-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Found new managed modules references (#227)
New managed modules references found. Please review. Co-authored-by: unmultimedio <[email protected]>
- Loading branch information
1 parent
4272e47
commit 18919e1
Showing
14 changed files
with
2,706 additions
and
6 deletions.
There are no files selected for viewing
273 changes: 273 additions & 0 deletions
273
...fc53134190d090903c6dccbd8cac96e095c6434d96051fb80812e02b8c017a36d362ea53e10d9d7de2a0238fb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,273 @@ | ||
| syntax = "proto3"; | ||
|
|
||
| package envoy.extensions.filters.http.ext_proc.v3; | ||
|
|
||
| import "envoy/config/common/mutation_rules/v3/mutation_rules.proto"; | ||
| import "envoy/config/core/v3/grpc_service.proto"; | ||
| import "envoy/extensions/filters/http/ext_proc/v3/processing_mode.proto"; | ||
| import "envoy/type/matcher/v3/string.proto"; | ||
|
|
||
| import "google/protobuf/duration.proto"; | ||
| import "google/protobuf/struct.proto"; | ||
|
|
||
| import "udpa/annotations/status.proto"; | ||
| import "validate/validate.proto"; | ||
|
|
||
| option java_package = "io.envoyproxy.envoy.extensions.filters.http.ext_proc.v3"; | ||
| option java_outer_classname = "ExtProcProto"; | ||
| option java_multiple_files = true; | ||
| option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_proc/v3;ext_procv3"; | ||
| option (udpa.annotations.file_status).package_version_status = ACTIVE; | ||
|
|
||
| // [#protodoc-title: External Processing Filter] | ||
| // External Processing Filter | ||
| // [#extension: envoy.filters.http.ext_proc] | ||
|
|
||
| // The External Processing filter allows an external service to act on HTTP traffic in a flexible way. | ||
|
|
||
| // **Current Implementation Status:** | ||
| // All options and processing modes are implemented except for the following: | ||
| // | ||
| // * Request and response attributes are not sent and not processed. | ||
| // * Dynamic metadata in responses from the external processor is ignored. | ||
| // * "async mode" is not implemented. | ||
|
|
||
| // The filter communicates with an external gRPC service called an "external processor" | ||
| // that can do a variety of things with the request and response: | ||
| // | ||
| // * Access and modify the HTTP headers on the request, response, or both | ||
| // * Access and modify the HTTP request and response bodies | ||
| // * Access and modify the dynamic stream metadata | ||
| // * Immediately send an HTTP response downstream and terminate other processing | ||
| // | ||
| // The filter communicates with the server using a gRPC bidirectional stream. After the initial | ||
| // request, the external server is in control over what additional data is sent to it | ||
| // and how it should be processed. | ||
| // | ||
| // By implementing the protocol specified by the stream, the external server can choose: | ||
| // | ||
| // * Whether it receives the response message at all | ||
| // * Whether it receives the message body at all, in separate chunks, or as a single buffer | ||
| // * Whether subsequent HTTP requests are transmitted synchronously or whether they are | ||
| // sent asynchronously. | ||
| // * To modify request or response trailers if they already exist | ||
| // | ||
| // The filter supports up to six different processing steps. Each is represented by | ||
| // a gRPC stream message that is sent to the external processor. For each message, the | ||
| // processor must send a matching response. | ||
| // | ||
| // * Request headers: Contains the headers from the original HTTP request. | ||
| // * Request body: Delivered if they are present and sent in a single message if | ||
| // the BUFFERED or BUFFERED_PARTIAL mode is chosen, in multiple messages if the | ||
| // STREAMED mode is chosen, and not at all otherwise. | ||
| // * Request trailers: Delivered if they are present and if the trailer mode is set | ||
| // to SEND. | ||
| // * Response headers: Contains the headers from the HTTP response. Keep in mind | ||
| // that if the upstream system sends them before processing the request body that | ||
| // this message may arrive before the complete body. | ||
| // * Response body: Sent according to the processing mode like the request body. | ||
| // * Response trailers: Delivered according to the processing mode like the | ||
| // request trailers. | ||
| // | ||
| // By default, the processor sends only the request and response headers messages. | ||
| // This may be changed to include any of the six steps by changing the processing_mode | ||
| // setting of the filter configuration, or by setting the mode_override of any response | ||
| // from the external processor. The latter is only enabled if allow_mode_override is | ||
| // set to true. This way, a processor may, for example, use information | ||
| // in the request header to determine whether the message body must be examined, or whether | ||
| // the proxy should simply stream it straight through. | ||
| // | ||
| // All of this together allows a server to process the filter traffic in fairly | ||
| // sophisticated ways. For example: | ||
| // | ||
| // * A server may choose to examine all or part of the HTTP message bodies depending | ||
| // on the content of the headers. | ||
| // * A server may choose to immediately reject some messages based on their HTTP | ||
| // headers (or other dynamic metadata) and more carefully examine others. | ||
| // * A server may asynchronously monitor traffic coming through the filter by inspecting | ||
| // headers, bodies, or both, and then decide to switch to a synchronous processing | ||
| // mode, either permanently or temporarily. | ||
| // | ||
| // The protocol itself is based on a bidirectional gRPC stream. Envoy will send the | ||
| // server | ||
| // :ref:`ProcessingRequest <envoy_v3_api_msg_service.ext_proc.v3.ProcessingRequest>` | ||
| // messages, and the server must reply with | ||
| // :ref:`ProcessingResponse <envoy_v3_api_msg_service.ext_proc.v3.ProcessingResponse>`. | ||
| // | ||
| // Stats about each gRPC call are recorded in a :ref:`dynamic filter state | ||
| // <arch_overview_advanced_filter_state_sharing>` object in a namespace matching the filter | ||
| // name. | ||
| // | ||
| // [#next-free-field: 16] | ||
| message ExternalProcessor { | ||
| // Configuration for the gRPC service that the filter will communicate with. | ||
| // The filter supports both the "Envoy" and "Google" gRPC clients. | ||
| config.core.v3.GrpcService grpc_service = 1 [(validate.rules).message = {required: true}]; | ||
|
|
||
| // By default, if the gRPC stream cannot be established, or if it is closed | ||
| // prematurely with an error, the filter will fail. Specifically, if the | ||
| // response headers have not yet been delivered, then it will return a 500 | ||
| // error downstream. If they have been delivered, then instead the HTTP stream to the | ||
| // downstream client will be reset. | ||
| // With this parameter set to true, however, then if the gRPC stream is prematurely closed | ||
| // or could not be opened, processing continues without error. | ||
| bool failure_mode_allow = 2; | ||
|
|
||
| // Specifies default options for how HTTP headers, trailers, and bodies are | ||
| // sent. See ProcessingMode for details. | ||
| ProcessingMode processing_mode = 3; | ||
|
|
||
| // [#not-implemented-hide:] | ||
| // If true, send each part of the HTTP request or response specified by ProcessingMode | ||
| // asynchronously -- in other words, send the message on the gRPC stream and then continue | ||
| // filter processing. If false, which is the default, suspend filter execution after | ||
| // each message is sent to the remote service and wait up to "message_timeout" | ||
| // for a reply. | ||
| bool async_mode = 4; | ||
|
|
||
| // [#not-implemented-hide:] | ||
| // Envoy provides a number of :ref:`attributes <arch_overview_attributes>` | ||
| // for expressive policies. Each attribute name provided in this field will be | ||
| // matched against that list and populated in the request_headers message. | ||
| // See the :ref:`attribute documentation <arch_overview_request_attributes>` | ||
| // for the list of supported attributes and their types. | ||
| repeated string request_attributes = 5; | ||
|
|
||
| // [#not-implemented-hide:] | ||
| // Envoy provides a number of :ref:`attributes <arch_overview_attributes>` | ||
| // for expressive policies. Each attribute name provided in this field will be | ||
| // matched against that list and populated in the response_headers message. | ||
| // See the :ref:`attribute documentation <arch_overview_attributes>` | ||
| // for the list of supported attributes and their types. | ||
| repeated string response_attributes = 6; | ||
|
|
||
| // Specifies the timeout for each individual message sent on the stream and | ||
| // when the filter is running in synchronous mode. Whenever the proxy sends | ||
| // a message on the stream that requires a response, it will reset this timer, | ||
| // and will stop processing and return an error (subject to the processing mode) | ||
| // if the timer expires before a matching response is received. There is no | ||
| // timeout when the filter is running in asynchronous mode. Zero is a valid | ||
| // config which means the timer will be triggered immediately. If not | ||
| // configured, default is 200 milliseconds. | ||
| google.protobuf.Duration message_timeout = 7 [(validate.rules).duration = { | ||
| lte {seconds: 3600} | ||
| gte {} | ||
| }]; | ||
|
|
||
| // Optional additional prefix to use when emitting statistics. This allows to distinguish | ||
| // emitted statistics between configured *ext_proc* filters in an HTTP filter chain. | ||
| string stat_prefix = 8; | ||
|
|
||
| // Rules that determine what modifications an external processing server may | ||
| // make to message headers. If not set, all headers may be modified except | ||
| // for "host", ":authority", ":scheme", ":method", and headers that start | ||
| // with the header prefix set via | ||
| // :ref:`header_prefix <envoy_v3_api_field_config.bootstrap.v3.Bootstrap.header_prefix>` | ||
| // (which is usually "x-envoy"). | ||
| // Note that changing headers such as "host" or ":authority" may not in itself | ||
| // change Envoy's routing decision, as routes can be cached. To also force the | ||
| // route to be recomputed, set the | ||
| // :ref:`clear_route_cache <envoy_v3_api_field_service.ext_proc.v3.CommonResponse.clear_route_cache>` | ||
| // field to true in the same response. | ||
| config.common.mutation_rules.v3.HeaderMutationRules mutation_rules = 9; | ||
|
|
||
| // Specify the upper bound of | ||
| // :ref:`override_message_timeout <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.override_message_timeout>` | ||
| // If not specified, by default it is 0, which will effectively disable the ``override_message_timeout`` API. | ||
| google.protobuf.Duration max_message_timeout = 10 [(validate.rules).duration = { | ||
| lte {seconds: 3600} | ||
| gte {} | ||
| }]; | ||
|
|
||
| // Prevents clearing the route-cache when the | ||
| // :ref:`clear_route_cache <envoy_v3_api_field_service.ext_proc.v3.CommonResponse.clear_route_cache>` | ||
| // field is set in an external processor response. | ||
| bool disable_clear_route_cache = 11; | ||
|
|
||
| // Allow headers matching the ``forward_rules`` to be forwarded to the external processing server. | ||
| // If not set, all headers are forwarded to the external processing server. | ||
| HeaderForwardingRules forward_rules = 12; | ||
|
|
||
| // Additional metadata to be added to the filter state for logging purposes. The metadata | ||
| // will be added to StreamInfo's filter state under the namespace corresponding to the | ||
| // ext_proc filter name. | ||
| google.protobuf.Struct filter_metadata = 13; | ||
|
|
||
| // If ``allow_mode_override`` is set to true, the filter config :ref:`processing_mode | ||
| // <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.processing_mode>` | ||
| // can be overridden by the response message from the external processing server | ||
| // :ref:`mode_override <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.mode_override>`. | ||
| // If not set, ``mode_override`` API in the response message will be ignored. | ||
| bool allow_mode_override = 14; | ||
|
|
||
| // If set to true, ignore the | ||
| // :ref:`immediate_response <envoy_v3_api_field_service.ext_proc.v3.ProcessingResponse.immediate_response>` | ||
| // message in an external processor response. In such case, no local reply will be sent. | ||
| // Instead, the stream to the external processor will be closed. There will be no | ||
| // more external processing for this stream from now on. | ||
| // [#not-implemented-hide:] | ||
| bool disable_immediate_response = 15; | ||
| } | ||
|
|
||
| // The HeaderForwardingRules structure specifies what headers are | ||
| // allowed to be forwarded to the external processing server. | ||
| // | ||
| // This works as below: | ||
| // | ||
| // 1. If neither ``allowed_headers`` nor ``disallowed_headers`` is set, all headers are forwarded. | ||
| // 2. If both ``allowed_headers`` and ``disallowed_headers`` are set, only headers in the | ||
| // ``allowed_headers`` but not in the ``disallowed_headers`` are forwarded. | ||
| // 3. If ``allowed_headers`` is set, and ``disallowed_headers`` is not set, only headers in | ||
| // the ``allowed_headers`` are forwarded. | ||
| // 4. If ``disallowed_headers`` is set, and ``allowed_headers`` is not set, all headers except | ||
| // headers in the ``disallowed_headers`` are forwarded. | ||
| message HeaderForwardingRules { | ||
| // If set, specifically allow any header in this list to be forwarded to the external | ||
| // processing server. This can be overridden by the below ``disallowed_headers``. | ||
| type.matcher.v3.ListStringMatcher allowed_headers = 1; | ||
|
|
||
| // If set, specifically disallow any header in this list to be forwarded to the external | ||
| // processing server. This overrides the above ``allowed_headers`` if a header matches both. | ||
| type.matcher.v3.ListStringMatcher disallowed_headers = 2; | ||
| } | ||
|
|
||
| // Extra settings that may be added to per-route configuration for a | ||
| // virtual host or cluster. | ||
| message ExtProcPerRoute { | ||
| oneof override { | ||
| option (validate.required) = true; | ||
|
|
||
| // Disable the filter for this particular vhost or route. | ||
| // If disabled is specified in multiple per-filter-configs, the most specific one will be used. | ||
| bool disabled = 1 [(validate.rules).bool = {const: true}]; | ||
|
|
||
| // Override aspects of the configuration for this route. A set of | ||
| // overrides in a more specific configuration will override a "disabled" | ||
| // flag set in a less-specific one. | ||
| ExtProcOverrides overrides = 2; | ||
| } | ||
| } | ||
|
|
||
| // Overrides that may be set on a per-route basis | ||
| // [#next-free-field: 6] | ||
| message ExtProcOverrides { | ||
| // Set a different processing mode for this route than the default. | ||
| ProcessingMode processing_mode = 1; | ||
|
|
||
| // [#not-implemented-hide:] | ||
| // Set a different asynchronous processing option than the default. | ||
| bool async_mode = 2; | ||
|
|
||
| // [#not-implemented-hide:] | ||
| // Set different optional attributes than the default setting of the | ||
| // ``request_attributes`` field. | ||
| repeated string request_attributes = 3; | ||
|
|
||
| // [#not-implemented-hide:] | ||
| // Set different optional properties than the default setting of the | ||
| // ``response_attributes`` field. | ||
| repeated string response_attributes = 4; | ||
|
|
||
| // Set a different gRPC service for this route than the default. | ||
| config.core.v3.GrpcService grpc_service = 5; | ||
| } |
Oops, something went wrong.