filters/http/ext_proc/v3/ext_proc.proto:
--- shake256:bb668849b33a7391d165b6b1e36b7049fc3ec26026d0e968c9398a8c2b56f1b2c3b5926bfe0d17ab81683a5454c0a99d36c28a61aac13b7d46dd3e754d04dd10 envoy/extensions/filters/http/ext_proc/v3/ext_proc.proto
+++ shake256:8abe6aeb9fe7bb19c1453260272f450a201be9cc72d3a160fd6a5ae3afb6268272101805eb17a3bb801dbce828b7bc989f0aa38fe501381723a95f5c4f39d01a envoy/extensions/filters/http/ext_proc/v3/ext_proc.proto
@@ -98,7 +98,7 @@
// <arch_overview_advanced_filter_state_sharing>` object in a namespace matching the filter
// name.
//
-// [#next-free-field: 26]
+// [#next-free-field: 27]
message ExternalProcessor {
// Describes the route cache action to be taken when an external processor response
// is received in response to request headers.
@@ -285,14 +285,6 @@
//
// 3. External processor may still close the stream to indicate that no more messages are needed.
//
- // .. warning::
- //
- // Flow control is a necessary mechanism to prevent the fast sender (either downstream client or upstream server)
- // from overwhelming the external processor when its processing speed is slower.
- // This protective measure is being explored and developed but has not been ready yet, so please use your own
- // discretion when enabling this feature.
- // This work is currently tracked under https://github.com/envoyproxy/envoy/issues/33319.
- //
bool observability_mode = 17;
// Prevents clearing the route-cache when the
@@ -369,6 +361,20 @@
//
// The default status is ``HTTP 500 Internal Server Error``.
type.v3.HttpStatus status_on_error = 24;
+
+ // If true, the filter will not remove the ``content-length`` header from the request/response after external processing.
+ // It is typically used in
+ // :ref:`FULL_DUPLEX_STREAMED <envoy_v3_api_enum_value_extensions.filters.http.ext_proc.v3.ProcessingMode.BodySendMode.FULL_DUPLEX_STREAMED>`
+ // mode. If the original body has been modified, the external processing server needs to set the correct content-length header in HeaderMutation
+ // that matches the modified body length.
+ //
+ // .. warning::
+ //
+ // This configuration should only be used if you are sure that the content length matches
+ // the body length after external processing. Otherwise, it may cause vulnerability issues such as
+ // request smuggling. Thus, please use your own discretion when enabling this feature.
+ //
+ bool allow_content_length_header = 26;
}
// ExtProcHttpService is used for HTTP communication between the filter and the external processing service.
envoy/extensions/filters/http/ext_proc/v3/processing_mode.proto:
--- shake256:7c47e01e6bd412b0dfa541a4e7337df6e21bafd4e16296091b1481cfafd975ec4c0405cf2262dde4f8dbe2a1227b4d344d54e2cc11f43f5ed7844279dbdd41e1 envoy/extensions/filters/http/ext_proc/v3/processing_mode.proto
+++ shake256:6ddb465da319eecc453afdb11b62ec12451d3ee7eefc0ece502e2ef912395d2e93751af26143901a8edb30aa5ab82fc30ba2e011d7364dad0d5cbe3a9b6b0ee8 envoy/extensions/filters/http/ext_proc/v3/processing_mode.proto
@@ -20,20 +20,20 @@
// [#next-free-field: 7]
message ProcessingMode {
- // Control how headers and trailers are handled
+ // Control how headers and trailers are handled.
enum HeaderSendMode {
- // When used to configure the ext_proc filter :ref:`processing_mode
- // <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.processing_mode>`,
- // the default HeaderSendMode depends on which part of the message is being processed. By
+ // When used to configure the ext_proc filter
+ // :ref:`processing_mode <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.processing_mode>`,
+ // the default ``HeaderSendMode`` depends on which part of the message is being processed. By
// default, request and response headers are sent, while trailers are skipped.
//
- // When used in :ref:`mode_override
- // <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.mode_override>` or
- // :ref:`allowed_override_modes
- // <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.allowed_override_modes>`,
- // a value of DEFAULT indicates that there is no change from the behavior that is configured for
- // the filter in :ref:`processing_mode
- // <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.processing_mode>`.
+ // When used in
+ // :ref:`mode_override <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.mode_override>`
+ // or
+ // :ref:`allowed_override_modes <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.allowed_override_modes>`,
+ // a value of ``DEFAULT`` indicates that there is no change from the behavior that is configured
+ // for the filter in
+ // :ref:`processing_mode <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.processing_mode>`.
DEFAULT = 0;
// Send the header or trailer.
@@ -43,24 +43,27 @@
SKIP = 2;
}
- // Control how the request and response bodies are handled
- // When body mutation by external processor is enabled, ext_proc filter will always remove
- // the content length header in four cases below because content length can not be guaranteed
- // to be set correctly:
- // 1) STREAMED BodySendMode: header processing completes before body mutation comes back.
- // 2) BUFFERED_PARTIAL BodySendMode: body is buffered and could be injected in different phases.
- // 3) BUFFERED BodySendMode + SKIP HeaderSendMode: header processing (e.g., update content-length) is skipped.
- // 4) FULL_DUPLEX_STREAMED BodySendMode: header processing completes before body mutation comes back.
- //
- // In Envoy's http1 codec implementation, removing content length will enable chunked transfer
- // encoding whenever feasible. The recipient (either client or server) must be able
- // to parse and decode the chunked transfer coding.
+ // Control how the request and response bodies are handled.
+ //
+ // When body mutation by the external processor is enabled, the ext_proc filter will always remove the
+ // content length header in the following four cases, unless
+ // :ref:`allow_content_length_header <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.allow_content_length_header>`
+ // is enabled. This is because the content length cannot be guaranteed to be set correctly:
+ //
+ // 1) ``STREAMED`` BodySendMode: header processing completes before body mutation comes back.
+ // 2) ``BUFFERED_PARTIAL`` BodySendMode: body is buffered and could be injected in different phases.
+ // 3) ``BUFFERED`` BodySendMode + ``SKIP`` HeaderSendMode: header processing (e.g., update content-length) is skipped.
+ // 4) ``FULL_DUPLEX_STREAMED`` BodySendMode: header processing completes before body mutation comes back.
+ //
+ // In Envoy's HTTP/1 codec implementation, removing content length will enable chunked transfer
+ // encoding whenever feasible. The recipient (either client or server) must be able to parse and
+ // decode the chunked transfer coding
// (see `details in RFC9112 <https://tools.ietf.org/html/rfc9112#section-7.1>`_).
//
- // In BUFFERED BodySendMode + SEND HeaderSendMode, content length header is allowed but it is
- // external processor's responsibility to set the content length correctly matched to the length
- // of mutated body. If they don't match, the corresponding body mutation will be rejected and
- // local reply will be sent with an error message.
+ // In ``BUFFERED`` BodySendMode + ``SEND`` HeaderSendMode, content length header is allowed but it
+ // is the external processor's responsibility to set the content length correctly matched to the
+ // length of the mutated body. If they don't match, the corresponding body mutation will be
+ // rejected and a local reply will be sent with an error message.
enum BodySendMode {
// Do not send the body at all. This is the default.
NONE = 0;
@@ -80,73 +83,88 @@
// The ext_proc client (the data plane) streams the body to the server in pieces as they arrive.
//
- // 1) The server may choose to buffer any number chunks of data before processing them.
- // After it finishes buffering, the server processes the buffered data. Then it splits the processed
- // data into any number of chunks, and streams them back to the ext_proc client one by one.
- // The server may continuously do so until the complete body is processed.
- // The individual response chunk size is recommended to be no greater than 64K bytes, or
- // :ref:`max_receive_message_length <envoy_v3_api_field_config.core.v3.GrpcService.EnvoyGrpc.max_receive_message_length>`
- // if EnvoyGrpc is used.
- //
- // 2) The server may also choose to buffer the entire message, including the headers (if header mode is
- // ``SEND``), the entire body, and the trailers (if present), before sending back any response.
- // The server response has to maintain the headers-body-trailers ordering.
+ // 1) The server may choose to buffer any number of chunks of data before processing them.
+ // After it finishes buffering, the server processes the buffered data. Then it splits the
+ // processed data into any number of chunks, and streams them back to the ext_proc client one
+ // by one. The server may continuously do so until the complete body is processed. The
+ // individual response chunk size is recommended to be no greater than 64K bytes, or
+ // :ref:`max_receive_message_length <envoy_v3_api_field_config.core.v3.GrpcService.EnvoyGrpc.max_receive_message_length>`
+ // if EnvoyGrpc is used.
+ //
+ // 2) The server may also choose to buffer the entire message, including the headers (if header
+ // mode is ``SEND``), the entire body, and the trailers (if present), before sending back any
+ // response. The server response has to maintain the headers-body-trailers ordering.
//
- // 3) Note that the server might also choose not to buffer data. That is, upon receiving a
- // body request, it could process the data and send back a body response immediately.
+ // 3) Note that the server might also choose not to buffer data. That is, upon receiving a body
+ // request, it could process the data and send back a body response immediately.
//
// In this body mode:
+ //
// * The corresponding trailer mode has to be set to ``SEND``.
- // * The client will send body and trailers (if present) to the server as they arrive.
- // Sending the trailers (if present) is to inform the server the complete body arrives.
- // In case there are no trailers, then the client will set
+ // * The client will send body and trailers (if present) to the server as they arrive. Sending
+ // the trailers (if present) is to inform the server that the complete body has arrived. In
+ // case there are no trailers, then the client will set
// :ref:`end_of_stream <envoy_v3_api_field_service.ext_proc.v3.HttpBody.end_of_stream>`
- // to true as part of the last body chunk request to notify the server that no other data is to be sent.
+ // to ``true`` as part of the last body chunk request to notify the server that no other data
+ // is to be sent.
// * The server needs to send
// :ref:`StreamedBodyResponse <envoy_v3_api_msg_service.ext_proc.v3.StreamedBodyResponse>`
// to the client in the body response.
- // * The client will stream the body chunks in the responses from the server to the upstream/downstream as they arrive.
-
+ // * The client will stream the body chunks in the responses from the server to the
+ // upstream/downstream as they arrive.
FULL_DUPLEX_STREAMED = 4;
// [#not-implemented-hide:]
- // A mode for gRPC traffic. This is similar to ``FULL_DUPLEX_STREAMED``,
- // except that instead of sending raw chunks of the HTTP/2 DATA frames,
- // the ext_proc client will de-frame the individual gRPC messages inside
- // the HTTP/2 DATA frames, and as each message is de-framed, it will be
- // sent to the ext_proc server as a :ref:`request_body
- // <envoy_v3_api_field_service.ext_proc.v3.ProcessingRequest.request_body>`
- // or :ref:`response_body
- // <envoy_v3_api_field_service.ext_proc.v3.ProcessingRequest.response_body>`.
+ // A mode for gRPC traffic. This is similar to ``FULL_DUPLEX_STREAMED``, except that instead of
+ // sending raw chunks of the HTTP/2 DATA frames, the ext_proc client will de-frame the
+ // individual gRPC messages inside the HTTP/2 DATA frames, and as each message is de-framed, it
+ // will be sent to the ext_proc server as a
+ // :ref:`request_body <envoy_v3_api_field_service.ext_proc.v3.ProcessingRequest.request_body>`
+ // or
+ // :ref:`response_body <envoy_v3_api_field_service.ext_proc.v3.ProcessingRequest.response_body>`.
// The ext_proc server will stream back individual gRPC messages in the
// :ref:`StreamedBodyResponse <envoy_v3_api_msg_service.ext_proc.v3.StreamedBodyResponse>`
- // field, but the number of messages sent by the ext_proc server
- // does not need to equal the number of messages sent by the data
- // plane. This allows the ext_proc server to change the number of
- // messages sent on the stream.
- // In this mode, the client will send body and trailers to the server as
- // they arrive.
+ // field, but the number of messages sent by the ext_proc server does not need to equal the
+ // number of messages sent by the data plane. This allows the ext_proc server to change the
+ // number of messages sent on the stream. In this mode, the client will send body and trailers
+ // to the server as they arrive.
GRPC = 5;
}
- // How to handle the request header. Default is "SEND".
- // Note this field is ignored in :ref:`mode_override
- // <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.mode_override>`, since mode
- // overrides can only affect messages exchanged after the request header is processed.
+ // How to handle the request header.
+ //
+ // .. note::
+ //
+ // This field is ignored in
+ // :ref:`mode_override <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.mode_override>`,
+ // since mode overrides can only affect messages exchanged after the request header is
+ // processed.
+ //
+ // Defaults to ``SEND``.
HeaderSendMode request_header_mode = 1 [(validate.rules).enum = {defined_only: true}];
- // How to handle the response header. Default is "SEND".
+ // How to handle the response header.
+ //
+ // Defaults to ``SEND``.
HeaderSendMode response_header_mode = 2 [(validate.rules).enum = {defined_only: true}];
- // How to handle the request body. Default is "NONE".
+ // How to handle the request body.
+ //
+ // Defaults to ``NONE``.
BodySendMode request_body_mode = 3 [(validate.rules).enum = {defined_only: true}];
- // How do handle the response body. Default is "NONE".
+ // How to handle the response body.
+ //
+ // Defaults to ``NONE``.
BodySendMode response_body_mode = 4 [(validate.rules).enum = {defined_only: true}];
- // How to handle the request trailers. Default is "SKIP".
+ // How to handle the request trailers.
+ //
+ // Defaults to ``SKIP``.
HeaderSendMode request_trailer_mode = 5 [(validate.rules).enum = {defined_only: true}];
- // How to handle the response trailers. Default is "SKIP".
+ // How to handle the response trailers.
+ //
+ // Defaults to ``SKIP``.
HeaderSendMode response_trailer_mode = 6 [(validate.rules).enum = {defined_only: true}];
}
envoy/extensions/filters/http/geoip/v3/geoip.proto:
--- shake256:f1ce76dc162b62f57898c3f089e2afdd5c6543e14fed6ad02a2ebbc220d55f53378ee6e19f05eb1a2cb4c5b6836ebcd125d3abbc26012190cf544c9ce97717ce envoy/extensions/filters/http/geoip/v3/geoip.proto
+++ shake256:4d560d9e92f505b94c8443df5ca069765297648c1cf28576cae11cdf571689c90dc5fb2b4b9cf9718fb5352dd1057df56bd5f5da8be4bbc194494fa7b3026404 envoy/extensions/filters/http/geoip/v3/geoip.proto
@@ -4,8 +4,6 @@
import "envoy/config/core/v3/extension.proto";
-import "xds/annotations/v3/status.proto";
-
import "udpa/annotations/status.proto";
import "validate/validate.proto";
@@ -14,7 +12,6 @@
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/geoip/v3;geoipv3";
option (udpa.annotations.file_status).package_version_status = ACTIVE;
-option (xds.annotations.v3.file_status).work_in_progress = true;
// [#protodoc-title: Geoip]
// Geoip :ref:`configuration overview <config_http_filters_geoip>`.
envoy/extensions/filters/http/mcp/v3/mcp.proto:
--- shake256:465bfc5258cfc02a55d62f64738c2e9c23266138751628c32cbe61da84cc8d12bdfb7a19577e3fb4e433cbc9c30cbea7d7d0d61d5a8119996380c0fab161a8e2 envoy/extensions/filters/http/mcp/v3/mcp.proto
+++ shake256:328867464937b631c46b21ab01d87750ba39570d9092007aa9ca09c8443e54829c4872b77e7e310ac1245b6871f5c9e9e59b4f8e49385eeace4abd24cb2d7d67 envoy/extensions/filters/http/mcp/v3/mcp.proto
@@ -21,6 +21,7 @@
// [#extension: envoy.filters.http.mcp]
// This filter will inspect and get attributes from MCP traffic.
+// [#next-free-field: 8]
message Mcp {
// Traffic handling mode for non-MCP traffic.
enum TrafficMode {
@@ -32,9 +33,34 @@
// Valid MCP requests are:
// - POST requests with JSON-RPC 2.0 messages
// - GET requests for SSE streams (with Accept: text/event-stream)
+ // - DELETE requests for session termination (with MCP-Session-Id header)
REJECT_NO_MCP = 1;
}
+ // Where to store parsed MCP request attributes.
+ enum RequestStorageMode {
+ // Unspecified. Uses default behavior (same as DYNAMIC_METADATA).
+ MODE_UNSPECIFIED = 0;
+
+ // Store request attributes in dynamic metadata only.
+ // This is the default behavior.
+ DYNAMIC_METADATA = 1;
+
+ // Store request attributes in filter state only.
+ FILTER_STATE = 2;
+
+ // Store request attributes in both dynamic metadata and filter state.
+ DYNAMIC_METADATA_AND_FILTER_STATE = 3;
+ }
+
+ message TraceContextPropagationConfig {
+ option (xds.annotations.v3.message_status).work_in_progress = true;
+ }
+
+ message BaggagePropagationConfig {
+ option (xds.annotations.v3.message_status).work_in_progress = true;
+ }
+
// Configures how the filter handles non-MCP traffic.
TrafficMode traffic_mode = 1 [(validate.rules).enum = {defined_only: true}];
@@ -54,6 +80,33 @@
// Parser configuration, this provide the attribute extraction override.
ParserConfig parser_config = 4;
+
+ // Where to store parsed MCP request attributes.
+ // Controls whether attributes are written to dynamic metadata, filter state, or both.
+ // Default is DYNAMIC_METADATA when unspecified.
+ RequestStorageMode request_storage_mode = 5 [(validate.rules).enum = {defined_only: true}];
+
+ // If set, extract and validate W3C trace context from the MCP request body
+ // (params._meta.traceparent & params._meta.tracestate) and propagate it in HTTP headers
+ // ``traceparent`` and ``tracestate`` (respectively).
+ //
+ // The traceparent and tracestate fields are validated and propagated according to the spec at
+ // ``https://www.w3.org/TR/trace-context/``.
+ //
+ // If unset (default), do not extract or inject trace context.
+ TraceContextPropagationConfig propagate_trace_context = 6;
+
+ // If set, extract and validate W3C baggage from the MCP request body (params._meta.baggage) and
+ // copy it to the HTTP header ``baggage``.
+ //
+ // The baggage field is validated according to the spec at ``https://www.w3.org/TR/baggage/``.
+
+ // Note that this is independent of ``propagate_trace_context``.
+ // Also note that if this is set, the downstream request's baggage header will be overwritten if
+ // the MCP request body contains a valid baggage field.
+ //
+ // If unset (default), do not extract or inject baggage.
+ BaggagePropagationConfig propagate_baggage = 7;
}
// Parser configuration with method-specific rules.
envoy/extensions/filters/http/oauth2/v3/oauth.proto:
--- shake256:9f939fda4e1780444a5842e1b5a8c49ea62094afc0b6d83dbfd7479bfa3623be6a5c876538f9e4f7494fce932d88b9f04169da5ff732e44b87b8b318e85a7841 envoy/extensions/filters/http/oauth2/v3/oauth.proto
+++ shake256:ee6caa86d0cdc97ae3c573a296a30936418d625215a6d2e80817c78eb964bd650e0a00297972fd96420001a4745e97dfbda51fa61501cc26064f7784ba532d58 envoy/extensions/filters/http/oauth2/v3/oauth.proto
@@ -127,8 +127,9 @@
string client_id = 1 [(validate.rules).string = {min_len: 1}];
// The secret used to retrieve the access token. This value will be URL encoded when sent to the OAuth server.
- transport_sockets.tls.v3.SdsSecretConfig token_secret = 2
- [(validate.rules).message = {required: true}];
+ // This field is required unless :ref:`auth_type <envoy_v3_api_field_extensions.filters.http.oauth2.v3.OAuth2Config.auth_type>`
+ // is set to ``TLS_CLIENT_AUTH``, in which case authentication is done via the client certificate.
+ transport_sockets.tls.v3.SdsSecretConfig token_secret = 2;
// Configures how the secret token should be created.
oneof token_formation {
@@ -150,7 +151,7 @@
// OAuth config
//
-// [#next-free-field: 27]
+// [#next-free-field: 28]
message OAuth2Config {
enum AuthType {
// The ``client_id`` and ``client_secret`` will be sent in the URL encoded request body.
@@ -159,6 +160,14 @@
// The ``client_id`` and ``client_secret`` will be sent using HTTP Basic authentication scheme.
BASIC_AUTH = 1;
+
+ // The client will be authenticated using mutual TLS (mTLS) with a client certificate.
+ // The ``client_secret`` is not required and will not be sent in the request to the
+ // authorization server.
+ // The client certificate must be configured in the cluster used by ``token_endpoint`` via
+ // transport socket configuration.
+ // This implements OAuth 2.0 Mutual-TLS Client Authentication as defined in RFC 8705.
+ TLS_CLIENT_AUTH = 2;
}
// Endpoint on the authorization server to retrieve the access token from.
@@ -283,10 +292,32 @@
// This option should only be used in secure environments where token encryption is not required.
// Default is false (tokens are encrypted).
bool disable_token_encryption = 26;
+
+ // Any request that matches any of the provided matchers will be allowed to continue to upstream
+ // even if OAuth validation fails (missing, invalid, or expired credentials).
+ // This is useful for services that can handle both authenticated and unauthenticated requests,
+ // enabling graceful degradation patterns.
+ //
+ // When triggered, all OAuth cookies are stripped from the request and the request proceeds as unauthenticated.
+ // Context headers ``x-envoy-oauth-status: failed`` and ``x-envoy-oauth-failure-reason`` are added to inform upstream.
+ //
+ // Note: If a request matches pass_through_matcher, it bypasses OAuth validation and this matcher won't be evaluated.
+ // This matcher takes precedence over deny_redirect_matcher.
+ repeated config.route.v3.HeaderMatcher allow_failed_matcher = 27;
+}
+
+// Per-route OAuth2 config.
+//
+// This message supplies an OAuth2Config for the matched route.
+// It overrides the filter-level config for requests matching the route.
+// If neither the global config nor a per-route config is specified, OAuth2 is disabled for the route.
+message OAuth2PerRoute {
+ // Full OAuth2 config for this route.
+ OAuth2Config config = 1 [(validate.rules).message = {required: true}];
}
// Filter config.
message OAuth2 {
- // Leave this empty to disable OAuth2 for a specific route, using per filter config.
+ // The OAuth2 filter config.
OAuth2Config config = 1;
}
envoy/extensions/filters/http/proto_api_scrubber/v3/config.proto:
--- shake256:1ae73302964f63f0d1e375ad6a78da4859bffbf7ed184d4af5e15a9ae0753daa26ddcaf538c25e0685945ce2b2879a7718180dc599bea7a372948d126abdb520 envoy/extensions/filters/http/proto_api_scrubber/v3/config.proto
+++ shake256:d5176f9cab065fc232e3b5d4d3926abcfeae942b92fea4fe560f60fc5f854c23a36d118cac46cef1abef62ebbccb5d1805d7fa3157dd6cfab8a4706a4f0bec74 envoy/extensions/filters/http/proto_api_scrubber/v3/config.proto
@@ -41,6 +41,9 @@
// Specifies the filtering mode of this filter.
FilteringMode filtering_mode = 3;
+
+ // If true, the filter will scrub unknown fields from the protobuf messages.
+ bool scrub_unknown_fields = 4;
}
// Specifies the descriptor set for proto services.
envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto:
--- shake256:f6b9dcc9dfb1e6fbaa6b7a84c89c621eb79ec5c7341c179bbe08c3382de9aa3ed34fb549aa090e2c770693b966b3ca9851caf6746064d71c82909c549b2961d7 envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto
+++ shake256:9357baac054d71b1b6361fe24de5fd0b9ee746375f66e9cff832d5c836611c71319ecab5634d12f2cc4bd73d395f85ebb2abb06ce8921b856d6c5b862e927e49 envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto
@@ -60,7 +60,7 @@
[(validate.rules).string = {in: "internal" in: "external" in: "both" in: ""}];
// The timeout in milliseconds for the rate limit service RPC. If not
- // set, this defaults to 20ms.
+ // set, this defaults to 20ms. A value of 0 disables the timeout (infinite).
google.protobuf.Duration timeout = 4;
// The filter's behaviour in case the rate limiting service does
envoy/extensions/filters/http/set_filter_state/v3/set_filter_state.proto:
--- shake256:d38cb8d1499d4aca120889be75342aa6a764b98840210510553bba03db976148eb33f935fa8d18fdbb6a306bb5fcf39bf01cd143b51a7308566638858ba2c8e3 envoy/extensions/filters/http/set_filter_state/v3/set_filter_state.proto
+++ shake256:4f6237ab57ff613d95e3b9f9ec380142454c200e4043a624d8647aeda312ee2e16e1eecb33f8b88730ea02a71ce5044c949a42f117830bd4ec8b724256201200 envoy/extensions/filters/http/set_filter_state/v3/set_filter_state.proto
@@ -24,4 +24,9 @@
// A sequence of the filter state values to apply in the specified order
// when a new request is received.
repeated common.set_filter_state.v3.FilterStateValue on_request_headers = 1;
+
+ // Clear the route cache for the current client request. This is necessary
+ // if the route configuration may depend on the filter state values set by
+ // this filter.
+ bool clear_route_cache = 2;
}
envoy/extensions/filters/http/stateful_session/v3/stateful_session.proto:
--- shake256:da97c315f9061cb3ed2e89bd696f2f6adc39416b878ae97e5727af3f7b85523eb976d0ff80b28d93cd51923fb49113b14fd54ea90861caed40e570ae541899da envoy/extensions/filters/http/stateful_session/v3/stateful_session.proto
+++ shake256:61fee391431b5282046a8291b84e17f9c225425b25ff7ee3893bb3360c31cd15960fa97d6b468f62d493aba0566267ce8c47107d8e444d11ae81a704462c0389 envoy/extensions/filters/http/stateful_session/v3/stateful_session.proto
@@ -25,9 +25,11 @@
config.core.v3.TypedExtensionConfig session_state = 1;
// Determines whether the HTTP request must be strictly routed to the requested destination. When set to ``true``,
- // if the requested destination is unavailable, Envoy will return a 503 status code. The default value is ``false``,
- // which allows Envoy to fall back to its load balancing mechanism. In this case, if the requested destination is not
- // found, the request will be routed according to the load balancing algorithm.
+ // if the requested destination is not found in the set of available endpoints, Envoy will return a status code
+ // determined by ``status_on_strict_destination_not_found``. If the destination exists but is unhealthy, Envoy will
+ // always return ``503`` regardless of ``status_on_strict_destination_not_found``. The default value is ``false``,
+ // which allows Envoy to fall back to its load balancing mechanism and route the request according to the load
+ // balancing algorithm.
bool strict = 2;
// Optional stat prefix. If specified, the filter will emit statistics in the
@@ -38,6 +40,12 @@
// Per-route configuration overrides do not support statistics and will not emit stats even if this field is set
// in the per-route config.
string stat_prefix = 3;
+
+ // The HTTP status code to return when ``strict`` mode is enabled and the requested destination
+ // is not found in the set of available endpoints. This does not apply when the destination exists
+ // but is unhealthy. This field has no effect when ``strict`` is set to ``false`` and will be
+ // ignored. Defaults to ``503`` (Service Unavailable) if not specified or set to ``0``.
+ uint32 status_on_strict_destination_not_found = 4;
}
message StatefulSessionPerRoute {
envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto:
--- shake256:ab4879612ab6ac4cd7e0baeda3622cda45273b419ad9bd1d79bdc707aaf11f9cca1b5fbecc5c290cb93e63d7396d6d0fbe9c1beee5d3305f72252035f8604fd4 envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
+++ shake256:5276dadd0bf0197f13e594b00a4b753a1cf6343d0096227d3fb065e3b8b670d3b879f6002183992964b8dd9f9d27b50864572c7ff4ff437bf89878f89992376e envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
@@ -39,7 +39,7 @@
// HTTP connection manager :ref:`configuration overview <config_http_conn_man>`.
// [#extension: envoy.filters.network.http_connection_manager]
-// [#next-free-field: 61]
+// [#next-free-field: 62]
message HttpConnectionManager {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager";
@@ -141,7 +141,18 @@
UNESCAPE_AND_FORWARD = 4;
}
- // [#next-free-field: 13]
+ // The format to use when writing the
+ // :ref:`config_http_conn_man_headers_x-forwarded-client-cert` (XFCC) header value.
+ enum ForwardClientCertFormat {
+ // Use the :ref:`text format <config_http_conn_man_headers_x-forwarded-client-cert_text>`.
+ // This is the default.
+ TEXT = 0;
+
+ // Use the :ref:`JSON format <config_http_conn_man_headers_x-forwarded-client-cert_json>`.
+ JSON = 1;
+ }
+
+ // [#next-free-field: 14]
message Tracing {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager.Tracing";
@@ -243,6 +254,20 @@
// :ref:`HTTP access logging <config_access_log>` applies here, however
// unknown specifier values are replaced with the empty string instead of ``-``.
string upstream_operation = 12;
+
+ // If set to true, trace context propagation is disabled, meaning that trace context headers
+ // (e.g. ``traceparent``, ``tracestate`` for OpenTelemetry/W3C, or ``X-B3-*`` headers for Zipkin)
+ // will not be injected when proxying requests to upstreams.
+ //
+ // This is useful for scenarios where you want to report spans from a proxy (e.g., an egress
+ // gateway) while preventing trace context from being propagated to external services,
+ // effectively stopping the trace at the mesh boundary.
+ //
+ // Note that span reporting is still performed when this is set to true - only context
+ // propagation is disabled.
+ //
+ // Default: false (context propagation is enabled)
+ bool no_context_propagation = 13;
}
message InternalAddressConfig {
@@ -258,7 +283,7 @@
repeated config.core.v3.CidrRange cidr_ranges = 2;
}
- // [#next-free-field: 7]
+ // [#next-free-field: 8]
message SetCurrentClientCertDetails {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager."
@@ -287,14 +312,26 @@
// Whether to forward the URI type Subject Alternative Name of the client cert. Defaults to
// false.
bool uri = 5;
+
+ // The format for the header. When the :ref:`forward_client_cert_details
+ // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.forward_client_cert_details>`
+ // is APPEND_FORWARD and an existing XFCC header is present, the format of the existing header
+ // is used. The configured format is used when there is no existing header value
+ // (APPEND_FORWARD with no prior XFCC header, or SANITIZE_SET which always replaces the value).
+ ForwardClientCertFormat format = 7;
}
- // The configuration for forwarding client cert details.
+ // The configuration for forwarding client cert details, used as the action config in a
+ // :ref:`forward_client_cert_matcher
+ // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.forward_client_cert_matcher>`.
message ForwardClientCertConfig {
// How to handle the XFCC header.
ForwardClientCertDetails forward_client_cert_details = 1;
- // How to set the current client cert details.
+ // The fields in the client certificate to forward. See
+ // :ref:`set_current_client_cert_details
+ // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.set_current_client_cert_details>`
+ // for details.
SetCurrentClientCertDetails set_current_client_cert_details = 2;
}
@@ -539,14 +576,16 @@
//
// Currently some protocol codecs impose limits on the maximum size of a single header.
//
- // * HTTP/2 (when using nghttp2) limits a single header to around 100kb.
- // * HTTP/3 limits a single header to around 1024kb.
+ // * HTTP/2 (when using nghttp2) limits a single header to around 100 KB by default. This can be
+ // adjusted via :ref:`max_header_field_size_kb
+ // <envoy_v3_api_field_config.core.v3.Http2ProtocolOptions.max_header_field_size_kb>`.
+ // * HTTP/3 limits a single header to around 1024 KB.
//
google.protobuf.UInt32Value max_request_headers_kb = 29
[(validate.rules).uint32 = {lte: 8192 gt: 0}];
// The stream idle timeout for connections managed by the connection manager.
- // If not specified, this defaults to 5 minutes. The default value was selected
+ // If not specified, this defaults to ``5 minutes``. The default value was selected
// so as not to interfere with any smaller configured timeouts that may have
// existed in configurations prior to the introduction of this feature, while
// introducing robustness to TCP connections that terminate without a FIN.
@@ -555,28 +594,29 @@
// :ref:`route-level idle_timeout
// <envoy_v3_api_field_config.route.v3.RouteAction.idle_timeout>`. Even on a stream in
// which the override applies, prior to receipt of the initial request
- // headers, the :ref:`stream_idle_timeout
- // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.stream_idle_timeout>`
- // applies. Each time an encode/decode event for headers or data is processed
- // for the stream, the timer will be reset. If the timeout fires, the stream
- // is terminated with a 408 Request Timeout error code if no upstream response
- // header has been received, otherwise a stream reset occurs.
- //
- // If the :ref:`overload action <config_overload_manager_overload_actions>` "envoy.overload_actions.reduce_timeouts"
- // is configured, this timeout is scaled according to the value for
+ // headers, the ``stream_idle_timeout`` applies. Each time an encode/decode event
+ // for headers or data is processed for the stream, the timer will be reset. If the
+ // timeout fires, the stream is terminated with a ``408 Request Timeout`` error code
+ // if no upstream response header has been received, otherwise a stream reset occurs.
+ //
+ // If the :ref:`overload action <config_overload_manager_overload_actions>`
+ // ``envoy.overload_actions.reduce_timeouts`` is configured, this timeout is scaled
+ // according to the value for
// :ref:`HTTP_DOWNSTREAM_STREAM_IDLE <envoy_v3_api_enum_value_config.overload.v3.ScaleTimersOverloadActionConfig.TimerType.HTTP_DOWNSTREAM_STREAM_IDLE>`.
//
- // Note that it is possible to idle timeout even if the wire traffic for a stream is non-idle, due
- // to the granularity of events presented to the connection manager. For example, while receiving
- // very large request headers, it may be the case that there is traffic regularly arriving on the
- // wire while the connection manage is only able to observe the end-of-headers event, hence the
- // stream may still idle timeout.
+ // .. note::
+ //
+ // It is possible to idle timeout even if the wire traffic for a stream is non-idle, due
+ // to the granularity of events presented to the connection manager. For example, while receiving
+ // very large request headers, it may be the case that there is traffic regularly arriving on the
+ // wire while the connection manager is only able to observe the end-of-headers event, hence the
+ // stream may still idle timeout.
//
- // A value of 0 will completely disable the connection manager stream idle
+ // A value of ``0`` will completely disable the connection manager stream idle
// timeout, although per-route idle timeout overrides will continue to apply.
//
- // This timeout is also used as the default value for :ref:`stream_flush_timeout
- // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.stream_flush_timeout>`.
+ // This timeout is also used as the default value for
+ // :ref:`stream_flush_timeout <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.stream_flush_timeout>`.
google.protobuf.Duration stream_idle_timeout = 24
[(udpa.annotations.security).configure_for_untrusted_downstream = true];
@@ -1051,6 +1091,49 @@
// This should be set to ``false`` in cases where Envoy's view of the downstream address may not correspond to the
// actual client address, for example, if there's another proxy in front of the Envoy.
google.protobuf.BoolValue add_proxy_protocol_connection_state = 53;
+
+ // Configuration for controlling how the ``x-forwarded-proto`` header is set.
+ // This allows customization of protocol inference, including support for inferring the original
+ // protocol (HTTP or HTTPS) from the PROXY protocol destination port.
+ //
+ // This is useful when a Layer 4 load balancer (such as AWS NLB) terminates TLS and uses
+ // PROXY protocol to communicate with Envoy.
+ //
+ // When configured and the local address was restored from PROXY protocol (indicating the
+ // original destination address is available), the ``x-forwarded-proto`` header will be set
+ // based on whether the destination port is in ``https_destination_ports`` or
+ // ``http_destination_ports``.
+ //
+ // Example configuration:
+ //
+ // .. code-block:: yaml
+ //
+ // http_connection_manager:
+ // forward_proto_config:
+ // https_destination_ports: [443, 8443]
+ // http_destination_ports: [80, 8080]
+ //
+ // If not configured, defaults to disabled and the standard behavior applies (using connection
+ // TLS status or trusted downstream headers).
+ ForwardProtoConfig forward_proto_config = 61;
+}
+
+// Configuration options for setting the ``x-forwarded-proto`` header.
+// This message provides flexibility for future enhancements to protocol inference.
+message ForwardProtoConfig {
+ // List of destination ports that should be treated as HTTPS.
+ // When the PROXY protocol destination port matches one of these ports,
+ // ``x-forwarded-proto`` will be set to ``https``.
+ //
+ // Common values: 443, 8443
+ repeated uint32 https_destination_ports = 1;
+
+ // List of destination ports that should be treated as HTTP.
+ // When the PROXY protocol destination port matches one of these ports,
+ // ``x-forwarded-proto`` will be set to ``http``.
+ //
+ // Common values: 80, 8080
+ repeated uint32 http_destination_ports = 2;
}
// The configuration to customize local reply returned by Envoy.
envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto:
--- shake256:c533295400884a2028aebefc3c33e91ac5f04292175bbe92f403d268e72f956da90fa837cf7427f0b7b195ae4ac6d8b20b2f26fefbccfbf38f82f0b4d10bc3ef envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto
+++ shake256:338225826a4001053668b439d7bde202bd2c7ad1c91debd6345db3d2ab25fddc7417edf2aa65a2b7874188333b4430c04e93b5f21b150f856275d7a0a6259498 envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto
@@ -61,6 +61,23 @@
// Read from any node of the cluster. A random node is selected among the primary and
// replicas, healthy nodes have precedent over unhealthy nodes.
ANY = 4;
+
+ // Read from replicas in the same availability zone as the Envoy proxy. If no replicas
+ // are available in the same zone, fall back to any replica. If no replicas are available
+ // at all, fall back to the primary.
+ //
+ // Note: Zone discovery currently works with Valkey only. Valkey exposes availability_zone
+ // in its INFO response. Standard Redis does not support this field.
+ //
+ // The client zone is determined from Envoy's :ref:`locality zone <envoy_v3_api_field_config.core.v3.Locality.zone>`.
+ LOCAL_ZONE_AFFINITY = 5;
+
+ // Similar to LOCAL_ZONE_AFFINITY, but also considers the primary node for same-zone routing.
+ // Priority order: replicas in same zone -> primary in same zone -> any replica -> primary.
+ // This is useful when reducing cross-zone traffic is more important than read distribution.
+ //
+ // Note: Zone discovery currently works with Valkey only.
+ LOCAL_ZONE_AFFINITY_REPLICAS_AND_PRIMARY = 6;
}
// Per-operation timeout in milliseconds. The timer starts when the first
envoy/extensions/filters/network/reverse_tunnel/v3/reverse_tunnel.proto:
--- shake256:2b79397942da5d50b1f2e3a350b069126a771b2449592441e1d34be8f2ff15eb0433de0557ed71a68a874bb18b86e373a0fba9beebd612c34ae2ecf2f57b9857 envoy/extensions/filters/network/reverse_tunnel/v3/reverse_tunnel.proto
+++ shake256:e0ac16da7df32102eea87b502c619e734b84c9b3fb4b079fac46855d7289d7e1246d02d410fa6fec6b286b55c3c99a68c68e77e701640108b875e51597d754e8 envoy/extensions/filters/network/reverse_tunnel/v3/reverse_tunnel.proto
@@ -20,8 +20,9 @@
// [#extension: envoy.filters.network.reverse_tunnel]
// Validation configuration for reverse tunnel identifiers.
-// Validates the node ID and cluster ID extracted from reverse tunnel handshake headers
+// Validates the node ID, cluster ID, and tenant ID extracted from reverse tunnel handshake headers
// against expected values specified using format strings.
+// [#next-free-field: 6]
message Validation {
// Format string to extract the expected node identifier for validation.
// The formatted value is compared against the ``x-envoy-reverse-tunnel-node-id`` header
@@ -63,12 +64,24 @@
//
string cluster_id_format = 2 [(validate.rules).string = {max_len: 1024}];
+ // Format string to extract the expected tenant identifier for validation.
+ // The formatted value is compared against the ``x-envoy-reverse-tunnel-tenant-id`` header
+ // from the incoming handshake request. If they do not match, the connection is rejected
+ // with HTTP ``403 Forbidden``.
+ //
+ // Supports the same :ref:`command operators <config_access_log_command_operators>` as
+ // ``node_id_format``.
+ //
+ // If empty, tenant ID validation is skipped.
+ string tenant_id_format = 5 [(validate.rules).string = {max_len: 1024}];
+
// Whether to emit validation results as dynamic metadata.
// When enabled, the filter emits metadata under the namespace specified by
// ``dynamic_metadata_namespace`` containing:
//
// * ``node_id``: The actual node ID from the handshake request.
// * ``cluster_id``: The actual cluster ID from the handshake request.
+ // * ``tenant_id``: The actual tenant ID from the handshake request.
// * ``validation_result``: Either ``allowed`` or ``denied``.
//
// This metadata can be used by subsequent filters or for access logging.
@@ -108,10 +121,11 @@
// If not specified (``METHOD_UNSPECIFIED``), this defaults to ``GET``.
config.core.v3.RequestMethod request_method = 4 [(validate.rules).enum = {defined_only: true}];
- // Optional validation configuration for node and cluster identifiers.
- // If specified, the filter validates the ``x-envoy-reverse-tunnel-node-id`` and
- // ``x-envoy-reverse-tunnel-cluster-id`` headers against expected values extracted
- // using format strings. Requests that fail validation are rejected with HTTP ``403 Forbidden``.
+ // Optional validation configuration for node, cluster, and tenant identifiers.
+ // If specified, the filter validates the ``x-envoy-reverse-tunnel-node-id``,
+ // ``x-envoy-reverse-tunnel-cluster-id``, and ``x-envoy-reverse-tunnel-tenant-id`` headers
+ // against expected values extracted using format strings. Requests that fail validation
+ // are rejected with HTTP ``403 Forbidden``.
Validation validation = 5;
// Required cluster name for validating reverse tunnel connection initiations.
envoy/extensions/filters/network/set_filter_state/v3/set_filter_state.proto:
--- shake256:4da937ae2f2013c8ab4c4b708457a63ed4acb07c2afac20418e6c55fde423553fcaadd570763a827644373da80f6ba861f1f0f6f407aa49f65b551add68f985b envoy/extensions/filters/network/set_filter_state/v3/set_filter_state.proto
+++ shake256:3932cd34cdbfeb0dff85b354d1b42a4dcf7e54c4715c6fb13d2ce16331ef5c0108337c92c9ddbcc5d5915a5dc27602d8a769f5dba97d8f1cf162efe034965dec envoy/extensions/filters/network/set_filter_state/v3/set_filter_state.proto
@@ -31,4 +31,8 @@
// For non-TLS downstream connections (where there is no TLS handshake), this
// list is applied when a new connection is received.
repeated common.set_filter_state.v3.FilterStateValue on_downstream_tls_handshake = 2;
+
+ // A sequence of the filter state values to apply in the specified order
+ // when data is first received from the downstream connection.
+ repeated common.set_filter_state.v3.FilterStateValue on_downstream_data = 3;
}
envoy/extensions/filters/network/tcp_proxy/v3/tcp_proxy.proto:
--- shake256:883c1ea8b63022032112fac2bdb495ae2b5f80041c3d955b3e7f5e7dbf21025fccbdd1d656ebb024ef61220a85e330791f1bc2794bb19a389e65fddfe8ecf9fa envoy/extensions/filters/network/tcp_proxy/v3/tcp_proxy.proto
+++ shake256:8ff13155179a98aba30f110331cedf1d77369597acbf5c87d52f414c484aef53a2820a949db85adf813e1be5d3bc867f4e0748b949ce4f13bc624913ff17078a envoy/extensions/filters/network/tcp_proxy/v3/tcp_proxy.proto
@@ -51,13 +51,36 @@
// and negotiated parameters, which can be used for routing decisions or passed as metadata
// to the upstream.
//
+ // This mode requires ``max_early_data_bytes`` to be set (can be zero to disable buffering).
+ //
// .. note::
// This mode is only effective when the downstream connection uses TLS. For non-TLS
// connections, it behaves the same as ``IMMEDIATE``.
ON_DOWNSTREAM_TLS_HANDSHAKE = 2;
}
-// [#next-free-field: 23]
+// Specifies how TLVs in ``proxy_protocol_tlvs`` are merged with existing PROXY protocol state
+// (e.g., downstream TLVs parsed by the proxy_protocol listener filter).
+enum ProxyProtocolTlvMergePolicy {
+ // Add configured TLVs only if no PROXY protocol state exists (e.g., no downstream TLVs).
+ // If state exists, ignore configured TLVs and use only the existing TLVs.
+ // This is the default for backward compatibility.
+ ADD_IF_ABSENT = 0;
+
+ // Overwrite existing TLVs (e.g., downstream TLVs) by type with configured TLVs.
+ // Non-conflicting TLVs from both sources are preserved.
+ // If no state exists, add all configured TLVs.
+ // Source/destination addresses from existing state are preserved.
+ OVERWRITE_BY_TYPE_IF_EXISTS_OR_ADD = 1;
+
+ // Append configured TLVs to existing TLVs (e.g., downstream TLVs), preserving all TLVs
+ // from both sources (PROXY protocol v2 allows duplicate types).
+ // If no state exists, add all configured TLVs.
+ // Source/destination addresses from existing state are preserved.
+ APPEND_IF_EXISTS_OR_ADD = 2;
+}
+
+// [#next-free-field: 24]
message TcpProxy {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.network.tcp_proxy.v2.TcpProxy";
@@ -139,7 +162,7 @@
// The path used with the POST method. The default path is ``/``. If this field is specified and
// :ref:`use_post field <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.TunnelingConfig.use_post>`
- // is not set to true, the configuration will be rejected.
+ // is not set to ``true``, the configuration will be rejected.
string post_path = 5;
// Save response trailers to the downstream connection's filter state for consumption
@@ -204,9 +227,12 @@
google.protobuf.Duration access_log_flush_interval = 1
[(validate.rules).duration = {gte {nanos: 1000000}}];
- // If set to true, the access log is flushed when the TCP proxy successfully establishes a
+ // If set to ``true``, the access log is flushed when the TCP proxy successfully establishes a
// connection with the upstream. If the connection fails, the access log is not flushed.
bool flush_access_log_on_connected = 2;
+
+ // If set to ``true``, the access log is flushed when the TCP proxy accepts a connection.
+ bool flush_access_log_on_start = 3;
}
reserved 6;
@@ -322,23 +348,23 @@
// Additional access log options for the TCP proxy.
TcpAccessLogOptions access_log_options = 17;
- // If set, the specified ``PROXY`` protocol TLVs (Type-Length-Value) are added to the ``PROXY`` protocol state
- // created by the TCP proxy filter. These TLVs are sent in the PROXY protocol v2 header to the upstream.
- //
- // This field only takes effect when the TCP proxy filter is creating new ``PROXY`` protocol state and an
- // upstream proxy protocol transport socket is configured in the cluster. If the connection already
- // contains ``PROXY`` protocol state (including any TLVs) parsed by a downstream proxy protocol listener
- // upstream proxy protocol transport socket is configured in the cluster. If the connection already
- // contains PROXY protocol state (including any TLVs) parsed by a downstream proxy protocol listener
- // filter, the TLVs specified here are ignored.
+ // TLVs to add to the PROXY protocol header sent upstream. Behavior when PROXY protocol
+ // state already exists (e.g., downstream TLVs from proxy_protocol listener filter) is
+ // controlled by ``proxy_protocol_tlv_merge_policy``.
//
// .. note::
- // To ensure the specified TLVs are allowed in the upstream ``PROXY`` protocol header, you must also
- // configure passthrough TLVs on the upstream proxy protocol transport. See
- // :ref:`core.v3.ProxyProtocolConfig.pass_through_tlvs <envoy_v3_api_field_config.core.v3.ProxyProtocolConfig.pass_through_tlvs>`
- // for details.
+ // To ensure the TLVs are allowed upstream, configure passthrough TLVs on the upstream
+ // proxy protocol transport. See :ref:`core.v3.ProxyProtocolConfig.pass_through_tlvs
+ // <envoy_v3_api_field_config.core.v3.ProxyProtocolConfig.pass_through_tlvs>` for details.
repeated config.core.v3.TlvEntry proxy_protocol_tlvs = 19;
+ // Specifies how TLVs in ``proxy_protocol_tlvs`` are merged with existing PROXY protocol state
+ // (e.g., downstream TLVs from the proxy_protocol listener filter). See
+ // :ref:`ProxyProtocolTlvMergePolicy
+ // <envoy_v3_api_enum_extensions.filters.network.tcp_proxy.v3.ProxyProtocolTlvMergePolicy>`.
+ ProxyProtocolTlvMergePolicy proxy_protocol_tlv_merge_policy = 23
+ [(validate.rules).enum = {defined_only: true}];
+
// Specifies when to establish the upstream connection.
//
// When not specified, defaults to ``IMMEDIATE`` for backward compatibility.
@@ -358,7 +384,7 @@
// buffered and forwarded once the upstream connection is ready. When the buffer exceeds
// this limit, the downstream connection is read-disabled to prevent excessive memory usage.
//
- // This field is required when ``upstream_connect_mode`` is ``ON_DOWNSTREAM_DATA``.
+ // This field is required when ``upstream_connect_mode`` is not ``IMMEDIATE``.
//
// .. note::
// Use this carefully with server-first protocols. The upstream may send data before
envoy/extensions/geoip_providers/common/v3/common.proto:
--- shake256:27e7ea433e4e41e8bf8bee95418d6cad45942674cea4f325f7888bd75ca5851a678f728c72fd13140659fef678d15c1d1b6303c31512879253f2f3339d4d46c0 envoy/extensions/geoip_providers/common/v3/common.proto
+++ shake256:96629664c7c164d5b09c236350eb28c92429295779ef16310c26d29220de1b7e65ac18544cb1670636aa7ec7eed11350aed1428ee425c317eeb92a8ce41cf4c3 envoy/extensions/geoip_providers/common/v3/common.proto
@@ -19,7 +19,7 @@
message CommonGeoipProviderConfig {
// The set of geolocation headers to add to request. If any of the configured headers is present
// in the incoming request, it will be overridden by the :ref:`HTTP GeoIP filter <config_http_filters_geoip>`.
- // [#next-free-field: 13]
+ // [#next-free-field: 14]
//
// .. attention::
// This field is deprecated in favor of :ref:`geo_field_keys
@@ -39,9 +39,15 @@
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
// If set, the header will be used to populate the ASN associated with the IP address.
+ // Note: If both ISP and ASN databases are configured, only the ASN database is used for lookup.
string asn = 4
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
+ // If set, the header will be used to populate the autonomous system organization associated with the IP address.
+ // Note: If both ISP and ASN databases are configured, only the ASN database is used for lookup.
+ string asn_org = 13
+ [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
+
// This field is deprecated; use ``anon`` instead.
string is_anon = 5 [
deprecated = true,
@@ -92,7 +98,7 @@
// - The :ref:`Network GeoIP filter <config_network_filters_geoip>` stores results in the
// connection's filter state under the well-known key ``envoy.geoip``.
//
- // [#next-free-field: 12]
+ // [#next-free-field: 13]
message GeolocationFieldKeys {
// If set, the key will be used to populate the country ISO code associated with the IP address.
string country = 1;
@@ -107,6 +113,9 @@
// If set, the key will be used to populate the ASN associated with the IP address.
string asn = 4;
+ // If set, the key will be used to populate the autonomous system organization associated with the IP address.
+ string asn_org = 12;
+
// If set, the IP address will be checked if it belongs to any type of anonymization network
// (e.g., VPN, public proxy). The result will be stored with this key. Value will be set to
// either ``true`` or ``false`` depending on the check result.
envoy/extensions/http/ext_proc/processing_request_modifiers/mapped_attribute_builder/v3/mapped_attribute_builder.proto:
--- shake256:4e474273521f8df5a92019d315c4bc4435a04903b0de9fd31d8700d36c88e87058eb07dbeb966abb786d6969182e55c89d16771df219dfd6448f73a0fb01c682 envoy/extensions/http/ext_proc/processing_request_modifiers/mapped_attribute_builder/v3/mapped_attribute_builder.proto
+++ shake256:47e359ec4e204c0d7623942989b9110e37eba23976d1f484b6b699644afc2b2c19ceaa307ae3827f4d34052c819ba44b66fe289ff63c2d25ad8fecf8b7e3c03f envoy/extensions/http/ext_proc/processing_request_modifiers/mapped_attribute_builder/v3/mapped_attribute_builder.proto
@@ -16,17 +16,19 @@
// [#protodoc-title: Mapped Attribute Builder for the external processor]
// [#extension: envoy.http.ext_proc.processing_request_modifiers.mapped_attribute_builder]
-// Extension to build custom attributes in the :ref:`request
-// <envoy_v3_api_msg_service.ext_proc.v3.ProcessingRequest>` based on a configurable mapping. The
-// native implementation uses the CEL expression as the key, which is not always desirable. Using this
-// extension, one can re-map a CEL expression that references internal filter state into a more
-// user-friendly key that decouples the value from the underlying filter implementation.
-//
-// If a given CEL expression fails to eval, it will not be present in the attributes struct.
-//
-// If this extension is configured, then the original :ref:`ProcessingRequest
-// <envoy_v3_api_msg_service.ext_proc.v3.ProcessingRequest>`'s ``request_attributes`` are ignored,
-// and all attributes should be explicitly set via this extension.
+// Extension to build custom attributes in the
+// :ref:`ProcessingRequest <envoy_v3_api_msg_service.ext_proc.v3.ProcessingRequest>` based on a
+// configurable mapping. The native implementation uses the CEL expression as the key, which is
+// not always desirable. Using this extension, one can re-map a CEL expression that references
+// internal filter state into a more user-friendly key that decouples the value from the underlying
+// filter implementation.
+//
+// If a given CEL expression fails to evaluate, it will not be present in the attributes struct.
+//
+// If this extension is configured, then the original
+// :ref:`ProcessingRequest <envoy_v3_api_msg_service.ext_proc.v3.ProcessingRequest>`'s
+// ``request_attributes`` are ignored, and all attributes should be explicitly set via this
+// extension.
//
// An example configuration may look like so:
//
@@ -36,8 +38,10 @@
// "request.path": "request.path"
// "source.country": "metadata.filter_metadata['com.example.location_filter']['country_code']"
//
-// In the above example, the complex filter_metadata expression is evaluated via CEL, and the value
-// is stored under the friendlier ``source.country`` key. ``The ProcessingRequest`` would look like:
+// In the above example, the complex ``filter_metadata`` expression is evaluated via CEL, and the
+// value is stored under the friendlier ``source.country`` key. The
+// :ref:`ProcessingRequest <envoy_v3_api_msg_service.ext_proc.v3.ProcessingRequest>` would look
+// like:
//
// .. code-block:: text
//
@@ -60,21 +64,24 @@
// }
//
// .. note::
-// Processing request modifiers are currently in alpha.
+//
+// Processing request modifiers are currently in alpha.
//
message MappedAttributeBuilder {
- // A map of request attributes to set in the attributes struct.
- // The key is the attribute name, the value is the attribute value,
- // interpretable by CEL. This allows for the re-mapping of attributes, which is not supported
- // by the native attribute building logic.
+ // A map of request attributes to set in the
+ // :ref:`attributes <envoy_v3_api_field_service.ext_proc.v3.ProcessingRequest.attributes>` struct.
+ // The key is the attribute name, and the value is the CEL expression to evaluate. This allows
+ // for the re-mapping of attributes, which is not supported by the native attribute building
+ // logic.
map<string, string> mapped_request_attributes = 1;
- // Similar to ``mapped_request_attributes``, but for response attributes. The
- // response nomenclature here just indicates that the attributes, whatever they may be, are sent
- // with a response headers, body, or trailers ext_proc call.
- // If a value contains a request key, e.g., ``request.host``, then the attribute would
- // just be sent along in the response. This is useful if a given ext_proc extension is only
- // enabled for response handling, e.g., ``RESPONSE_HEADERS`` but the backend wants to access request
+ // Similar to ``mapped_request_attributes``, but for response attributes. The "response"
+ // nomenclature here indicates that the attributes, whatever they may be, are sent with a
+ // response headers, body, or trailers ext_proc call.
+ //
+ // If a value contains a request key (e.g., ``request.host``), then the attribute would just be
+ // sent along in the response. This is useful if a given ext_proc extension is only enabled for
+ // response handling (e.g., ``RESPONSE_HEADERS``) but the backend wants to access request
// metadata.
map<string, string> mapped_response_attributes = 2;
}
envoy/extensions/http/ext_proc/response_processors/save_processing_response/v3/save_processing_response.proto:
--- shake256:c851fc9464f1389754d1246830fae57cb7caa2c3ea5904bb69e394a07cb0ce6e9459fa2499fdc619cf0acde50832b8cfe0198e4691a23023e95d12bc7a914269 envoy/extensions/http/ext_proc/response_processors/save_processing_response/v3/save_processing_response.proto
+++ shake256:5999af4497b9ad766b8edfe2fd866d2c76644b61ca5351763e96fdf5b043326589afd770694056b3d7ac0f87a6a4914f6a95c48e8e00d57389c3e06d17cce570 envoy/extensions/http/ext_proc/response_processors/save_processing_response/v3/save_processing_response.proto
@@ -13,55 +13,69 @@
option (udpa.annotations.file_status).package_version_status = ACTIVE;
option (xds.annotations.v3.file_status).work_in_progress = true;
-// [#protodoc-title: Save Processing Response from external processor.]
+// [#protodoc-title: Save Processing Response from external processor]
// [#extension: envoy.http.ext_proc.response_processors.save_processing_response]
-// Extension to save the :ref:`response
-// <envoy_v3_api_msg_service.ext_proc.v3.ProcessingResponse>` from the external processor as
-// filter state with name
-// "envoy.http.ext_proc.response_processors.save_processing_response[.:ref:`filter_state_name_suffix
-// <envoy_v3_api_field_extensions.http.ext_proc.response_processors.save_processing_response.v3.SaveProcessingResponse.filter_state_name>`].
-// This extension supports saving of request and response headers and trailers,
+// Extension to save the
+// :ref:`ProcessingResponse <envoy_v3_api_msg_service.ext_proc.v3.ProcessingResponse>` from the
+// external processor as filter state with name
+// ``envoy.http.ext_proc.response_processors.save_processing_response``. If
+// :ref:`filter_state_name_suffix <envoy_v3_api_field_extensions.http.ext_proc.response_processors.save_processing_response.v3.SaveProcessingResponse.filter_state_name_suffix>`
+// is defined, it is appended to this name.
+//
+// This extension supports saving of request and response headers, request and response trailers,
// and immediate response.
//
// .. note::
-// Response processors are currently in alpha.
+//
+// Response processors are currently in alpha.
//
// [#next-free-field: 7]
message SaveProcessingResponse {
+ // Options for saving the processing response.
message SaveOptions {
- // Whether or not to save the response for the response type.
+ // When set to ``true``, saves the response for the corresponding response type.
+ //
+ // Defaults to ``false``.
bool save_response = 1;
- // When true, saves the response if there was an error when processing
- // the response from the external processor.
+ // When set to ``true``, saves the response if there was an error when processing the response
+ // from the external processor.
+ //
+ // Defaults to ``false``.
bool save_on_error = 2;
}
// The default filter state name is
- // "envoy.http.ext_proc.response_processors.save_processing_response".
- // If defined, ``filter_state_name_suffix`` is appended to this.
- // For example, setting ``filter_state_name_suffix`` to "xyz" will set the
- // filter state name to "envoy.http.ext_proc.response_processors.save_processing_response.xyz"
+ // ``envoy.http.ext_proc.response_processors.save_processing_response``.
+ // If defined, ``filter_state_name_suffix`` is appended to this name.
+ //
+ // For example, setting ``filter_state_name_suffix`` to ``xyz`` will set the filter state name
+ // to ``envoy.http.ext_proc.response_processors.save_processing_response.xyz``.
string filter_state_name_suffix = 1;
- // Save the response to filter state when :ref:`request_headers
- // <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.request_headers>` is set.
+ // Save the response to filter state when
+ // :ref:`request_headers <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.request_headers>`
+ // is set.
SaveOptions save_request_headers = 2;
- // Save the response to filter state when :ref:`response_headers
- // <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.response_headers>` is set.
+ // Save the response to filter state when
+ // :ref:`response_headers <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.response_headers>`
+ // is set.
SaveOptions save_response_headers = 3;
- // Save the response to filter state when :ref:`request_trailers
- // <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.request_trailers>` is set.
+ // Save the response to filter state when
+ // :ref:`request_trailers <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.request_trailers>`
+ // is set.
SaveOptions save_request_trailers = 4;
- // Save the response to filter state when :ref:`response_trailers
- // <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.response_trailers>` is set.
+ // Save the response to filter state when
+ // :ref:`response_trailers <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.response_trailers>`
+ // is set.
SaveOptions save_response_trailers = 5;
- // Save the response to filter state when :ref:`immediate_response
- // <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.immediate_response>` is set.
+ // Save the response to filter state when
+ // :ref:`immediate_response <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.immediate_response>`
+ // is set.
SaveOptions save_immediate_response = 6;
}
envoy/extensions/load_balancing_policies/override_host/v3/override_host.proto:
--- shake256:07b9ce71f7219bcc1d79957620a25c0896986b305f8139cc9a74d047e56e919af6596351ae2f887cc0f3c6b08802550affdde52eeb717be2c4b7c0f3b7accbba envoy/extensions/load_balancing_policies/override_host/v3/override_host.proto
+++ shake256:37bae37d222f8f1ff12c8b6b8295cdbc5e965791ac9188d30204dcf606e803624ed3a4e18654f892db5c1f8920313fefd9ae8556f2382f6cb1fadf114d76da00 envoy/extensions/load_balancing_policies/override_host/v3/override_host.proto
@@ -36,15 +36,30 @@
// .. code-block:: yaml
//
// override_host_sources:
-// - header: "x-gateway-destination-endpoint"
-// - metadata:
-// key: "envoy.lb"
-// path:
-// - key: "x-gateway-destination-endpoint"
+// - header: "x-gateway-destination-endpoint"
+// - metadata:
+// key: "envoy.lb"
+// path:
+// - key: "x-gateway-destination-endpoint"
//
// If no valid host in the override host list, then the specified fallback load balancing policy is used. This allows load
// balancing to degrade to a a built in policy (i.e. Round Robin) in case external endpoint picker fails.
//
+// In addition to specifying ``override_host_sources``, the policy can be configured to inform downstream filters
+// of the selected endpoint through dynamic metadata or response headers through ``selected_endpoint_key``:
+//
+// .. code-block:: yaml
+//
+// override_host_sources:
+// - metadata:
+// key: "envoy.lb"
+// path:
+// - key: "x-gateway-destination-endpoint"
+// selected_host_key:
+// key: "envoy.lb"
+// path:
+// - key: "x-gateway-destination-endpoint-served"
+//
// See the :ref:`load balancing architecture
// overview<arch_overview_load_balancing_types>` for more information.
//
@@ -72,6 +87,10 @@
repeated OverrideHostSource override_host_sources = 1
[(validate.rules).repeated = {min_items: 1}];
+ // The metadata key to populate with the selected host address. This is optional and
+ // may be used to inform downstream filters of the host address selected by load balancing policy.
+ type.metadata.v3.MetadataKey selected_host_key = 2;
+
// The child LB policy to use in case neither header nor metadata with selected
// hosts is present.
config.cluster.v3.LoadBalancingPolicy fallback_policy = 3
envoy/extensions/matching/common_inputs/network/v3/network_inputs.proto:
--- shake256:b22fb32e8f220cb821a316a53743bd76e1b451f2cd1ee36a8ddb9f3ff52f1f6d3ea9512edd7df45bba24f80b6af8b23de34793e48672ff2d384b675883aa5a7c envoy/extensions/matching/common_inputs/network/v3/network_inputs.proto
+++ shake256:ce21d7db1101a8a8b79497593efbc032e91b4e8da080074a586618d01f82861eb0d73d92e9274eabb8ed0afe2ac1243b3024f8497d35c9ec227ade235f346524 envoy/extensions/matching/common_inputs/network/v3/network_inputs.proto
@@ -98,10 +98,33 @@
}
// Input that matches by a specific filter state key.
-// The value of the provided filter state key will be the raw string representation of the filter state object
+// The value of the provided filter state key will be the raw string representation of the filter state object.
+//
+// When ``field`` is specified and the filter state object supports field access
+// (i.e. ``hasFieldSupport()`` returns true), the value of the specified field will be returned
+// instead of the serialized representation of the entire object. This enables direct matching
+// on individual fields within composite filter state objects, such as proxy protocol TLV values
+// stored in the shared ``envoy.network.proxy_protocol.tlv`` object.
+//
+// Example configuration with field access:
+//
+// .. code-block:: yaml
+//
+// input:
+// name: filter_state
+// typed_config:
+// "@type": type.googleapis.com/envoy.extensions.matching.common_inputs.network.v3.FilterStateInput
+// key: "envoy.network.proxy_protocol.tlv"
+// field: "aws_vpce_id"
+//
// [#extension: envoy.matching.inputs.filter_state]
message FilterStateInput {
string key = 1 [(validate.rules).string = {min_len: 1}];
+
+ // Optional field name to retrieve from the filter state object.
+ // When set and the filter state object supports field access, the value of this specific
+ // field is returned instead of the serialized string representation of the whole object.
+ string field = 2;
}
// Input that matches dynamic metadata by key.
envoy/extensions/matching/common_inputs/stats/v3/stats.proto:
--- shake256:5be0d34d2448031378eb44f676a6f51827f9d2d2546ab6df3b67c5c3da1011face37d508a8a0b95bdc4cce3abd94ea5f1fa591428646ff478a153466eae1494f envoy/extensions/matching/common_inputs/stats/v3/stats.proto
+++ shake256:8a545f6c3ca62dfe9a7c26ce58617fe6a752fa76b9fa0cbf747d41fb7f3c4d0fad3370f0597ddb7a6c7a6940433fab76d8cdd27a3174a9944b8c4c3be44afada envoy/extensions/matching/common_inputs/stats/v3/stats.proto
@@ -15,3 +15,7 @@
// Specifies the way to match stats with full name.
message StatFullNameMatchInput {
}
+
+// Specifies the way to match stat tags with value.
+message StatTagValueInput {
+}
envoy/extensions/request_id/uuid/v3/uuid.proto:
--- shake256:acedfc0d080637f91af6bd52396281588d2e7216106d9c0fe4db78bb876e85f60e5cb8da19952d04c610e0889f43e14c3074485c4886a7262c3d4cabf2b13435 envoy/extensions/request_id/uuid/v3/uuid.proto
+++ shake256:0c367876d65e4a12cb13d075a4b1fe22f867b59210e8003911ebd930e58e1909087da0cfc5f1e6ce3ff60bcafcdabc36bc76314974623961a55e55b18cd80a28 envoy/extensions/request_id/uuid/v3/uuid.proto
@@ -23,9 +23,9 @@
// 2. Request ID is a universally unique identifier `(UUID4)
// <https://en.wikipedia.org/wiki/Universally_unique_identifier#Version_4_(random)>`_.
//
-// 3. Tracing decision (sampled, forced, etc) is set in 14th nibble of the UUID. By default this will
+// 3. Tracing decision (sampled, forced, etc) is set in 13th nibble of the UUID. By default this will
// overwrite existing UUIDs received in the ``x-request-id`` header if the trace sampling decision
-// is changed. The 14th nibble of the UUID4 has been chosen because it is fixed to '4' by the
+// is changed. The 13th nibble of the UUID4 has been chosen because it is fixed to '4' by the
// standard. Thus, '4' indicates a default UUID and no trace status. This nibble is swapped to:
//
// a. '9': Sampled.
envoy/extensions/stat_sinks/open_telemetry/v3/open_telemetry.proto:
--- shake256:689c6756c416364b43a239d885aed8e13d410aa5f2efdb60e5240f8e709925c29a1574bd32b3d5f7c4e663581ac0d69b00379cd8e2b29ed880483d0e4f2ac33c envoy/extensions/stat_sinks/open_telemetry/v3/open_telemetry.proto
+++ shake256:bffab6b3fe18a9471932c49ff69ad67b2f4082bb3cbbbd90f28202e2281cc5a58df44d992feee581b7ccff04d7ee782b374f12da34ecc39a08d45ddcfaa342ae envoy/extensions/stat_sinks/open_telemetry/v3/open_telemetry.proto
@@ -4,6 +4,7 @@
import "envoy/config/core/v3/extension.proto";
import "envoy/config/core/v3/grpc_service.proto";
+import "envoy/config/core/v3/http_service.proto";
import "google/protobuf/wrappers.proto";
@@ -23,7 +24,7 @@
// Stats configuration proto schema for ``envoy.stat_sinks.open_telemetry`` sink.
// [#extension: envoy.stat_sinks.open_telemetry]
-// [#next-free-field: 9]
+// [#next-free-field: 10]
message SinkConfig {
// ConversionAction is used to convert a stat to a metric. If a stat matches,
// the metric_name and static_metric_labels will be
@@ -46,6 +47,17 @@
// The upstream gRPC cluster that implements the OTLP/gRPC collector.
config.core.v3.GrpcService grpc_service = 1 [(validate.rules).message = {required: true}];
+
+ // The upstream HTTP cluster that implements the OTLP/HTTP collector.
+ // See `OTLP/HTTP <https://opentelemetry.io/docs/specs/otlp/#otlphttp>`_.
+ //
+ // .. note::
+ //
+ // The ``request_headers_to_add`` property in the OTLP HTTP exporter service
+ // does not support the :ref:`format specifier <config_access_log_format>`.
+ // The values configured are added as HTTP headers on the OTLP export request
+ // without any formatting applied.
+ config.core.v3.HttpService http_service = 9;
}
// Attributes to be associated with the resource in the OTLP message.
envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.proto:
--- shake256:c89926efa58f9b00f2eef628d75352686701d1e12b269de0ffba93f7649233152a576759931350ba542d7ab374ddb4a982e8a248be9bb2297ae096cf86149293 envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.proto
+++ shake256:2527dc14cd40918626811d9bb44b51485e0274df57d6b561d41d8bc01a9abb1ff838d5f6423c6bbf7fb35698d9cf49e3ead38e3f45b0d9bc1098387340bbd444 envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.proto
@@ -2,6 +2,7 @@
package envoy.extensions.transport_sockets.http_11_proxy.v3;
+import "envoy/config/core/v3/address.proto";
import "envoy/config/core/v3/base.proto";
import "udpa/annotations/status.proto";
@@ -32,7 +33,14 @@
// using the key ``envoy.http11_proxy_transport_socket.proxy_address`` and the
// proxy address in ``config::core::v3::Address`` format.
//
+// If the ``default_proxy_address`` is set and proxy address is not found in
+// ``typed_filter_metadata``, the default proxy address is used.
+//
message Http11ProxyUpstreamTransport {
// The underlying transport socket being wrapped. Defaults to plaintext (raw_buffer) if unset.
config.core.v3.TransportSocket transport_socket = 1;
+
+ // Specifies the default proxy address to use if the proxy address is not present in the
+ // ``typed_filter_metadata`` of the endpoint.
+ config.core.v3.Address default_proxy_address = 2;
}
envoy/extensions/transport_sockets/tls/cert_mappers/sni/v3/config.proto:
--- shake256:34211b28c5a19fa7da842985be337476e1bac2c0c5c71b81a5e3aa2e2d9a9aee72aa176897d0ac7cefda676c705ff47799f06efa85eab306eb0b0d616342e9f6 envoy/extensions/transport_sockets/tls/cert_mappers/sni/v3/config.proto
+++ shake256:f9b7269bddff63967913951d1a2b7f26a6b4f5801f8cf72f588ab5a2ac4f5327b9221d16ac4110b6688757df796084c485bc602fb7c63412b2d3665cc174d8c6 envoy/extensions/transport_sockets/tls/cert_mappers/sni/v3/config.proto
@@ -14,7 +14,7 @@
// [#protodoc-title: SNI certificate mapper]
// [#extension: envoy.tls.certificate_mappers.sni]
-// Uses the SNI value from the TLS client hello as the secret resource name.
+// Uses the SNI value from the TLS client hello as the secret resource name in the downstream selector.
message SNI {
// The value to use as the secret name when SNI is empty or absent.
string default_value = 1 [(validate.rules).string = {min_len: 1}];
envoy/extensions/transport_sockets/tls/cert_selectors/on_demand_secret/v3/config.proto:
--- shake256:882661bb841648d59bb1f2acb187a340814f68ef6185cfa69dfe831ee21a826a7ecd8079ce8e511bf98598402649240a9459a17899ae8434aeed66f2c468e733 envoy/extensions/transport_sockets/tls/cert_selectors/on_demand_secret/v3/config.proto
+++ shake256:e5dbd1b9e40b697b3127f79c747979d4ed57c6c17d5bfb7d9c63fe02d449117f4d1ad4dec60916c39d170c8915de1675ce3f76b74b2505c5868a496c52ffe513 envoy/extensions/transport_sockets/tls/cert_selectors/on_demand_secret/v3/config.proto
@@ -30,8 +30,10 @@
config.core.v3.ConfigSource config_source = 1 [(validate.rules).message = {required: true}];
// Extension point to specify a function to compute the secret name. The extension is called
- // during the TLS handshake after receiving the "CLIENT HELLO" message from the client.
- // [#extension-category: envoy.tls.certificate_mappers]
+ // during the TLS handshake after receiving the *CLIENT HELLO* message from the client for the
+ // downstream certificate selector, and using the transport socket options and *SERVER HELLO* for
+ // the upstream certificate selector.
+ // [#extension-category: envoy.tls.certificate_mappers,envoy.tls.upstream_certificate_mappers]
config.core.v3.TypedExtensionConfig certificate_mapper = 2
[(validate.rules).message = {required: true}];
envoy/extensions/transport_sockets/tls/v3/tls.proto:
--- shake256:f6ab25059c8421c806ba9672ecac55c6d74fc37d4b102962632c85a088cfc621f4953537f7605b8fd27ddfd4d842d6ebdf6b6ade161ded40e9d625f94773c69e envoy/extensions/transport_sockets/tls/v3/tls.proto
+++ shake256:96fc1618d65403ba6252ac34923a8a845f502983f41ed0b6573c7514d19bed6783f4103e08c8b0c0b50ee50a4361cc74889027aad77e3ab89dca6d7e5361000b envoy/extensions/transport_sockets/tls/v3/tls.proto
@@ -77,11 +77,12 @@
// the ``keyUsage`` is incompatible with TLS usage.
//
// .. note::
- // The default value is ``false`` (i.e., enforcement off). It is expected to change to ``true`` in a future release.
+ // The default value is ``true`` (i.e., enforcement on).
//
// The ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` metric will be incremented
// for configurations that would fail if this option were enabled.
- google.protobuf.BoolValue enforce_rsa_key_usage = 5;
+ google.protobuf.BoolValue enforce_rsa_key_usage = 5
+ [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
}
// [#next-free-field: 12]
@@ -297,10 +298,13 @@
// Custom TLS certificate selector.
//
- // Select TLS certificate based on TLS client hello.
- // If empty, defaults to native TLS certificate selection behavior:
- // DNS SANs or Subject Common Name in TLS certificates is extracted as server name pattern to match SNI.
- // [#extension-category: envoy.tls.certificate_selectors]
+ // For the downstream TLS socket, select a TLS certificate based on TLS client hello. If empty,
+ // defaults to native TLS certificate selection behavior: DNS SANs or Subject Common Name in TLS
+ // certificates is extracted as server name pattern to match SNI.
+ //
+ // For the upstream TLS socket, select a TLS certificate based on TLS server hello and the
+ // transport socket options.
+ // [#extension-category: envoy.tls.certificate_selectors,envoy.tls.upstream_certificate_selectors]
config.core.v3.TypedExtensionConfig custom_tls_certificate_selector = 16;
// Certificate provider for fetching TLS certificates.
envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.proto:
--- shake256:ef69428a40297702fd453f6613f08e24a434f80a18b1cb7099ecf856ef9eaee3fa624afe50fd0c50f311ea91d070338d43f31ea8a0717bfee51f935d6170c47b envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.proto
+++ shake256:87dbfd87aa0ac4c340aeb8f72428fcc3a1b9f5cba458596be1133b585a6a89c099e2c321d70497714b3a115c849055052d44e8259c70bd790bcc539a166d86e9 envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.proto
@@ -45,6 +45,10 @@
// - :ref:`allow_expired_certificate <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.allow_expired_certificate>` to allow expired certificates.
// - :ref:`match_typed_subject_alt_names <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.match_typed_subject_alt_names>` to match **URI** SAN of certificates. Unlike the default validator, SPIFFE validator only matches **URI** SAN (which equals to SVID in SPIFFE terminology) and ignore other SAN types.
//
+// To support multi-tenant use cases, a filter state object ``envoy.tls.cert_validator.spiffe.workload_trust_domain``
+// should be used to define the per-connection workload trust domain. When matching a peer trust domain, both the
+// workload and the peer trust domains are used in selecting the validation certificate. The filter state object
+// should be shared with the upstream to be used in the upstream TLS context SPIFFE validation context.
message SPIFFECertValidatorConfig {
message TrustDomain {
// Name of the trust domain, ``example.com``, ``foo.bar.gov`` for example.
@@ -53,6 +57,11 @@
// Specify a data source holding x.509 trust bundle used for validating incoming SVID(s) in this trust domain.
config.core.v3.DataSource trust_bundle = 2;
+
+ // Optional workload trust domain selection condition. The filter object
+ // ``envoy.tls.cert_validator.spiffe.workload_trust_domain`` must match exactly the value of this field.
+ // If not specified, the filter state object must be absent or be empty to match this trust domain.
+ string workload_trust_domain = 3;
}
// This field specifies trust domains used for validating incoming X.509-SVID(s).
envoy/service/ext_proc/v3/external_processor.proto:
--- shake256:5606420f7e0e3365e9bdaa012bb3380ef16ab399b2b010998c9524e73e3a2bf40e844ebb97cab1ad5ede1b84351ad026c49cf596865b4b3711b10e60fbd7f545 envoy/service/ext_proc/v3/external_processor.proto
+++ shake256:8d3a41874a7414428779106a5a908cbc94a63c3ed00301b07b5591947ca5653e8bd49e2ca3e51a2c45e6d6dc8a4db1dc74541850e1c980ec61997568ea6bba85 envoy/service/ext_proc/v3/external_processor.proto
@@ -23,37 +23,31 @@
// [#protodoc-title: External processing service]
-// A service that can access and modify HTTP requests and responses
-// as part of a filter chain.
+// A service that can access and modify HTTP requests and responses as part of a filter chain.
// The overall external processing protocol works like this:
//
// 1. The data plane sends to the service information about the HTTP request.
-// 2. The service sends back a ProcessingResponse message that directs
-// the data plane to either stop processing, continue without it, or send
-// it the next chunk of the message body.
-// 3. If so requested, the data plane sends the server the message body in
-// chunks, or the entire body at once. In either case, the server may send
-// back a ProcessingResponse for each message it receives, or wait for
-// a certain amount of body chunks received before streaming back the
-// ProcessingResponse messages.
-// 4. If so requested, the data plane sends the server the HTTP trailers,
-// and the server sends back a ProcessingResponse.
-// 5. At this point, request processing is done, and we pick up again
-// at step 1 when the data plane receives a response from the upstream
-// server.
-// 6. At any point above, if the server closes the gRPC stream cleanly,
-// then the data plane proceeds without consulting the server.
-// 7. At any point above, if the server closes the gRPC stream with an error,
-// then the data plane returns a 500 error to the client, unless the filter
-// was configured to ignore errors.
+// 2. The service sends back a ``ProcessingResponse`` message that directs the data plane to either
+// stop processing, continue without it, or send it the next chunk of the message body.
+// 3. If so requested, the data plane sends the server the message body in chunks, or the entire
+// body at once. In either case, the server may send back a ``ProcessingResponse`` for each
+// message it receives, or wait for a certain amount of body chunks to be received before
+// streaming back the ``ProcessingResponse`` messages.
+// 4. If so requested, the data plane sends the server the HTTP trailers, and the server sends back
+// a ``ProcessingResponse``.
+// 5. At this point, request processing is done, and we pick up again at step 1 when the data plane
+// receives a response from the upstream server.
+// 6. At any point above, if the server closes the gRPC stream cleanly, then the data plane
+// proceeds without consulting the server.
+// 7. At any point above, if the server closes the gRPC stream with an error, then the data plane
+// returns a ``500`` error to the client, unless the filter was configured to ignore errors.
//
-// In other words, the process is a request/response conversation, but
-// using a gRPC stream to make it easier for the server to
-// maintain state.
+// In other words, the process is a request/response conversation, but using a gRPC stream to make
+// it easier for the server to maintain state.
service ExternalProcessor {
// This begins the bidirectional stream that the data plane will use to
// give the server control over what the filter does. The actual
- // protocol is described by the ProcessingRequest and ProcessingResponse
+ // protocol is described by the ``ProcessingRequest`` and ``ProcessingResponse``
// messages below.
rpc Process(stream ProcessingRequest) returns (stream ProcessingResponse) {
}
@@ -61,23 +55,25 @@
// This message specifies the filter protocol configurations which will be sent to the ext_proc
// server in a :ref:`ProcessingRequest <envoy_v3_api_msg_service.ext_proc.v3.ProcessingRequest>`.
-// If the server does not support these protocol configurations, it may choose to close the gRPC stream.
-// If the server supports these protocol configurations, it should respond based on the API specifications.
+// If the server does not support these protocol configurations, it may choose to close the gRPC
+// stream. If the server supports these protocol configurations, it should respond based on the
+// API specifications.
message ProtocolConfiguration {
- // Specify the filter configuration :ref:`request_body_mode
- // <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ProcessingMode.request_body_mode>`
+ // Specifies the filter configuration
+ // :ref:`request_body_mode <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ProcessingMode.request_body_mode>`.
envoy.extensions.filters.http.ext_proc.v3.ProcessingMode.BodySendMode request_body_mode = 1
[(validate.rules).enum = {defined_only: true}];
- // Specify the filter configuration :ref:`response_body_mode
- // <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ProcessingMode.response_body_mode>`
+ // Specifies the filter configuration
+ // :ref:`response_body_mode <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ProcessingMode.response_body_mode>`.
envoy.extensions.filters.http.ext_proc.v3.ProcessingMode.BodySendMode response_body_mode = 2
[(validate.rules).enum = {defined_only: true}];
- // Specify the filter configuration :ref:`send_body_without_waiting_for_header_response
- // <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.send_body_without_waiting_for_header_response>`
- // If the client is waiting for a header response from the server, setting ``true`` means the client will send body to the server
- // as they arrive. Setting ``false`` means the client will buffer the arrived data and not send it to the server immediately.
+ // Specifies the filter configuration
+ // :ref:`send_body_without_waiting_for_header_response <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.send_body_without_waiting_for_header_response>`.
+ // If the client is waiting for a header response from the server, setting to ``true`` means the
+ // client will send the body to the server as it arrives. Setting to ``false`` means the client
+ // will buffer the arrived data and not send it to the server immediately.
bool send_body_without_waiting_for_header_response = 3;
}
@@ -97,31 +93,31 @@
// Information about the HTTP request headers, as well as peer info and additional
// properties. Unless ``observability_mode`` is ``true``, the server must send back a
- // HeaderResponse message, an ImmediateResponse message, or close the stream.
+ // ``HeaderResponse`` message, an ``ImmediateResponse`` message, or close the stream.
HttpHeaders request_headers = 2;
// Information about the HTTP response headers, as well as peer info and additional
// properties. Unless ``observability_mode`` is ``true``, the server must send back a
- // HeaderResponse message or close the stream.
+ // ``HeaderResponse`` message or close the stream.
HttpHeaders response_headers = 3;
- // A chunk of the HTTP request body. Unless ``observability_mode`` is true, the server must send back
- // a BodyResponse message, an ImmediateResponse message, or close the stream.
+ // A chunk of the HTTP request body. Unless ``observability_mode`` is ``true``, the server must
+ // send back a ``BodyResponse`` message, an ``ImmediateResponse`` message, or close the stream.
HttpBody request_body = 4;
- // A chunk of the HTTP response body. Unless ``observability_mode`` is ``true``, the server must send back
- // a BodyResponse message or close the stream.
+ // A chunk of the HTTP response body. Unless ``observability_mode`` is ``true``, the server must
+ // send back a ``BodyResponse`` message or close the stream.
HttpBody response_body = 5;
// The HTTP trailers for the request path. Unless ``observability_mode`` is ``true``, the server
- // must send back a TrailerResponse message or close the stream.
+ // must send back a ``TrailerResponse`` message or close the stream.
//
// This message is only sent if the trailers processing mode is set to ``SEND`` and
// the original downstream request has trailers.
HttpTrailers request_trailers = 6;
// The HTTP trailers for the response path. Unless ``observability_mode`` is ``true``, the server
- // must send back a TrailerResponse message or close the stream.
+ // must send back a ``TrailerResponse`` message or close the stream.
//
// This message is only sent if the trailers processing mode is set to ``SEND`` and
// the original upstream response has trailers.
@@ -137,17 +133,16 @@
// :ref:`attributes <arch_overview_attributes>` supported in the data plane.
map<string, google.protobuf.Struct> attributes = 9;
- // Specify whether the filter that sent this request is running in :ref:`observability_mode
- // <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.observability_mode>`
- // and defaults to false.
+ // Specifies whether the filter that sent this request is running in
+ // :ref:`observability_mode <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.observability_mode>`.
//
- // * A value of ``false`` indicates that the server must respond
- // to this message by either sending back a matching ProcessingResponse message,
- // or by closing the stream.
+ // * A value of ``false`` indicates that the server must respond to this message by either
+ // sending back a matching ``ProcessingResponse`` message, or by closing the stream.
// * A value of ``true`` indicates that the server should not respond to this message, as any
- // responses will be ignored. However, it may still close the stream to indicate that no more messages
- // are needed.
+ // responses will be ignored. However, it may still close the stream to indicate that no more
+ // messages are needed.
//
+ // Defaults to ``false``.
bool observability_mode = 10;
// Specify the filter protocol configurations to be sent to the server.
@@ -156,14 +151,14 @@
}
// This represents the different types of messages the server may send back to the data plane
-// when the ``observability_mode`` field in the received ProcessingRequest is set to false.
+// when the ``observability_mode`` field in the received ``ProcessingRequest`` is set to ``false``.
//
// * If the corresponding ``BodySendMode`` in the
// :ref:`processing_mode <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.processing_mode>`
-// is not set to ``FULL_DUPLEX_STREAMED``, then for every received ProcessingRequest,
-// the server must send back exactly one ProcessingResponse message.
+// is not set to ``FULL_DUPLEX_STREAMED``, then for every received ``ProcessingRequest``,
+// the server must send back exactly one ``ProcessingResponse`` message.
// * If it is set to ``FULL_DUPLEX_STREAMED``, the server must follow the API defined
-// for this mode to send the ProcessingResponse messages.
+// for this mode to send the ``ProcessingResponse`` messages.
// [#next-free-field: 13]
message ProcessingResponse {
// The response type that is sent by the server.
@@ -204,17 +199,19 @@
ImmediateResponse immediate_response = 7;
// The server sends back this message to initiate or continue local response streaming.
- // The server must initiate local response streaming with the ``headers_response`` in response to a ProcessingRequest
- // with the ``request_headers`` only.
- // The server may follow up with multiple messages containing ``body_response``. The server must indicate
- // end of stream by setting ``end_of_stream`` to ``true`` in the ``headers_response``
+ // The server must initiate local response streaming with the ``headers_response`` in response
+ // to a ``ProcessingRequest`` with the ``request_headers`` only.
+ // The server may follow up with multiple messages containing ``body_response``. The server must
+ // indicate end of stream by setting ``end_of_stream`` to ``true`` in the ``headers_response``
// or ``body_response`` message or by sending a ``trailers_response`` message.
- // The client may send a ``request_body`` or ``request_trailers`` to the server depending on configuration.
+ // The client may send a ``request_body`` or ``request_trailers`` to the server depending on
+ // configuration.
// The streaming local response can only be sent when the ``request_header_mode`` in the filter
// :ref:`processing_mode <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.processing_mode>`
- // is set to ``SEND``. The ext_proc server should not send StreamedImmediateResponse if it did not observe request headers,
- // as it will result in the race with the upstream server response and reset of the client request.
- // Presently only the FULL_DUPLEX_STREAMED or NONE body modes are supported.
+ // is set to ``SEND``. The ext_proc server should not send ``StreamedImmediateResponse`` if it
+ // did not observe request headers, as it will result in a race with the upstream server
+ // response and reset of the client request.
+ // Presently only the ``FULL_DUPLEX_STREAMED`` or ``NONE`` body modes are supported.
StreamedImmediateResponse streamed_immediate_response = 11;
}
@@ -223,19 +220,17 @@
// field name(s) of the struct.
google.protobuf.Struct dynamic_metadata = 8;
- // Override how parts of the HTTP request and response are processed
- // for the duration of this particular request/response only. Servers
- // may use this to intelligently control how requests are processed
- // based on the headers and other metadata that they see.
- // This field is only applicable when servers responding to the header requests.
- // If it is set in the response to the body or trailer requests, it will be ignored by the data plane.
+ // Override how parts of the HTTP request and response are processed for the duration of this
+ // particular request/response only. Servers may use this to intelligently control how requests
+ // are processed based on the headers and other metadata that they see.
+ //
+ // This field is only applicable when servers are responding to the header requests. If it is set
+ // in the response to the body or trailer requests, it will be ignored by the data plane.
// It is also ignored by the data plane when the ext_proc filter config
- // :ref:`allow_mode_override
- // <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.allow_mode_override>`
- // is set to false, or
- // :ref:`send_body_without_waiting_for_header_response
- // <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.send_body_without_waiting_for_header_response>`
- // is set to true.
+ // :ref:`allow_mode_override <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.allow_mode_override>`
+ // is set to ``false``, or
+ // :ref:`send_body_without_waiting_for_header_response <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.send_body_without_waiting_for_header_response>`
+ // is set to ``true``.
envoy.extensions.filters.http.ext_proc.v3.ProcessingMode mode_override = 9;
// [#not-implemented-hide:]
@@ -251,70 +246,64 @@
// client had already sent before it saw the ext_proc stream termination.
bool request_drain = 12;
- // When ext_proc server receives a request message, in case it needs more
- // time to process the message, it sends back a ProcessingResponse message
- // with a new timeout value. When the data plane receives this response
- // message, it ignores other fields in the response, just stop the original
- // timer, which has the timeout value specified in
- // :ref:`message_timeout
- // <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.message_timeout>`
- // and start a new timer with this ``override_message_timeout`` value and keep the
- // data plane ext_proc filter state machine intact.
- // Has to be >= 1ms and <=
- // :ref:`max_message_timeout <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.max_message_timeout>`
- // Such message can be sent at most once in a particular data plane ext_proc filter processing state.
- // To enable this API, one has to set ``max_message_timeout`` to a number >= 1ms.
+ // When the ext_proc server receives a request message and needs more time to process it, it
+ // sends back a ``ProcessingResponse`` message with a new timeout value. When the data plane
+ // receives this response message, it ignores other fields in the response, stops the original
+ // timer (which has the timeout value specified in
+ // :ref:`message_timeout <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.message_timeout>`),
+ // and starts a new timer with this ``override_message_timeout`` value while keeping the data
+ // plane ext_proc filter state machine intact.
+ //
+ // The value must be >= 1ms and <=
+ // :ref:`max_message_timeout <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.max_message_timeout>`.
+ // Such a message can be sent at most once in a particular data plane ext_proc filter processing
+ // state. To enable this API, ``max_message_timeout`` must be set to a value >= 1ms.
google.protobuf.Duration override_message_timeout = 10;
}
// The following are messages that are sent to the server.
-// This message is sent to the external server when the HTTP request and responses
+// This message is sent to the external server when the HTTP request and response headers
// are first received.
message HttpHeaders {
- // The HTTP request headers. All header keys will be
- // lower-cased, because HTTP header keys are case-insensitive.
- // The header value is encoded in the
+ // The HTTP request headers. All header keys will be lower-cased, because HTTP header keys are
+ // case-insensitive. The header value is encoded in the
// :ref:`raw_value <envoy_v3_api_field_config.core.v3.HeaderValue.raw_value>` field.
config.core.v3.HeaderMap headers = 1;
// [#not-implemented-hide:]
- // This field is deprecated and not implemented. Attributes will be sent in
- // the top-level :ref:`attributes <envoy_v3_api_field_service.ext_proc.v3.ProcessingRequest.attributes`
- // field.
+ // This field is deprecated and not implemented. Attributes will be sent in the top-level
+ // :ref:`attributes <envoy_v3_api_field_service.ext_proc.v3.ProcessingRequest.attributes>` field.
map<string, google.protobuf.Struct> attributes = 2
[deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
- // If ``true``, then there is no message body associated with this
- // request or response.
+ // If ``true``, then there is no message body associated with this request or response.
bool end_of_stream = 3;
}
-// This message is sent to the external server when the HTTP request and
-// response bodies are received.
+// This message is sent to the external server when the HTTP request and response bodies are
+// received.
message HttpBody {
- // The contents of the body in the HTTP request/response. Note that in
- // streaming mode multiple ``HttpBody`` messages may be sent.
+ // The contents of the body in the HTTP request/response. Note that in streaming mode multiple
+ // ``HttpBody`` messages may be sent.
//
- // In ``GRPC`` body send mode, a separate ``HttpBody`` message will be
- // sent for each message in the gRPC stream.
+ // In ``GRPC`` body send mode, a separate ``HttpBody`` message will be sent for each message in
+ // the gRPC stream.
bytes body = 1;
- // If ``true``, this will be the last ``HttpBody`` message that will be sent and no
- // trailers will be sent for the current request/response.
+ // If ``true``, this will be the last ``HttpBody`` message that will be sent and no trailers
+ // will be sent for the current request/response.
bool end_of_stream = 2;
- // This field is used in ``GRPC`` body send mode when ``end_of_stream`` is
- // true and ``body`` is empty. Those values would normally indicate an
- // empty message on the stream with the end-of-stream bit set.
- // However, if the half-close happens after the last message on the
- // stream was already sent, then this field will be true to indicate an
- // end-of-stream with *no* message (as opposed to an empty message).
+ // This field is used in ``GRPC`` body send mode when ``end_of_stream`` is ``true`` and ``body``
+ // is empty. Those values would normally indicate an empty message on the stream with the
+ // end-of-stream bit set. However, if the half-close happens after the last message on the stream
+ // was already sent, then this field will be ``true`` to indicate an end-of-stream with *no*
+ // message (as opposed to an empty message).
bool end_of_stream_without_message = 3;
- // This field is used in ``GRPC`` body send mode to indicate whether
- // the message is compressed. This will never be set to true by gRPC
- // but may be set to true by a proxy like Envoy.
+ // This field is used in ``GRPC`` body send mode to indicate whether the message is compressed.
+ // This will never be set to ``true`` by gRPC but may be set to ``true`` by a proxy like Envoy.
bool grpc_message_compressed = 4;
}
@@ -352,13 +341,14 @@
HeaderMutation header_mutation = 1;
}
-// This message is sent by the external server to the data plane after ``HttpHeaders``
-// to initiate local response streaming. The server may follow up with multiple messages containing ``body_response``.
-// The server must indicate end of stream by setting ``end_of_stream`` to ``true`` in the ``headers_response``
-// or ``body_response`` message or by sending a ``trailers_response`` message.
+// This message is sent by the external server to the data plane after ``HttpHeaders`` to initiate
+// local response streaming. The server may follow up with multiple messages containing
+// ``body_response``. The server must indicate end of stream by setting ``end_of_stream`` to
+// ``true`` in the ``headers_response`` or ``body_response`` message or by sending a
+// ``trailers_response`` message.
message StreamedImmediateResponse {
oneof response {
- // Response headers to be sent downstream. The ":status" header must be set.
+ // Response headers to be sent downstream. The ``:status`` header must be set.
HttpHeaders headers_response = 1;
// Response body to be sent downstream.
@@ -384,7 +374,7 @@
// further messages for this request or response even if the processing
// mode is configured to do so.
//
- // When used in response to a request_headers or response_headers message,
+ // When used in response to a ``request_headers`` or ``response_headers`` message,
// this status makes it possible to either completely replace the body
// while discarding the original body, or to add a body to a message that
// formerly did not have one.
@@ -401,23 +391,22 @@
ResponseStatus status = 1 [(validate.rules).enum = {defined_only: true}];
// Instructions on how to manipulate the headers. When responding to an
- // HttpBody request, header mutations will only take effect if
- // the current processing mode for the body is BUFFERED.
+ // ``HttpBody`` request, header mutations will only take effect if the current processing mode
+ // for the body is ``BUFFERED``.
HeaderMutation header_mutation = 2;
- // Replace the body of the last message sent to the remote server on this
- // stream. If responding to an HttpBody request, simply replace or clear
- // the body chunk that was sent with that request. Body mutations may take
- // effect in response either to ``header`` or ``body`` messages. When it is
- // in response to ``header`` messages, it only take effect if the
+ // Replace the body of the last message sent to the remote server on this stream. If responding
+ // to an ``HttpBody`` request, simply replace or clear the body chunk that was sent with that
+ // request. Body mutations may take effect in response either to ``header`` or ``body`` messages.
+ // When it is in response to ``header`` messages, it only takes effect if the
// :ref:`status <envoy_v3_api_field_service.ext_proc.v3.CommonResponse.status>`
- // is set to CONTINUE_AND_REPLACE.
+ // is set to ``CONTINUE_AND_REPLACE``.
BodyMutation body_mutation = 3;
// [#not-implemented-hide:]
- // Add new trailers to the message. This may be used when responding to either a
- // HttpHeaders or HttpBody message, but only if this message is returned
- // along with the CONTINUE_AND_REPLACE status.
+ // Add new trailers to the message. This may be used when responding to either an
+ // ``HttpHeaders`` or ``HttpBody`` message, but only if this message is returned
+ // along with the ``CONTINUE_AND_REPLACE`` status.
// The header value is encoded in the
// :ref:`raw_value <envoy_v3_api_field_config.core.v3.HeaderValue.raw_value>` field.
config.core.v3.HeaderMap trailers = 4;
@@ -429,34 +418,32 @@
bool clear_route_cache = 5;
}
-// This message causes the filter to attempt to create a locally
-// generated response, send it downstream, stop processing
-// additional filters, and ignore any additional messages received
-// from the remote server for this request or response. If a response
-// has already started, then this will either ship the reply directly
-// to the downstream codec, or reset the stream.
+// This message causes the filter to attempt to create a locally generated response, send it
+// downstream, stop processing additional filters, and ignore any additional messages received
+// from the remote server for this request or response. If a response has already started, then
+// this will either ship the reply directly to the downstream codec, or reset the stream.
// [#next-free-field: 6]
message ImmediateResponse {
// The response code to return.
type.v3.HttpStatus status = 1 [(validate.rules).message = {required: true}];
- // Apply changes to the default headers, which will include content-type.
+ // Apply changes to the default headers, which will include ``content-type``.
HeaderMutation headers = 2;
// The message body to return with the response which is sent using the
- // text/plain content type, or encoded in the grpc-message header.
+ // ``text/plain`` content type, or encoded in the ``grpc-message`` header.
bytes body = 3;
// If set, then include a gRPC status trailer.
GrpcStatus grpc_status = 4;
// A string detailing why this local reply was sent, which may be included
- // in log and debug output (e.g. this populates the %RESPONSE_CODE_DETAILS%
+ // in log and debug output (e.g., this populates the ``%RESPONSE_CODE_DETAILS%``
// command operator field for use in access logging).
string details = 5;
}
-// This message specifies a gRPC status for an ImmediateResponse message.
+// This message specifies a gRPC status for an ``ImmediateResponse`` message.
message GrpcStatus {
// The actual gRPC status.
uint32 status = 1;
@@ -484,26 +471,24 @@
// a serialized gRPC message to be passed to the upstream/downstream by the data plane.
bytes body = 1;
- // The server sets this flag to true if it has received a body request with
- // :ref:`end_of_stream <envoy_v3_api_field_service.ext_proc.v3.HttpBody.end_of_stream>` set to true,
- // and this is the last chunk of body responses.
- // Note that in ``GRPC`` body send mode, this allows the ext_proc
- // server to tell the data plane to send a half close after a client
- // message, which will result in discarding any other messages sent by
- // the client application.
+ // The server sets this flag to ``true`` if it has received a body request with
+ // :ref:`end_of_stream <envoy_v3_api_field_service.ext_proc.v3.HttpBody.end_of_stream>` set to
+ // ``true``, and this is the last chunk of body responses.
+ //
+ // Note that in ``GRPC`` body send mode, this allows the ext_proc server to tell the data plane
+ // to send a half close after a client message, which will result in discarding any other
+ // messages sent by the client application.
bool end_of_stream = 2;
- // This field is used in ``GRPC`` body send mode when ``end_of_stream`` is
- // true and ``body`` is empty. Those values would normally indicate an
- // empty message on the stream with the end-of-stream bit set.
- // However, if the half-close happens after the last message on the
- // stream was already sent, then this field will be true to indicate an
- // end-of-stream with *no* message (as opposed to an empty message).
+ // This field is used in ``GRPC`` body send mode when ``end_of_stream`` is ``true`` and ``body``
+ // is empty. Those values would normally indicate an empty message on the stream with the
+ // end-of-stream bit set. However, if the half-close happens after the last message on the stream
+ // was already sent, then this field will be ``true`` to indicate an end-of-stream with *no*
+ // message (as opposed to an empty message).
bool end_of_stream_without_message = 3;
- // This field is used in ``GRPC`` body send mode to indicate whether
- // the message is compressed. This will never be set to true by gRPC
- // but may be set to true by a proxy like Envoy.
+ // This field is used in ``GRPC`` body send mode to indicate whether the message is compressed.
+ // This will never be set to ``true`` by gRPC but may be set to ``true`` by a proxy like Envoy.
bool grpc_message_compressed = 4;
}
@@ -517,11 +502,10 @@
// is not set to ``FULL_DUPLEX_STREAMED`` or ``GRPC``.
bytes body = 1;
- // Clear the corresponding body chunk.
- // Should only be used when the corresponding ``BodySendMode`` in the
+ // Clear the corresponding body chunk. Should only be used when the corresponding
+ // ``BodySendMode`` in the
// :ref:`processing_mode <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.processing_mode>`
// is not set to ``FULL_DUPLEX_STREAMED`` or ``GRPC``.
- // Clear the corresponding body chunk.
bool clear_body = 2;
// Must be used when the corresponding ``BodySendMode`` in the
envoy/service/extension/v3/config_discovery.proto:
--- shake256:8ed6ff32eba9f5a768ed19ffa70ed80227a7beca9ab61da117f3858af346fc3f5445d14aa839231c6d5c8a8a64988a1e3623a3a61132b0120fdfcfbf10a01bb6 envoy/service/extension/v3/config_discovery.proto
+++ shake256:d33d7e3c73ba3134309e4646921cb897c06f9ed845e87b52293263592877f35295c22d222464969f1900ed0f8a5eb84b4bf8a154a0603bfbf2fe4c3345a84001 envoy/service/extension/v3/config_discovery.proto
@@ -16,7 +16,6 @@
option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Extension config discovery service (ECDS)]
-
// A service that supports dynamic configuration updates for a specific filter.
// Currently, ECDS is supported for network filters, HTTP filters, UDP session filters, and listener filters.
// Please check :ref:`Extension Config Discovery Service (ECDS) API <config_overview_extension_discovery>`.
@@ -40,7 +39,7 @@
// .. note::
// Filters that are configured using ECDS are warmed. For more details see
// :ref:`ExtensionConfigSource <envoy_v3_api_msg_config.core.v3.ExtensionConfigSource>`.
-//
+
// Return extension configurations.
service ExtensionConfigDiscoveryService {
option (envoy.annotations.resource).type = "envoy.config.core.v3.TypedExtensionConfig";
envoy/service/health/v3/hds.proto:
--- shake256:8dc8e6bba48aa83023d8af0412d52cebd600eab03b0561a5c1c26b0ee561058eb3e11edf4ece580c2c5b8360a28264dc47c3a9e496701f2c796515dce5ed80fb envoy/service/health/v3/hds.proto
+++ shake256:c7da7d4042efb8fe51bda5cc47c94c3711a2a4d99905018c7900a94f16a468a5b4910619c719edd97ce7f1fa313242f294817eb643a21b89b15ff0f3b12b779d envoy/service/health/v3/hds.proto
@@ -10,6 +10,7 @@
import "google/api/annotations.proto";
import "google/protobuf/duration.proto";
+import "google/protobuf/struct.proto";
import "envoy/annotations/deprecation.proto";
import "udpa/annotations/status.proto";
@@ -109,6 +110,19 @@
config.endpoint.v3.Endpoint endpoint = 1;
config.core.v3.HealthStatus health_status = 2;
+
+ // Optional metadata about the health check result, populated by the active
+ // health checker and forwarded to the management server for richer health
+ // state interpretation.
+ //
+ // Well-known keys:
+ //
+ // ``http_status_code`` (number)
+ // Set by the HTTP health checker. Contains the HTTP response status code
+ // returned by the upstream endpoint during the most recent health check,
+ // e.g. ``200``, ``503``. Only present when the health check received a
+ // complete HTTP response; absent on connection failures or timeouts.
+ google.protobuf.Struct health_metadata = 3;
}
// Group endpoint health by locality under each cluster.
envoy/type/matcher/v3/address.proto:
--- shake256:b8aeb0435ab80c4f331ede8ee6367cf5eb25df2219c291e177b1be3dae38269671d7d2c2855e045c88058f0e973fdd447875a154228148abb5f00e94f4c47281 envoy/type/matcher/v3/address.proto
+++ shake256:eea057b217ab05e62596fe425a5113b5be7ba039f1eb674ae81328d6a527fb8c2753efc2cf7506f0be75f565bee3aa70ec51cb2e2e95ce6aaf0569843173f2d1 envoy/type/matcher/v3/address.proto
@@ -19,4 +19,10 @@
// filter state object as an IP.
message AddressMatcher {
repeated xds.core.v3.CidrRange ranges = 1;
+
+ // If true, the match result will be inverted. Defaults to false.
+ //
+ // * If set to false (default), the matcher will return true if the IP matches any of the CIDR ranges.
+ // * If set to true, the matcher will return true if the IP does NOT match any of the CIDR ranges.
+ bool invert_match = 2;
}
envoy/type/matcher/v3/status_code_input.proto:
--- shake256:262bde80e71fe6a168dd1b6a9ee1d1b27d3bbfe0e9e1e91129921cc0732f28380f5bb1cb18c041c29d57c93848b8c2ce35a16b0d4428d4df4e044c0fd6624bf0 envoy/type/matcher/v3/status_code_input.proto
+++ shake256:8bc193ee6750429235cf2707073a86b5799c243d431fd22fae1dcc1034a34b302494989b269a1a11226c1c5c7f110a8f50c403e8d176d03483322c033c7bda63 envoy/type/matcher/v3/status_code_input.proto
@@ -21,3 +21,15 @@
// response status code. For eg: 1xx, 2xx, 3xx, 4xx or 5xx.
message HttpResponseStatusCodeClassMatchInput {
}
+
+// This match input determines whether the response is a local reply which gets
+// generated by Envoy or a response from the upstream.
+//
+// The input string is ``true`` for local replies and ``false`` for the upstream
+// responses.
+//
+// It can be used with the ``custom_response`` filter to apply policies only to
+// the Envoy generated local replies.
+// [#extension: envoy.matching.inputs.local_reply]
+message HttpResponseLocalReplyMatchInput {
+}
| { | ||
| "module_name": "googleapis/cloud-run", | ||
| "latest_reference": "01aaf5a6b19bc674a65882392ed37f64976790a1" | ||
| "latest_reference": "283af41e26f6f394a9bfca7b38ce2e698937c7de" |
There was a problem hiding this comment.
[Posted at 2026-04-24T12:22:28Z]
Overall transition
$ casdiff 01aaf5a6b19bc674a65882392ed37f64976790a1 \
283af41e26f6f394a9bfca7b38ce2e698937c7de \
--format=markdown0 files changed: 0 removed, 0 renamed, 0 added, 0 changed content.
| { | ||
| "module_name": "googleapis/googleapis", | ||
| "latest_reference": "01aaf5a6b19bc674a65882392ed37f64976790a1" | ||
| "latest_reference": "283af41e26f6f394a9bfca7b38ce2e698937c7de" |
There was a problem hiding this comment.
[Posted at 2026-04-24T12:22:29Z]
Overall transition
$ casdiff 01aaf5a6b19bc674a65882392ed37f64976790a1 \
283af41e26f6f394a9bfca7b38ce2e698937c7de \
--format=markdown0 files changed: 0 removed, 0 renamed, 0 added, 0 changed content.
stefanvanburen
approved these changes
Apr 24, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.