From bda15c0a5a0390daed991ed4c96a4873ab3ba7d8 Mon Sep 17 00:00:00 2001 From: Kuat Date: Thu, 25 Jun 2020 12:33:13 -0700 Subject: [PATCH] api: add filter config discovery (#11571) Define filter config discovery. Add FDS for HTTP filters (HTTP extensions is where the pain is felt the most). Modelled after RDS with a twist of config override for re-use. Risk Level: low (not implemented) Testing: Docs Changes: Release Notes: Issue: #7867 Signed-off-by: Kuat Yessenov --- .../v3/http_connection_manager.proto | 34 ++++++++++++++++- .../v4alpha/http_connection_manager.proto | 38 ++++++++++++++++++- api/envoy/service/filter/v3/BUILD | 14 +++++++ .../filter/v3/filter_config_discovery.proto | 37 ++++++++++++++++++ api/versioning/BUILD | 1 + .../v3/http_connection_manager.proto | 34 ++++++++++++++++- .../v4alpha/http_connection_manager.proto | 38 ++++++++++++++++++- .../envoy/service/filter/v3/BUILD | 14 +++++++ .../filter/v3/filter_config_discovery.proto | 37 ++++++++++++++++++ 9 files changed, 239 insertions(+), 8 deletions(-) create mode 100644 api/envoy/service/filter/v3/BUILD create mode 100644 api/envoy/service/filter/v3/filter_config_discovery.proto create mode 100644 generated_api_shadow/envoy/service/filter/v3/BUILD create mode 100644 generated_api_shadow/envoy/service/filter/v3/filter_config_discovery.proto diff --git a/api/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto b/api/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto index 598f9aa62068..2d8b09b117f0 100644 --- a/api/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto +++ b/api/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto @@ -750,22 +750,52 @@ message ScopedRds { [(validate.rules).message = {required: true}]; } +// [#next-free-field: 6] message HttpFilter { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.network.http_connection_manager.v2.HttpFilter"; + // [#not-implemented-hide:] Configuration source specifier for the late-bound + // filter configuration. The HTTP Listener is warmed until all the initial + // filter configurations are received, unless the flag to apply the default + // configuration is set. Subsequent filter updates are atomic on a per-worker + // basis, and apply to new streams while the active streams continue using + // the older filter configurations. If the initial delivery of the filter + // configuration fails, due to a timeout for example, the optional default + // configuration is applied. Without a default configuration, the filter is + // disabled, and the HTTP listener responds with 500 immediately. After the + // failure, the listener continues subscribing to the subsequent filter + // configurations. + message HttpFilterConfigSource { + config.core.v3.ConfigSource config_source = 1; + + // Optional default configuration to use as the initial configuration if + // there is a failure to receive the initial filter configuration or if + // `apply_default_config_without_warming` flag is set. + google.protobuf.Any default_config = 2; + + // Use the default config as the initial configuration without warming and + // waiting for the first xDS response. Requires the default configuration + // to be supplied. + bool apply_default_config_without_warming = 3; + } + reserved 3, 2; reserved "config"; - // The name of the filter to instantiate. The name must match a - // :ref:`supported filter `. + // The name of the filter configuration. The name is used as a fallback to + // select an extension if the type of the configuration proto is not + // sufficient. It also serves as a resource name in FilterConfigDS. string name = 1 [(validate.rules).string = {min_bytes: 1}]; // Filter specific configuration which depends on the filter being instantiated. See the supported // filters for further documentation. oneof config_type { google.protobuf.Any typed_config = 4; + + // [#not-implemented-hide:] Configuration source specifier for FilterConfigDS. + HttpFilterConfigSource filter_config_ds = 5; } } diff --git a/api/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto b/api/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto index bf303d549712..bc3826f80f29 100644 --- a/api/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto +++ b/api/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto @@ -757,22 +757,56 @@ message ScopedRds { [(validate.rules).message = {required: true}]; } +// [#next-free-field: 6] message HttpFilter { option (udpa.annotations.versioning).previous_message_type = "envoy.extensions.filters.network.http_connection_manager.v3.HttpFilter"; + // [#not-implemented-hide:] Configuration source specifier for the late-bound + // filter configuration. The HTTP Listener is warmed until all the initial + // filter configurations are received, unless the flag to apply the default + // configuration is set. Subsequent filter updates are atomic on a per-worker + // basis, and apply to new streams while the active streams continue using + // the older filter configurations. If the initial delivery of the filter + // configuration fails, due to a timeout for example, the optional default + // configuration is applied. Without a default configuration, the filter is + // disabled, and the HTTP listener responds with 500 immediately. After the + // failure, the listener continues subscribing to the subsequent filter + // configurations. + message HttpFilterConfigSource { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.HttpFilter." + "HttpFilterConfigSource"; + + config.core.v4alpha.ConfigSource config_source = 1; + + // Optional default configuration to use as the initial configuration if + // there is a failure to receive the initial filter configuration or if + // `apply_default_config_without_warming` flag is set. + google.protobuf.Any default_config = 2; + + // Use the default config as the initial configuration without warming and + // waiting for the first xDS response. Requires the default configuration + // to be supplied. + bool apply_default_config_without_warming = 3; + } + reserved 3, 2; reserved "config"; - // The name of the filter to instantiate. The name must match a - // :ref:`supported filter `. + // The name of the filter configuration. The name is used as a fallback to + // select an extension if the type of the configuration proto is not + // sufficient. It also serves as a resource name in FilterConfigDS. string name = 1 [(validate.rules).string = {min_bytes: 1}]; // Filter specific configuration which depends on the filter being instantiated. See the supported // filters for further documentation. oneof config_type { google.protobuf.Any typed_config = 4; + + // [#not-implemented-hide:] Configuration source specifier for FilterConfigDS. + HttpFilterConfigSource filter_config_ds = 5; } } diff --git a/api/envoy/service/filter/v3/BUILD b/api/envoy/service/filter/v3/BUILD new file mode 100644 index 000000000000..6c68a071b873 --- /dev/null +++ b/api/envoy/service/filter/v3/BUILD @@ -0,0 +1,14 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + has_services = True, + deps = [ + "//envoy/annotations:pkg", + "//envoy/service/discovery/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/api/envoy/service/filter/v3/filter_config_discovery.proto b/api/envoy/service/filter/v3/filter_config_discovery.proto new file mode 100644 index 000000000000..79c5846710bb --- /dev/null +++ b/api/envoy/service/filter/v3/filter_config_discovery.proto @@ -0,0 +1,37 @@ +syntax = "proto3"; + +package envoy.service.filter.v3; + +import "envoy/service/discovery/v3/discovery.proto"; + +import "google/api/annotations.proto"; + +import "envoy/annotations/resource.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.service.filter.v3"; +option java_outer_classname = "FilterConfigDiscoveryProto"; +option java_multiple_files = true; +option java_generic_services = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: FilterConfigDS] + +// Return filter configurations. +service FilterConfigDiscoveryService { + option (envoy.annotations.resource).type = "envoy.config.core.v3.TypedExtensionConfig"; + + rpc StreamFilterConfigs(stream discovery.v3.DiscoveryRequest) + returns (stream discovery.v3.DiscoveryResponse) { + } + + rpc DeltaFilterConfigs(stream discovery.v3.DeltaDiscoveryRequest) + returns (stream discovery.v3.DeltaDiscoveryResponse) { + } + + rpc FetchFilterConfigs(discovery.v3.DiscoveryRequest) returns (discovery.v3.DiscoveryResponse) { + option (google.api.http).post = "/v3/discovery:filter_configs"; + option (google.api.http).body = "*"; + } +} diff --git a/api/versioning/BUILD b/api/versioning/BUILD index 796d8246a31e..1d91b1724b1c 100644 --- a/api/versioning/BUILD +++ b/api/versioning/BUILD @@ -127,6 +127,7 @@ proto_library( "//envoy/service/discovery/v3:pkg", "//envoy/service/endpoint/v3:pkg", "//envoy/service/event_reporting/v3:pkg", + "//envoy/service/filter/v3:pkg", "//envoy/service/health/v3:pkg", "//envoy/service/listener/v3:pkg", "//envoy/service/load_stats/v3:pkg", diff --git a/generated_api_shadow/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto b/generated_api_shadow/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto index 1ebec4a8ff55..230a2b98e087 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto @@ -755,14 +755,41 @@ message ScopedRds { [(validate.rules).message = {required: true}]; } +// [#next-free-field: 6] message HttpFilter { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.network.http_connection_manager.v2.HttpFilter"; + // [#not-implemented-hide:] Configuration source specifier for the late-bound + // filter configuration. The HTTP Listener is warmed until all the initial + // filter configurations are received, unless the flag to apply the default + // configuration is set. Subsequent filter updates are atomic on a per-worker + // basis, and apply to new streams while the active streams continue using + // the older filter configurations. If the initial delivery of the filter + // configuration fails, due to a timeout for example, the optional default + // configuration is applied. Without a default configuration, the filter is + // disabled, and the HTTP listener responds with 500 immediately. After the + // failure, the listener continues subscribing to the subsequent filter + // configurations. + message HttpFilterConfigSource { + config.core.v3.ConfigSource config_source = 1; + + // Optional default configuration to use as the initial configuration if + // there is a failure to receive the initial filter configuration or if + // `apply_default_config_without_warming` flag is set. + google.protobuf.Any default_config = 2; + + // Use the default config as the initial configuration without warming and + // waiting for the first xDS response. Requires the default configuration + // to be supplied. + bool apply_default_config_without_warming = 3; + } + reserved 3; - // The name of the filter to instantiate. The name must match a - // :ref:`supported filter `. + // The name of the filter configuration. The name is used as a fallback to + // select an extension if the type of the configuration proto is not + // sufficient. It also serves as a resource name in FilterConfigDS. string name = 1 [(validate.rules).string = {min_bytes: 1}]; // Filter specific configuration which depends on the filter being instantiated. See the supported @@ -770,6 +797,9 @@ message HttpFilter { oneof config_type { google.protobuf.Any typed_config = 4; + // [#not-implemented-hide:] Configuration source specifier for FilterConfigDS. + HttpFilterConfigSource filter_config_ds = 5; + google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true]; } } diff --git a/generated_api_shadow/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto b/generated_api_shadow/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto index bf303d549712..bc3826f80f29 100644 --- a/generated_api_shadow/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto +++ b/generated_api_shadow/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto @@ -757,22 +757,56 @@ message ScopedRds { [(validate.rules).message = {required: true}]; } +// [#next-free-field: 6] message HttpFilter { option (udpa.annotations.versioning).previous_message_type = "envoy.extensions.filters.network.http_connection_manager.v3.HttpFilter"; + // [#not-implemented-hide:] Configuration source specifier for the late-bound + // filter configuration. The HTTP Listener is warmed until all the initial + // filter configurations are received, unless the flag to apply the default + // configuration is set. Subsequent filter updates are atomic on a per-worker + // basis, and apply to new streams while the active streams continue using + // the older filter configurations. If the initial delivery of the filter + // configuration fails, due to a timeout for example, the optional default + // configuration is applied. Without a default configuration, the filter is + // disabled, and the HTTP listener responds with 500 immediately. After the + // failure, the listener continues subscribing to the subsequent filter + // configurations. + message HttpFilterConfigSource { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.filters.network.http_connection_manager.v3.HttpFilter." + "HttpFilterConfigSource"; + + config.core.v4alpha.ConfigSource config_source = 1; + + // Optional default configuration to use as the initial configuration if + // there is a failure to receive the initial filter configuration or if + // `apply_default_config_without_warming` flag is set. + google.protobuf.Any default_config = 2; + + // Use the default config as the initial configuration without warming and + // waiting for the first xDS response. Requires the default configuration + // to be supplied. + bool apply_default_config_without_warming = 3; + } + reserved 3, 2; reserved "config"; - // The name of the filter to instantiate. The name must match a - // :ref:`supported filter `. + // The name of the filter configuration. The name is used as a fallback to + // select an extension if the type of the configuration proto is not + // sufficient. It also serves as a resource name in FilterConfigDS. string name = 1 [(validate.rules).string = {min_bytes: 1}]; // Filter specific configuration which depends on the filter being instantiated. See the supported // filters for further documentation. oneof config_type { google.protobuf.Any typed_config = 4; + + // [#not-implemented-hide:] Configuration source specifier for FilterConfigDS. + HttpFilterConfigSource filter_config_ds = 5; } } diff --git a/generated_api_shadow/envoy/service/filter/v3/BUILD b/generated_api_shadow/envoy/service/filter/v3/BUILD new file mode 100644 index 000000000000..6c68a071b873 --- /dev/null +++ b/generated_api_shadow/envoy/service/filter/v3/BUILD @@ -0,0 +1,14 @@ +# DO NOT EDIT. This file is generated by tools/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + has_services = True, + deps = [ + "//envoy/annotations:pkg", + "//envoy/service/discovery/v3:pkg", + "@com_github_cncf_udpa//udpa/annotations:pkg", + ], +) diff --git a/generated_api_shadow/envoy/service/filter/v3/filter_config_discovery.proto b/generated_api_shadow/envoy/service/filter/v3/filter_config_discovery.proto new file mode 100644 index 000000000000..79c5846710bb --- /dev/null +++ b/generated_api_shadow/envoy/service/filter/v3/filter_config_discovery.proto @@ -0,0 +1,37 @@ +syntax = "proto3"; + +package envoy.service.filter.v3; + +import "envoy/service/discovery/v3/discovery.proto"; + +import "google/api/annotations.proto"; + +import "envoy/annotations/resource.proto"; +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.service.filter.v3"; +option java_outer_classname = "FilterConfigDiscoveryProto"; +option java_multiple_files = true; +option java_generic_services = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: FilterConfigDS] + +// Return filter configurations. +service FilterConfigDiscoveryService { + option (envoy.annotations.resource).type = "envoy.config.core.v3.TypedExtensionConfig"; + + rpc StreamFilterConfigs(stream discovery.v3.DiscoveryRequest) + returns (stream discovery.v3.DiscoveryResponse) { + } + + rpc DeltaFilterConfigs(stream discovery.v3.DeltaDiscoveryRequest) + returns (stream discovery.v3.DeltaDiscoveryResponse) { + } + + rpc FetchFilterConfigs(discovery.v3.DiscoveryRequest) returns (discovery.v3.DiscoveryResponse) { + option (google.api.http).post = "/v3/discovery:filter_configs"; + option (google.api.http).body = "*"; + } +}