Skip to content

Envoy Bump to 1.34.0 #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
May 8, 2025
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
@@ -21,9 +21,9 @@ jobs:
- name: "Install packages"
run: apt-get update && apt-get install -y git
- name: Checkout repository
uses: actions/checkout@v2
uses: actions/checkout@v4
- name: "Gradle cache"
uses: actions/cache@v2
uses: actions/cache@v4
with:
path: |
~/.gradle
15 changes: 8 additions & 7 deletions README.md
Original file line number Diff line number Diff line change
@@ -9,12 +9,13 @@ Major and minor version follow the envoy version against which they are built. T

The `tools` directory follows https://github.com/envoyproxy/java-control-plane/commits/main/tools as closely as possible.

1. Update the `API_SHAS` (which are not really just SHAs): run `update-sha.sh MAJOR.MINOR.PATCH`, paste the end of its output to `API_SHAS`.

1. Update the proto files using `update-api.sh`. This will remove the old `src/main/proto` and fetch a new set of protos.

1. Bump the library version accoring to `Versioning` above in `gradle.properties`.

1. Now it should build on CI. Can try locally using `./gradlew assemble`, but see GHA workflow for specific steps.
1. Grab the Commit ID of the envoy version you are going to use and update it into the `API_SHAS` file.
2. Next see its Bazel dependencices `https://github.com/envoyproxy/envoy/blob/{GITHUB_COMMIT_ID}/api/bazel/repository_locations.bzl`
3. Update the remaining SHAs and Versions in the `API_SHAS` file.
4. This is an alternate : you can also use the run `update-sha.sh MAJOR.MINOR.PATCH`, paste the end of its output to `API_SHAS`.
5. Update the proto files using `update-api.sh`. This will remove the old `src/main/proto` and fetch a new set of protos.
6. Bump the library version according to `Versioning` above in `gradle.properties`.
7. Now it should build on CI. Can try locally using `./gradlew assemble`, but see GHA workflow for specific steps.
8. You may need to add or remove protos depending on the failures and you would want to refer to the bazel dependencies file to figure out what failed, finally udpate the scripts to have the change.

Note: until we catch up with Envoy head version, slight adjustments might be needed for these scripts, towards matching upstream more closely.
2 changes: 1 addition & 1 deletion gradle.properties
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
version=1.29.0-2
version=1.34.0-1
org.gradle.jvmargs=-Xmx2g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8
392 changes: 392 additions & 0 deletions src/main/proto/cel/expr/checked.proto
Original file line number Diff line number Diff line change
@@ -0,0 +1,392 @@
// Copyright 2023 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package cel.expr;

import "cel/expr/syntax.proto";
import "google/protobuf/empty.proto";
import "google/protobuf/struct.proto";

option cc_enable_arenas = true;
option go_package = "cel.dev/expr";
option java_multiple_files = true;
option java_outer_classname = "DeclProto";
option java_package = "dev.cel.expr";

// Protos for representing CEL declarations and typed checked expressions.

// A CEL expression which has been successfully type checked.
message CheckedExpr {
// A map from expression ids to resolved references.
//
// The following entries are in this table:
//
// - An Ident or Select expression is represented here if it resolves to a
// declaration. For instance, if `a.b.c` is represented by
// `select(select(id(a), b), c)`, and `a.b` resolves to a declaration,
// while `c` is a field selection, then the reference is attached to the
// nested select expression (but not to the id or or the outer select).
// In turn, if `a` resolves to a declaration and `b.c` are field selections,
// the reference is attached to the ident expression.
// - Every Call expression has an entry here, identifying the function being
// called.
// - Every CreateStruct expression for a message has an entry, identifying
// the message.
map<int64, Reference> reference_map = 2;

// A map from expression ids to types.
//
// Every expression node which has a type different than DYN has a mapping
// here. If an expression has type DYN, it is omitted from this map to save
// space.
map<int64, Type> type_map = 3;

// The source info derived from input that generated the parsed `expr` and
// any optimizations made during the type-checking pass.
SourceInfo source_info = 5;

// The expr version indicates the major / minor version number of the `expr`
// representation.
//
// The most common reason for a version change will be to indicate to the CEL
// runtimes that transformations have been performed on the expr during static
// analysis. In some cases, this will save the runtime the work of applying
// the same or similar transformations prior to evaluation.
string expr_version = 6;

// The checked expression. Semantically equivalent to the parsed `expr`, but
// may have structural differences.
Expr expr = 4;
}

// Represents a CEL type.
message Type {
// List type with typed elements, e.g. `list<example.proto.MyMessage>`.
message ListType {
// The element type.
Type elem_type = 1;
}

// Map type with parameterized key and value types, e.g. `map<string, int>`.
message MapType {
// The type of the key.
Type key_type = 1;

// The type of the value.
Type value_type = 2;
}

// Function type with result and arg types.
message FunctionType {
// Result type of the function.
Type result_type = 1;

// Argument types of the function.
repeated Type arg_types = 2;
}

// Application defined abstract type.
message AbstractType {
// The fully qualified name of this abstract type.
string name = 1;

// Parameter types for this abstract type.
repeated Type parameter_types = 2;
}

// CEL primitive types.
enum PrimitiveType {
// Unspecified type.
PRIMITIVE_TYPE_UNSPECIFIED = 0;

// Boolean type.
BOOL = 1;

// Int64 type.
//
// 32-bit integer values are widened to int64.
INT64 = 2;

// Uint64 type.
//
// 32-bit unsigned integer values are widened to uint64.
UINT64 = 3;

// Double type.
//
// 32-bit float values are widened to double values.
DOUBLE = 4;

// String type.
STRING = 5;

// Bytes type.
BYTES = 6;
}

// Well-known protobuf types treated with first-class support in CEL.
enum WellKnownType {
// Unspecified type.
WELL_KNOWN_TYPE_UNSPECIFIED = 0;

// Well-known protobuf.Any type.
//
// Any types are a polymorphic message type. During type-checking they are
// treated like `DYN` types, but at runtime they are resolved to a specific
// message type specified at evaluation time.
ANY = 1;

// Well-known protobuf.Timestamp type, internally referenced as `timestamp`.
TIMESTAMP = 2;

// Well-known protobuf.Duration type, internally referenced as `duration`.
DURATION = 3;
}

// The kind of type.
oneof type_kind {
// Dynamic type.
google.protobuf.Empty dyn = 1;

// Null value.
google.protobuf.NullValue null = 2;

// Primitive types: `true`, `1u`, `-2.0`, `'string'`, `b'bytes'`.
PrimitiveType primitive = 3;

// Wrapper of a primitive type, e.g. `google.protobuf.Int64Value`.
PrimitiveType wrapper = 4;

// Well-known protobuf type such as `google.protobuf.Timestamp`.
WellKnownType well_known = 5;

// Parameterized list with elements of `list_type`, e.g. `list<timestamp>`.
ListType list_type = 6;

// Parameterized map with typed keys and values.
MapType map_type = 7;

// Function type.
FunctionType function = 8;

// Protocol buffer message type.
//
// The `message_type` string specifies the qualified message type name. For
// example, `google.type.PhoneNumber`.
string message_type = 9;

// Type param type.
//
// The `type_param` string specifies the type parameter name, e.g. `list<E>`
// would be a `list_type` whose element type was a `type_param` type
// named `E`.
string type_param = 10;

// Type type.
//
// The `type` value specifies the target type. e.g. int is type with a
// target type of `Primitive.INT64`.
Type type = 11;

// Error type.
//
// During type-checking if an expression is an error, its type is propagated
// as the `ERROR` type. This permits the type-checker to discover other
// errors present in the expression.
google.protobuf.Empty error = 12;

// Abstract, application defined type.
//
// An abstract type has no accessible field names, and it can only be
// inspected via helper / member functions.
AbstractType abstract_type = 14;
}
}

// Represents a declaration of a named value or function.
//
// A declaration is part of the contract between the expression, the agent
// evaluating that expression, and the caller requesting evaluation.
message Decl {
// Identifier declaration which specifies its type and optional `Expr` value.
//
// An identifier without a value is a declaration that must be provided at
// evaluation time. An identifier with a value should resolve to a constant,
// but may be used in conjunction with other identifiers bound at evaluation
// time.
message IdentDecl {
// Required. The type of the identifier.
Type type = 1;

// The constant value of the identifier. If not specified, the identifier
// must be supplied at evaluation time.
Constant value = 2;

// Documentation string for the identifier.
//
// Provide a brief description of what the variable represents and whether
// there are any constraints on the formatting or supported value range.
//
// Examples:
//
// 'request.auth.principal' - string which uniquely identifies an
// authenticated principal. For JSON Web Tokens (JWTs), the principal
// is the combination of the issuer ('iss') and subject ('sub') token
// fields concatenated by a forward slash: iss + `/` + sub.
//
// 'min_cpus' - integer value indicates the minimum number of CPUs
// required for a compute cluster. The 'min_cpus' value must be
// greater than zero and less than 'max_cpus' or 64 whichever is less.
string doc = 3;
}

// Function declaration specifies one or more overloads which indicate the
// function's parameter types and return type.
//
// Functions have no observable side-effects (there may be side-effects like
// logging which are not observable from CEL).
message FunctionDecl {
// An overload indicates a function's parameter types and return type, and
// may optionally include a function body described in terms of
// [Expr][cel.expr.Expr] values.
//
// Functions overloads are declared in either a function or method
// call-style. For methods, the `params[0]` is the expected type of the
// target receiver.
//
// Overloads must have non-overlapping argument types after erasure of all
// parameterized type variables (similar as type erasure in Java).
message Overload {
// Required. Globally unique overload name of the function which reflects
// the function name and argument types.
//
// This will be used by a [Reference][cel.expr.Reference] to
// indicate the `overload_id` that was resolved for the function `name`.
string overload_id = 1;

// List of function parameter [Type][cel.expr.Type] values.
//
// Param types are disjoint after generic type parameters have been
// replaced with the type `DYN`. Since the `DYN` type is compatible with
// any other type, this means that if `A` is a type parameter, the
// function types `int<A>` and `int<int>` are not disjoint. Likewise,
// `map<string, string>` is not disjoint from `map<K, V>`.
//
// When the `result_type` of a function is a generic type param, the
// type param name also appears as the `type` of on at least one params.
repeated Type params = 2;

// The type param names associated with the function declaration.
//
// For example, `function ex<K,V>(K key, map<K, V> map) : V` would yield
// the type params of `K, V`.
repeated string type_params = 3;

// Required. The result type of the function. For example, the operator
// `string.isEmpty()` would have `result_type` of `kind: BOOL`.
Type result_type = 4;

// Whether the function is to be used in a method call-style `x.f(...)`
// of a function call-style `f(x, ...)`.
//
// For methods, the first parameter declaration, `params[0]` is the
// expected type of the target receiver.
bool is_instance_function = 5;

// Documentation string for the overload.
//
// Provide examples of the overload behavior, preferring to use literal
// values as input with a comment on the return value.
//
// Examples:
//
// // Determine whether a value of type <V> exists within a list<V>.
// 2 in [1, 2, 3] // returns true
//
// // Determine whether a key of type <K> exists within a map<K,V>.
// 'hello' in {'hi': 'you', 'hello': 'there'} // returns true
// 'help' in {'hi': 'you', 'hello': 'there'} // returns false
//
// // Take the substring of a string starting at a specific character
// // offset (inclusive).
// "tacocat".substring(1) // returns "acocat"
// "tacocat".substring(20) // error
//
// // Take the substring of a string starting at a specific character
// // offset (inclusive) and ending at the given offset (exclusive).
// "tacocat".substring(1, 6) // returns "acoca"
string doc = 6;
}

// Required. List of function overloads, must contain at least one overload.
repeated Overload overloads = 1;

// Documentation string for the function that indicates the general purpose
// of the function and its behavior.
//
// Documentation strings for the function should be general purpose with
// specific examples provided in the overload doc string.
//
// Examples:
//
// The 'in' operator tests whether an item exists in a collection.
//
// The 'substring' function returns a substring of a target string.
string doc = 2;
}

// The fully qualified name of the declaration.
//
// Declarations are organized in containers and this represents the full path
// to the declaration in its container, as in `cel.expr.Decl`.
//
// Declarations used as
// [FunctionDecl.Overload][cel.expr.Decl.FunctionDecl.Overload]
// parameters may or may not have a name depending on whether the overload is
// function declaration or a function definition containing a result
// [Expr][cel.expr.Expr].
string name = 1;

// Required. The declaration kind.
oneof decl_kind {
// Identifier declaration.
IdentDecl ident = 2;

// Function declaration.
FunctionDecl function = 3;
}
}

// Describes a resolved reference to a declaration.
message Reference {
// The fully qualified name of the declaration.
string name = 1;

// For references to functions, this is a list of `Overload.overload_id`
// values which match according to typing rules.
//
// If the list has more than one element, overload resolution among the
// presented candidates must happen at runtime because of dynamic types. The
// type checker attempts to narrow down this list as much as possible.
//
// Empty if this is not a reference to a
// [Decl.FunctionDecl][cel.expr.Decl.FunctionDecl].
repeated string overload_id = 3;

// For references to constants, this may contain the value of the
// constant if known at compile time.
Constant value = 4;
}
180 changes: 180 additions & 0 deletions src/main/proto/cel/expr/conformance/conformance_service.proto
Original file line number Diff line number Diff line change
@@ -0,0 +1,180 @@
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package cel.expr.conformance;

import "cel/expr/checked.proto";
import "cel/expr/eval.proto";
import "cel/expr/syntax.proto";
import "google/rpc/status.proto";

option cc_enable_arenas = true;
option go_package = "cel.dev/expr/conformance";
option java_multiple_files = true;
option java_outer_classname = "ConformanceServiceProto";
option java_package = "dev.cel.expr.conformance";

// Access a CEL implementation from another process or machine.
// A CEL implementation is decomposed as a parser, a static checker,
// and an evaluator. Every CEL implementation is expected to provide
// a server for this API. The API will be used for conformance testing
// and other utilities.
service ConformanceService {
// Transforms CEL source text into a parsed representation.
rpc Parse(ParseRequest) returns (ParseResponse) {
}

// Runs static checks on a parsed CEL representation and return
// an annotated representation, or a set of issues.
rpc Check(CheckRequest) returns (CheckResponse) {
}

// Evaluates a parsed or annotation CEL representation given
// values of external bindings.
rpc Eval(EvalRequest) returns (EvalResponse) {
}
}

// Request message for the Parse method.
message ParseRequest {
// Required. Source text in CEL syntax.
string cel_source = 1;

// Tag for version of CEL syntax, for future use.
string syntax_version = 2;

// File or resource for source text, used in [SourceInfo][google.api.SourceInfo].
string source_location = 3;

// Prevent macro expansion. See "Macros" in Language Defiinition.
bool disable_macros = 4;
}

// Response message for the Parse method.
message ParseResponse {
// The parsed representation, or unset if parsing failed.
cel.expr.ParsedExpr parsed_expr = 1;

// Any number of issues with [StatusDetails][] as the details.
repeated google.rpc.Status issues = 2;
}

// Request message for the Check method.
message CheckRequest {
// Required. The parsed representation of the CEL program.
cel.expr.ParsedExpr parsed_expr = 1;

// Declarations of types for external variables and functions.
// Required if program uses external variables or functions
// not in the default environment.
repeated cel.expr.Decl type_env = 2;

// The protocol buffer context. See "Name Resolution" in the
// Language Definition.
string container = 3;

// If true, use only the declarations in [type_env][google.api.expr.conformance.v1alpha1.CheckRequest.type_env]. If false (default),
// add declarations for the standard definitions to the type environment. See
// "Standard Definitions" in the Language Definition.
bool no_std_env = 4;
}

// Response message for the Check method.
message CheckResponse {
// The annotated representation, or unset if checking failed.
cel.expr.CheckedExpr checked_expr = 1;

// Any number of issues with [StatusDetails][] as the details.
repeated google.rpc.Status issues = 2;
}

// Request message for the Eval method.
message EvalRequest {
// Required. Either the parsed or annotated representation of the CEL program.
oneof expr_kind {
// Evaluate based on the parsed representation.
cel.expr.ParsedExpr parsed_expr = 1;

// Evaluate based on the checked representation.
cel.expr.CheckedExpr checked_expr = 2;
}

// Bindings for the external variables. The types SHOULD be compatible
// with the type environment in [CheckRequest][google.api.expr.conformance.v1alpha1.CheckRequest], if checked.
map<string, cel.expr.ExprValue> bindings = 3;

// SHOULD be the same container as used in [CheckRequest][google.api.expr.conformance.v1alpha1.CheckRequest], if checked.
string container = 4;
}

// Response message for the Eval method.
message EvalResponse {
// The execution result, or unset if execution couldn't start.
cel.expr.ExprValue result = 1;

// Any number of issues with [StatusDetails][] as the details.
// Note that CEL execution errors are reified into [ExprValue][].
// Nevertheless, we'll allow out-of-band issues to be raised,
// which also makes the replies more regular.
repeated google.rpc.Status issues = 2;
}

// A specific position in source.
message SourcePosition {
// The source location name (e.g. file name).
string location = 1;

// The UTF-8 code unit offset.
int32 offset = 2;

// The 1-based index of the starting line in the source text
// where the issue occurs, or 0 if unknown.
int32 line = 3;

// The 0-based index of the starting position within the line of source text
// where the issue occurs. Only meaningful if line is nonzero.
int32 column = 4;
}

// Warnings or errors in service execution are represented by
// [google.rpc.Status][google.rpc.Status] messages, with the following message
// in the details field.
message IssueDetails {
// Severities of issues.
enum Severity {
// An unspecified severity.
SEVERITY_UNSPECIFIED = 0;

// Deprecation issue for statements and method that may no longer be
// supported or maintained.
DEPRECATION = 1;

// Warnings such as: unused variables.
WARNING = 2;

// Errors such as: unmatched curly braces or variable redefinition.
ERROR = 3;
}

// The severity of the issue.
Severity severity = 1;

// Position in the source, if known.
SourcePosition position = 2;

// Expression ID from [Expr][], 0 if unknown.
int64 id = 3;
}
183 changes: 183 additions & 0 deletions src/main/proto/cel/expr/conformance/env_config.proto
Original file line number Diff line number Diff line change
@@ -0,0 +1,183 @@
// Copyright 2025 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package cel.expr.conformance;

import "cel/expr/checked.proto";
import "google/protobuf/struct.proto";
import "google/protobuf/descriptor.proto";

option cc_enable_arenas = true;
option go_package = "cel.dev/expr/conformance";
option java_multiple_files = true;
option java_outer_classname = "EnvironmentProto";
option java_package = "cel.dev.expr.conformance";

// Representation of a CEL Environment, defining what features and extensions
// are available for conformance testing.
message Environment {
// Name of the environment
string name = 1;

// Description for the current environment
string description = 2;

// Sets the namespace (container) for the expression.
// This is used to simplify resolution.
// For example with container
// `google.rpc.context`
// an identifier of `google.rpc.context.AttributeContext` could be referred
// to simply as `AttributeContext` in the CEL expression.
string container = 3;

// Import represents a type name that will be abbreviated by its simple name
// making it easier to reference simple type names from packages other than
// the expression container.
// For ex:
// Import{name: 'google.rpc.Status'}
// The above import will ensure that `google.rpc.Status` is available by the
// simple name `Status` within CEL expressions.
message Import {
// Qualified type name which will be abbreviated
string name = 1;
}

// List of abbreviations to be added to the CEL environment
repeated Import imports = 4;

// Set of options to subset a subsettable library
LibrarySubset stdlib = 5;

// List of extensions to enable in the CEL environment.
repeated Extension extensions = 6;

// ContextVariable represents a message type to be made available as a
// context variable to the CEL environment.
message ContextVariable {
// Fully qualified type name of the context proto.
string type_name = 1;
}

// If set, adds a context declaration from a proto message.
//
// Context messages have all of their top-level fields available as variables
// in the type checker.
ContextVariable context_variable = 7;

// List of declarations to be configured in the CEL environment.
//
// Note: The CEL environment can be configured with either the
// context_variable or a set of ident_decls provided as part of declarations.
// Providing both will result in an error.
repeated cel.expr.Decl declarations = 8;

// List of validators for validating the parsed ast.
repeated Validator validators = 9;

// List of feature flags to be enabled or disabled.
repeated Feature features = 10;

// Disables including the declarations from the standard CEL environment.
//
// NOTE: Do not disable the standard CEL declarations unless you are aware of
// the implications and have discussed your use case on cel-discuss@
// or with the members of the cel-governance-team@
//
// Deprecated: Use LibrarySubset to disable standard cel declarations instead:
// stdlib = LibrarySubset{ disable: true }
bool disable_standard_cel_declarations = 11;

// If provided, uses the provided FileDescriptorSet to extend types available
// the CEL expression. All "well-known" protobuf messages (google.protobuf.*)
// are known to the CEL compiler, but all others must be provided for type
// checking.
google.protobuf.FileDescriptorSet message_type_extension = 12;

// When macro call tracking is enabled, the resulting SourceInfo in the
// CheckedExpr will contain a collection of expressions representing the
// function calls which were replaced by macros.
//
// Deprecated: Use Feature to enable macro call tracking
// Feature{ name: "cel.feature.macro_call_tracking", enabled: true }
bool enable_macro_call_tracking = 13;
}

// Represents a named validator with an optional map-based configuration object.
// Naming convention followed by validators:
// <domain>.validator.<validator_name>
// For ex:
// `cel.validator.timestamp`
//
// Note: the map-keys must directly correspond to the internal representation of
// the original validator, and should only use primitive scalar types as values
// at this time.
message Validator {
string name = 1;

// Additional configurations to be included as part of the validation
map<string, google.protobuf.Value> config = 2;
}

// Represents a named boolean feature flag supported by CEL.
// Naming convention followed by features:
// <domain>.feature.<feature_name>
// For ex:
// `cel.feature.cross_type_numeric_comparisons`
message Feature {
// Name of the feature flag.
string name = 1;

// State of the feature flab.
bool enabled = 2;
}

// Extension represents a versioned extension library reference to enable in the
// CEL environment.
message Extension {
// Name of the extension library.
string name = 1;
// Version of the extension library.
string version = 2;
}

// LibrarySubset indicates a subset of the macros and functions supported by a
// subsettable library.
message LibrarySubset {
// Indicates whether the library has been disabled, typically only
// used for default-enabled libraries like stdlib.
bool disabled = 1;

// Disables macros for the given library.
bool disable_macros = 2;

// Specifies a set of macro function names to include in the subset.
repeated string include_macros = 3;

// Specifies a set of macro function names to exclude from the subset.
// Note: if IncludeMacros is non-empty, then ExcludeFunctions is ignored.
repeated string exclude_macros = 4;

// Specifies a set of functions to include in the subset.
//
// Note: the overloads specified in the subset need only specify their ID.
// Note: if IncludeFunctions is non-empty, then ExcludeFunctions is ignored.
repeated cel.expr.Decl include_functions = 5;

// Specifies the set of functions to exclude from the subset.
//
// Note: the overloads specified in the subset need only specify their ID.
repeated cel.expr.Decl exclude_functions = 6;
}
341 changes: 341 additions & 0 deletions src/main/proto/cel/expr/conformance/proto2/test_all_types.proto

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
// Copyright 2024 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto2";

package cel.expr.conformance.proto2;

import "cel/expr/conformance/proto2/test_all_types.proto";

option cc_enable_arenas = true;
option go_package = "cel.dev/expr/conformance/proto2";
option java_outer_classname = "TestAllTypesExtensions";
option java_package = "dev.cel.expr.conformance.proto2";
option java_multiple_files = true;

// Package scoped extensions
extend TestAllTypes {
optional int32 int32_ext = 1000;
optional TestAllTypes nested_ext = 1001;
optional TestAllTypes test_all_types_ext = 1002;
optional TestAllTypes.NestedEnum nested_enum_ext = 1003;
repeated TestAllTypes repeated_test_all_types = 1004;
}

// Message scoped extensions
message Proto2ExtensionScopedMessage {
extend TestAllTypes {
optional int64 int64_ext = 1005;
optional TestAllTypes message_scoped_nested_ext = 1006;
optional TestAllTypes.NestedEnum nested_enum_ext = 1007;
repeated TestAllTypes message_scoped_repeated_test_all_types = 1008;
}
}
331 changes: 331 additions & 0 deletions src/main/proto/cel/expr/conformance/proto3/test_all_types.proto
Original file line number Diff line number Diff line change
@@ -0,0 +1,331 @@
// Copyright 2024 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package cel.expr.conformance.proto3;

import "google/protobuf/any.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/empty.proto";
import "google/protobuf/field_mask.proto";
import "google/protobuf/struct.proto";
import "google/protobuf/timestamp.proto";
import "google/protobuf/wrappers.proto";

option cc_enable_arenas = true;
option go_package = "cel.dev/expr/conformance/proto3";
option java_multiple_files = true;
option java_outer_classname = "TestAllTypesProto";
option java_package = "dev.cel.expr.conformance.proto3";

// This proto includes every type of field in both singular and repeated
// forms.
message TestAllTypes {
message NestedMessage {
// The field name "b" fails to compile in proto1 because it conflicts with
// a local variable named "b" in one of the generated methods.
// This file needs to compile in proto1 to test backwards-compatibility.
int32 bb = 1;
}

enum NestedEnum {
FOO = 0;
BAR = 1;
BAZ = 2;
}

// Singular
int32 single_int32 = 1;
int64 single_int64 = 2;
uint32 single_uint32 = 3;
uint64 single_uint64 = 4;
sint32 single_sint32 = 5;
sint64 single_sint64 = 6;
fixed32 single_fixed32 = 7;
fixed64 single_fixed64 = 8;
sfixed32 single_sfixed32 = 9;
sfixed64 single_sfixed64 = 10;
float single_float = 11;
double single_double = 12;
bool single_bool = 13;
string single_string = 14;
bytes single_bytes = 15;
optional bool optional_bool = 16;
optional bool optional_string = 17;

// Collides with 'in' operator.
bool in = 18;

// Wellknown.
google.protobuf.Any single_any = 100;
google.protobuf.Duration single_duration = 101;
google.protobuf.Timestamp single_timestamp = 102;
google.protobuf.Struct single_struct = 103;
google.protobuf.Value single_value = 104;
google.protobuf.Int64Value single_int64_wrapper = 105;
google.protobuf.Int32Value single_int32_wrapper = 106;
google.protobuf.DoubleValue single_double_wrapper = 107;
google.protobuf.FloatValue single_float_wrapper = 108;
google.protobuf.UInt64Value single_uint64_wrapper = 109;
google.protobuf.UInt32Value single_uint32_wrapper = 110;
google.protobuf.StringValue single_string_wrapper = 111;
google.protobuf.BoolValue single_bool_wrapper = 112;
google.protobuf.BytesValue single_bytes_wrapper = 113;
google.protobuf.ListValue list_value = 114;
google.protobuf.NullValue null_value = 115;
optional google.protobuf.NullValue optional_null_value = 116;
google.protobuf.FieldMask field_mask = 117;
google.protobuf.Empty empty = 118;

// Nested messages
oneof nested_type {
NestedMessage single_nested_message = 21;
NestedEnum single_nested_enum = 22;
}
NestedMessage standalone_message = 23;
NestedEnum standalone_enum = 24;

// Repeated
repeated int32 repeated_int32 = 31;
repeated int64 repeated_int64 = 32;
repeated uint32 repeated_uint32 = 33;
repeated uint64 repeated_uint64 = 34;
repeated sint32 repeated_sint32 = 35;
repeated sint64 repeated_sint64 = 36;
repeated fixed32 repeated_fixed32 = 37;
repeated fixed64 repeated_fixed64 = 38;
repeated sfixed32 repeated_sfixed32 = 39;
repeated sfixed64 repeated_sfixed64 = 40;
repeated float repeated_float = 41;
repeated double repeated_double = 42;
repeated bool repeated_bool = 43;
repeated string repeated_string = 44;
repeated bytes repeated_bytes = 45;

// Repeated and nested
repeated NestedMessage repeated_nested_message = 51;
repeated NestedEnum repeated_nested_enum = 52;
repeated string repeated_string_piece = 53 [ctype = STRING_PIECE];
repeated string repeated_cord = 54 [ctype = CORD];
repeated NestedMessage repeated_lazy_message = 55;

// Repeated wellknown.
repeated google.protobuf.Any repeated_any = 120;
repeated google.protobuf.Duration repeated_duration = 121;
repeated google.protobuf.Timestamp repeated_timestamp = 122;
repeated google.protobuf.Struct repeated_struct = 123;
repeated google.protobuf.Value repeated_value = 124;
repeated google.protobuf.Int64Value repeated_int64_wrapper = 125;
repeated google.protobuf.Int32Value repeated_int32_wrapper = 126;
repeated google.protobuf.DoubleValue repeated_double_wrapper = 127;
repeated google.protobuf.FloatValue repeated_float_wrapper = 128;
repeated google.protobuf.UInt64Value repeated_uint64_wrapper = 129;
repeated google.protobuf.UInt32Value repeated_uint32_wrapper = 130;
repeated google.protobuf.StringValue repeated_string_wrapper = 131;
repeated google.protobuf.BoolValue repeated_bool_wrapper = 132;
repeated google.protobuf.BytesValue repeated_bytes_wrapper = 133;
repeated google.protobuf.ListValue repeated_list_value = 134;
repeated google.protobuf.NullValue repeated_null_value = 135;

// Map
map<int64, NestedTestAllTypes> map_int64_nested_type = 62;

map<bool, bool> map_bool_bool = 63;
map<bool, string> map_bool_string = 64;
map<bool, bytes> map_bool_bytes = 65;
map<bool, int32> map_bool_int32 = 66;
map<bool, int64> map_bool_int64 = 67;
map<bool, uint32> map_bool_uint32 = 68;
map<bool, uint64> map_bool_uint64 = 69;
map<bool, float> map_bool_float = 70;
map<bool, double> map_bool_double = 71;
map<bool, NestedEnum> map_bool_enum = 72;
map<bool, NestedMessage> map_bool_message = 73;
map<bool, google.protobuf.Duration> map_bool_duration = 228;
map<bool, google.protobuf.Timestamp> map_bool_timestamp = 229;
map<bool, google.protobuf.NullValue> map_bool_null_value = 230;
map<bool, google.protobuf.Any> map_bool_any = 246;
map<bool, google.protobuf.Struct> map_bool_struct = 247;
map<bool, google.protobuf.Value> map_bool_value = 248;
map<bool, google.protobuf.ListValue> map_bool_list_value = 249;
map<bool, google.protobuf.Int64Value> map_bool_int64_wrapper = 250;
map<bool, google.protobuf.Int32Value> map_bool_int32_wrapper = 251;
map<bool, google.protobuf.DoubleValue> map_bool_double_wrapper = 252;
map<bool, google.protobuf.FloatValue> map_bool_float_wrapper = 253;
map<bool, google.protobuf.UInt64Value> map_bool_uint64_wrapper = 254;
map<bool, google.protobuf.UInt32Value> map_bool_uint32_wrapper = 255;
map<bool, google.protobuf.StringValue> map_bool_string_wrapper = 256;
map<bool, google.protobuf.BoolValue> map_bool_bool_wrapper = 257;
map<bool, google.protobuf.BytesValue> map_bool_bytes_wrapper = 258;

map<int32, bool> map_int32_bool = 74;
map<int32, string> map_int32_string = 75;
map<int32, bytes> map_int32_bytes = 76;
map<int32, int32> map_int32_int32 = 77;
map<int32, int64> map_int32_int64 = 78;
map<int32, uint32> map_int32_uint32 = 79;
map<int32, uint64> map_int32_uint64 = 80;
map<int32, float> map_int32_float = 81;
map<int32, double> map_int32_double = 82;
map<int32, NestedEnum> map_int32_enum = 83;
map<int32, NestedMessage> map_int32_message = 84;
map<int32, google.protobuf.Duration> map_int32_duration = 231;
map<int32, google.protobuf.Timestamp> map_int32_timestamp = 232;
map<int32, google.protobuf.NullValue> map_int32_null_value = 233;
map<int32, google.protobuf.Any> map_int32_any = 259;
map<int32, google.protobuf.Struct> map_int32_struct = 260;
map<int32, google.protobuf.Value> map_int32_value = 261;
map<int32, google.protobuf.ListValue> map_int32_list_value = 262;
map<int32, google.protobuf.Int64Value> map_int32_int64_wrapper = 263;
map<int32, google.protobuf.Int32Value> map_int32_int32_wrapper = 264;
map<int32, google.protobuf.DoubleValue> map_int32_double_wrapper = 265;
map<int32, google.protobuf.FloatValue> map_int32_float_wrapper = 266;
map<int32, google.protobuf.UInt64Value> map_int32_uint64_wrapper = 267;
map<int32, google.protobuf.UInt32Value> map_int32_uint32_wrapper = 268;
map<int32, google.protobuf.StringValue> map_int32_string_wrapper = 269;
map<int32, google.protobuf.BoolValue> map_int32_bool_wrapper = 270;
map<int32, google.protobuf.BytesValue> map_int32_bytes_wrapper = 271;

map<int64, bool> map_int64_bool = 85;
map<int64, string> map_int64_string = 86;
map<int64, bytes> map_int64_bytes = 87;
map<int64, int32> map_int64_int32 = 88;
map<int64, int64> map_int64_int64 = 89;
map<int64, uint32> map_int64_uint32 = 90;
map<int64, uint64> map_int64_uint64 = 91;
map<int64, float> map_int64_float = 92;
map<int64, double> map_int64_double = 93;
map<int64, NestedEnum> map_int64_enum = 94;
map<int64, NestedMessage> map_int64_message = 95;
map<int64, google.protobuf.Duration> map_int64_duration = 234;
map<int64, google.protobuf.Timestamp> map_int64_timestamp = 235;
map<int64, google.protobuf.NullValue> map_int64_null_value = 236;
map<int64, google.protobuf.Any> map_int64_any = 272;
map<int64, google.protobuf.Struct> map_int64_struct = 273;
map<int64, google.protobuf.Value> map_int64_value = 274;
map<int64, google.protobuf.ListValue> map_int64_list_value = 275;
map<int64, google.protobuf.Int64Value> map_int64_int64_wrapper = 276;
map<int64, google.protobuf.Int32Value> map_int64_int32_wrapper = 277;
map<int64, google.protobuf.DoubleValue> map_int64_double_wrapper = 278;
map<int64, google.protobuf.FloatValue> map_int64_float_wrapper = 279;
map<int64, google.protobuf.UInt64Value> map_int64_uint64_wrapper = 280;
map<int64, google.protobuf.UInt32Value> map_int64_uint32_wrapper = 281;
map<int64, google.protobuf.StringValue> map_int64_string_wrapper = 282;
map<int64, google.protobuf.BoolValue> map_int64_bool_wrapper = 283;
map<int64, google.protobuf.BytesValue> map_int64_bytes_wrapper = 284;

map<uint32, bool> map_uint32_bool = 96;
map<uint32, string> map_uint32_string = 97;
map<uint32, bytes> map_uint32_bytes = 98;
map<uint32, int32> map_uint32_int32 = 99;
map<uint32, int64> map_uint32_int64 = 200;
map<uint32, uint32> map_uint32_uint32 = 201;
map<uint32, uint64> map_uint32_uint64 = 202;
map<uint32, float> map_uint32_float = 203;
map<uint32, double> map_uint32_double = 204;
map<uint32, NestedEnum> map_uint32_enum = 205;
map<uint32, NestedMessage> map_uint32_message = 206;
map<uint32, google.protobuf.Duration> map_uint32_duration = 237;
map<uint32, google.protobuf.Timestamp> map_uint32_timestamp = 238;
map<uint32, google.protobuf.NullValue> map_uint32_null_value = 239;
map<uint32, google.protobuf.Any> map_uint32_any = 285;
map<uint32, google.protobuf.Struct> map_uint32_struct = 286;
map<uint32, google.protobuf.Value> map_uint32_value = 287;
map<uint32, google.protobuf.ListValue> map_uint32_list_value = 288;
map<uint32, google.protobuf.Int64Value> map_uint32_int64_wrapper = 289;
map<uint32, google.protobuf.Int32Value> map_uint32_int32_wrapper = 290;
map<uint32, google.protobuf.DoubleValue> map_uint32_double_wrapper = 291;
map<uint32, google.protobuf.FloatValue> map_uint32_float_wrapper = 292;
map<uint32, google.protobuf.UInt64Value> map_uint32_uint64_wrapper = 293;
map<uint32, google.protobuf.UInt32Value> map_uint32_uint32_wrapper = 294;
map<uint32, google.protobuf.StringValue> map_uint32_string_wrapper = 295;
map<uint32, google.protobuf.BoolValue> map_uint32_bool_wrapper = 296;
map<uint32, google.protobuf.BytesValue> map_uint32_bytes_wrapper = 297;

map<uint64, bool> map_uint64_bool = 207;
map<uint64, string> map_uint64_string = 208;
map<uint64, bytes> map_uint64_bytes = 209;
map<uint64, int32> map_uint64_int32 = 210;
map<uint64, int64> map_uint64_int64 = 211;
map<uint64, uint32> map_uint64_uint32 = 212;
map<uint64, uint64> map_uint64_uint64 = 213;
map<uint64, float> map_uint64_float = 214;
map<uint64, double> map_uint64_double = 215;
map<uint64, NestedEnum> map_uint64_enum = 216;
map<uint64, NestedMessage> map_uint64_message = 217;
map<uint64, google.protobuf.Duration> map_uint64_duration = 240;
map<uint64, google.protobuf.Timestamp> map_uint64_timestamp = 241;
map<uint64, google.protobuf.NullValue> map_uint64_null_value = 242;
map<uint64, google.protobuf.Any> map_uint64_any = 298;
map<uint64, google.protobuf.Struct> map_uint64_struct = 299;
map<uint64, google.protobuf.Value> map_uint64_value = 300;
map<uint64, google.protobuf.ListValue> map_uint64_list_value = 301;
map<uint64, google.protobuf.Int64Value> map_uint64_int64_wrapper = 302;
map<uint64, google.protobuf.Int32Value> map_uint64_int32_wrapper = 303;
map<uint64, google.protobuf.DoubleValue> map_uint64_double_wrapper = 304;
map<uint64, google.protobuf.FloatValue> map_uint64_float_wrapper = 305;
map<uint64, google.protobuf.UInt64Value> map_uint64_uint64_wrapper = 306;
map<uint64, google.protobuf.UInt32Value> map_uint64_uint32_wrapper = 307;
map<uint64, google.protobuf.StringValue> map_uint64_string_wrapper = 308;
map<uint64, google.protobuf.BoolValue> map_uint64_bool_wrapper = 309;
map<uint64, google.protobuf.BytesValue> map_uint64_bytes_wrapper = 310;

map<string, bool> map_string_bool = 218;
map<string, string> map_string_string = 61;
map<string, bytes> map_string_bytes = 219;
map<string, int32> map_string_int32 = 220;
map<string, int64> map_string_int64 = 221;
map<string, uint32> map_string_uint32 = 222;
map<string, uint64> map_string_uint64 = 223;
map<string, float> map_string_float = 224;
map<string, double> map_string_double = 225;
map<string, NestedEnum> map_string_enum = 226;
map<string, NestedMessage> map_string_message = 227;
map<string, google.protobuf.Duration> map_string_duration = 243;
map<string, google.protobuf.Timestamp> map_string_timestamp = 244;
map<string, google.protobuf.NullValue> map_string_null_value = 245;
map<string, google.protobuf.Any> map_string_any = 311;
map<string, google.protobuf.Struct> map_string_struct = 312;
map<string, google.protobuf.Value> map_string_value = 313;
map<string, google.protobuf.ListValue> map_string_list_value = 314;
map<string, google.protobuf.Int64Value> map_string_int64_wrapper = 315;
map<string, google.protobuf.Int32Value> map_string_int32_wrapper = 316;
map<string, google.protobuf.DoubleValue> map_string_double_wrapper = 317;
map<string, google.protobuf.FloatValue> map_string_float_wrapper = 318;
map<string, google.protobuf.UInt64Value> map_string_uint64_wrapper = 319;
map<string, google.protobuf.UInt32Value> map_string_uint32_wrapper = 320;
map<string, google.protobuf.StringValue> map_string_string_wrapper = 321;
map<string, google.protobuf.BoolValue> map_string_bool_wrapper = 322;
map<string, google.protobuf.BytesValue> map_string_bytes_wrapper = 323;

oneof kind {
NestedTestAllTypes oneof_type = 400;
NestedMessage oneof_msg = 401;
bool oneof_bool = 402;
}
}

// This proto includes a recursively nested message.
message NestedTestAllTypes {
NestedTestAllTypes child = 1;
TestAllTypes payload = 2;
}

// This proto tests that global enums are resolved correctly.
enum GlobalEnum {
GOO = 0;
GAR = 1;
GAZ = 2;
}
145 changes: 145 additions & 0 deletions src/main/proto/cel/expr/conformance/test/simple.proto
Original file line number Diff line number Diff line change
@@ -0,0 +1,145 @@
// Copyright 2024 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

// Simple end-to-end conformance tests.

syntax = "proto3";

package cel.expr.conformance.test;

import "cel/expr/checked.proto";
import "cel/expr/eval.proto";
import "cel/expr/value.proto";

option cc_enable_arenas = true;
option go_package = "cel.dev/expr/conformance/test";
option java_multiple_files = true;
option java_outer_classname = "SimpleProto";
option java_package = "dev.cel.expr.conformance.test";

// The format of a simple test file, expected to be stored in text format.
// A file is the unit of granularity for selecting conformance tests,
// so tests of optional features should be segregated into separate files.
//
// Deprecated: Use cel.expr.conformance.test.Suite
message SimpleTestFile {
// Required. The name of the file. Should match the filename.
string name = 1;

// A description of the file.
string description = 2;

// The contained sections.
repeated SimpleTestSection section = 3;
}

// A collection of related SimpleTests.
//
// The section is the unit of organization within a test file, and should
// guide where new tests are added.
message SimpleTestSection {
// Required. The name of the section.
string name = 1;

// A description of the section.
string description = 2;

// The contained tests.
repeated SimpleTest test = 3;
}

// A test which should run the given CEL program through parsing,
// optionally through checking, then evaluation, with the results
// of the pipeline validated by the given result matcher.
message SimpleTest {
// Required. The name of the test, which should be unique in the test file.
string name = 1;

// A description of the test.
string description = 2;

// Required. The text of the CEL expression.
string expr = 3;

// Disables all macro expansion in parsing.
bool disable_macros = 4;

// Disables the check phase.
bool disable_check = 5;

// Disables the evaluate phase.
bool check_only = 15;

// The type environment to use for the check phase.
repeated cel.expr.Decl type_env = 6;

// The container for name resolution.
string container = 13;

// The locale to use for the evaluation phase.
string locale = 14;

// Variable bindings to use for the eval phase.
map<string, cel.expr.ExprValue> bindings = 7;

// An unspecified result defaults to a matcher for the true boolean value.
oneof result_matcher {
// A normal value, which must match the evaluation result exactly
// via value equality semantics. This coincides with proto equality,
// except for:
// * maps are order-agnostic.
// * a floating point NaN should match any NaN.
cel.expr.Value value = 8;

// A result and deduced expression type.
TypedResult typed_result = 16;

// Matches error evaluation results.
cel.expr.ErrorSet eval_error = 9;

// Matches one of several error results.
// (Using explicit message since oneof can't handle repeated.)
ErrorSetMatcher any_eval_errors = 10;

// Matches unknown evaluation results.
cel.expr.UnknownSet unknown = 11;

// Matches one of several unknown results.
// (Using explicit message since oneof can't handle repeated.)
UnknownSetMatcher any_unknowns = 12;
}
// Next is 17.
}

// Matches a result along with deduced expression type.
message TypedResult {
// A normal value, which must match the evaluation result exactly
// via value equality semantics. This is ignored if the test is `check_only`.
cel.expr.Value result = 1;

// The deduced type of the expression as reported by the checker.
cel.expr.Type deduced_type = 2;
}

// Matches error results from Eval.
message ErrorSetMatcher {
// Success if we match any of these sets.
repeated cel.expr.ErrorSet errors = 1;
}

// Matches unknown results from Eval.
message UnknownSetMatcher {
// Success if we match any of these sets.
repeated cel.expr.UnknownSet unknowns = 1;
}
161 changes: 161 additions & 0 deletions src/main/proto/cel/expr/conformance/test/suite.proto
Original file line number Diff line number Diff line change
@@ -0,0 +1,161 @@
// Copyright 2024 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

// Unit tests and end-to-end conformance tests.

syntax = "proto3";

package cel.expr.conformance.test;

import "cel/expr/checked.proto";
import "cel/expr/eval.proto";
import "cel/expr/value.proto";
import "cel/expr/conformance/env_config.proto";
import "google/protobuf/any.proto";

option cc_enable_arenas = true;
option go_package = "cel.dev/expr/conformance/test";
option java_multiple_files = true;
option java_outer_classname = "SuiteProto";
option java_package = "dev.cel.expr.conformance.test";

// A test suite is a collection of tests designed to evaluate the correctness of
// a CEL policy, a CEL expression or the conformance of a CEL implementation to
// the standard specification.
message TestSuite {
// The name of the test suite.
string name = 1;

// Description of the test suite.
string description = 2;

// Test sections of the test suite.
// Each section represents a behavior to be tested.
repeated TestSection sections = 3;
}

// A collection of related test cases.
message TestSection {
// Name of the test section.
string name = 1;

// Description of the test section.
string description = 2;

// Test cases of the test section.
// Each test case represents a test scenario.
repeated TestCase tests = 3;
}

// A test to validate a CEL policy or expression. The test case encompasses
// evaluation of the compiled expression using the provided input bindings and
// asserting the result against the expected result.
// It can also validate a raw CEL expression string through parse, check and
// eval stages, making use of the augmenting CEL environment if provided.
message TestCase {
// Name of the test case.
string name = 1;

// A description of the test.
string description = 2;

// The text of the CEL expression.
string expr = 3;

// Serialized environment to be used for compilation and evaluation of the
// CEL expression for the current test case.
// This option allows validating the same expression against multiple
// environments.
cel.expr.conformance.Environment env = 4;

// Input for the test case
TestInput input = 5;

// Expected result of the test case.
TestOutput output = 6;

// If specified validates that the deduced type at check time matches
// If the result kind is not set and this field is set, the test is considered
// "check-only".
cel.expr.Type deduced_type = 7;

// Bypass the type-checking and only attempt to evaluate the parsed
// expression.
bool disable_check = 8;
}

// Input for the test case
message TestInput {
// The type of input for the test case
oneof input_kind {
// A set of variable bindings to be used for evaluating a checked
// expression.
Bindings bindings = 1;

// A context message represents an input kind in the form of a proto
// message whose type is defined at runtime.
google.protobuf.Any context_message = 2;

// A context expression representing a context proto variable. The
// fields of the input proto.Messages are used as top-level variables within
// an Activation. The expression is evaluated using the cel environment
// configured for the test suite.
string context_expr = 3;
}
}

// The bindings of input variables for the test case.
message Bindings {
// A map representing a variable binding where the key is the name of the
// input variable.
map<string, InputValue> values = 1;
}

// The input value for a variable binding
message InputValue {
// The type of input value that can be used for a variable binding
oneof kind {
// A simple literal value for a variable binding
cel.expr.Value value = 1;

// An expression which evaluates to the value of the variable binding.
// The expression is evaluated using the same runtime environment as the
// one used for evaluating the expression under test.
string expr = 2;
}
}

// Expected result of the test case.
message TestOutput {
// Type of expected result of the test case.
oneof result_kind {
// A normal value, which must match the evaluation result exactly via value
// equality semantics. This coincides with proto equality, except for:
// * maps are order-agnostic
// * a floating point NaN should match any NaN
cel.expr.Value result_value = 8;

// An expression to be evaluated using the cel environment configured for
// the test suite. The result of this expression must match the result of
// the test case.
string result_expr = 9;

// An error evaluation result set. Success if we match all of the errors in
// the set.
cel.expr.ErrorSet eval_error = 10;

// An unknown evaluation result.
cel.expr.UnknownSet unknown = 11;
}
}
116 changes: 116 additions & 0 deletions src/main/proto/cel/expr/eval.proto
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
// Copyright 2023 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package cel.expr;

import "cel/expr/value.proto";
import "google/rpc/status.proto";

option cc_enable_arenas = true;
option go_package = "cel.dev/expr";
option java_multiple_files = true;
option java_outer_classname = "EvalProto";
option java_package = "dev.cel.expr";

// The state of an evaluation.
//
// Can represent an initial, partial, or completed state of evaluation.
message EvalState {
// A single evaluation result.
message Result {
// The id of the expression this result if for.
int64 expr = 1;

// The index in `values` of the resulting value.
int64 value = 2;
}

// The unique values referenced in this message.
repeated ExprValue values = 1;

// An ordered list of results.
//
// Tracks the flow of evaluation through the expression.
// May be sparse.
repeated Result results = 3;
}

// The value of an evaluated expression.
message ExprValue {
// An expression can resolve to a value, error or unknown.
oneof kind {
Value value = 1;

// The set of errors in the critical path of evaluation.
//
// Only errors in the critical path are included. For example,
// `(<error1> || true) && <error2>` will only result in `<error2>`,
// while `<error1> || <error2>` will result in both `<error1>` and
// `<error2>`.
//
// Errors cause by the presence of other errors are not included in the
// set. For example `<error1>.foo`, `foo(<error1>)`, and `<error1> + 1` will
// only result in `<error1>`.
//
// Multiple errors *might* be included when evaluation could result
// in different errors. For example `<error1> + <error2>` and
// `foo(<error1>, <error2>)` may result in `<error1>`, `<error2>` or both.
// The exact subset of errors included for this case is unspecified and
// depends on the implementation details of the evaluator.
ErrorSet error = 2;

// The set of unknowns in the critical path of evaluation.
//
// Unknown behaves identically to Error with regards to propagation.
// Specifically, only unknowns in the critical path are included, unknowns
// caused by the presence of other unknowns are not included, and multiple
// unknowns *might* be included when evaluation could result in
// different unknowns. For example:
//
// (<unknown[1]> || true) && <unknown[2]> -> <unknown[2]>
// <unknown[1]> || <unknown[2]> -> <unknown[1,2]>
// <unknown[1]>.foo -> <unknown[1]>
// foo(<unknown[1]>) -> <unknown[1]>
// <unknown[1]> + <unknown[2]> -> <unknown[1]> or <unknown[2[>
//
// Unknown takes precedence over Error in cases where a `Value` can short
// circuit the result:
//
// <error> || <unknown> -> <unknown>
// <error> && <unknown> -> <unknown>
//
// Errors take precedence in all other cases:
//
// <unknown> + <error> -> <error>
// foo(<unknown>, <error>) -> <error>
UnknownSet unknown = 3;
}
}

// A set of errors.
//
// The errors included depend on the context. See `ExprValue.error`.
message ErrorSet {
repeated google.rpc.Status errors = 1;
}

// A set of expressions for which the value is unknown.
//
// The unknowns included depend on the context. See `ExprValue.unknown`.
message UnknownSet {
// The ids of the expressions with unknown values.
repeated int64 exprs = 1;
}
52 changes: 52 additions & 0 deletions src/main/proto/cel/expr/explain.proto
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
// Copyright 2023 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package cel.expr;

import "cel/expr/value.proto";

option cc_enable_arenas = true;
option go_package = "cel.dev/expr";
option java_multiple_files = true;
option java_outer_classname = "ExplainProto";
option java_package = "dev.cel.expr";

// Values of intermediate expressions produced when evaluating expression.
message Explain {
option deprecated = true;

// ID and value index of one step.
message ExprStep {
// ID of corresponding Expr node.
int64 id = 1;

// Index of the value in the values list.
int32 value_index = 2;
}

// All of the observed values.
//
// The field value_index is an index in the values list.
// Separating values from steps is needed to remove redundant values.
repeated Value values = 1;

// List of steps.
//
// Repeated evaluations of the same expression generate new ExprStep
// instances. The order of such ExprStep instances matches the order of
// elements returned by Comprehension.iter_range.
repeated ExprStep expr_steps = 2;
}
416 changes: 416 additions & 0 deletions src/main/proto/cel/expr/syntax.proto

Large diffs are not rendered by default.

114 changes: 114 additions & 0 deletions src/main/proto/cel/expr/value.proto
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@
// Copyright 2023 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package cel.expr;

import "google/protobuf/any.proto";
import "google/protobuf/struct.proto";

option cc_enable_arenas = true;
option go_package = "cel.dev/expr";
option java_multiple_files = true;
option java_outer_classname = "ValueProto";
option java_package = "dev.cel.expr";

// Contains representations for CEL runtime values.

// Represents a CEL value.
//
// This is similar to `google.protobuf.Value`, but can represent CEL's full
// range of values.
message Value {
// Required. The valid kinds of values.
oneof kind {
// Null value.
google.protobuf.NullValue null_value = 1;

// Boolean value.
bool bool_value = 2;

// Signed integer value.
int64 int64_value = 3;

// Unsigned integer value.
uint64 uint64_value = 4;

// Floating point value.
double double_value = 5;

// UTF-8 string value.
string string_value = 6;

// Byte string value.
bytes bytes_value = 7;

// An enum value.
EnumValue enum_value = 9;

// The proto message backing an object value.
google.protobuf.Any object_value = 10;

// Map value.
MapValue map_value = 11;

// List value.
ListValue list_value = 12;

// Type value.
string type_value = 15;
}
}

// An enum value.
message EnumValue {
// The fully qualified name of the enum type.
string type = 1;

// The value of the enum.
int32 value = 2;
}

// A list.
//
// Wrapped in a message so 'not set' and empty can be differentiated, which is
// required for use in a 'oneof'.
message ListValue {
// The ordered values in the list.
repeated Value values = 1;
}

// A map.
//
// Wrapped in a message so 'not set' and empty can be differentiated, which is
// required for use in a 'oneof'.
message MapValue {
message Entry {
// The key.
//
// Must be unique with in the map.
// Currently only boolean, int, uint, and string values can be keys.
Value key = 1;

// The value.
Value value = 2;
}

// The set of map entries.
//
// CEL has fewer restrictions on keys, so a protobuf map representation
// cannot be used.
repeated Entry entries = 1;
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
syntax = "proto3";

package envoy.extensions.compression.qatzstd.compressor.v3alpha;

import "google/protobuf/wrappers.proto";

import "udpa/annotations/status.proto";
import "validate/validate.proto";

option java_package = "io.envoyproxy.envoy.extensions.compression.qatzstd.compressor.v3alpha";
option java_outer_classname = "QatzstdProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/contrib/envoy/extensions/compression/qatzstd/compressor/v3alpha";
option (udpa.annotations.file_status).package_version_status = ACTIVE;

// [#protodoc-title: Qatzstd Compressor]
// Qatzstd :ref:`configuration overview <config_qatzstd>`.
// [#extension: envoy.compression.qatzstd.compressor]

// [#next-free-field: 8]
message Qatzstd {
// Reference to http://facebook.github.io/zstd/zstd_manual.html
enum Strategy {
DEFAULT = 0;
FAST = 1;
DFAST = 2;
GREEDY = 3;
LAZY = 4;
LAZY2 = 5;
BTLAZY2 = 6;
BTOPT = 7;
BTULTRA = 8;
BTULTRA2 = 9;
}

// Set compression parameters according to pre-defined compression level table.
// Note that exact compression parameters are dynamically determined,
// depending on both compression level and source content size (when known).
// Value 0 means default, and default level is 3.
//
// Setting a level does not automatically set all other compression parameters
// to default. Setting this will however eventually dynamically impact the compression
// parameters which have not been manually set. The manually set
// ones will 'stick'.
google.protobuf.UInt32Value compression_level = 1 [(validate.rules).uint32 = {lte: 22 gte: 1}];

// A 32-bits checksum of content is written at end of frame. If not set, defaults to false.
bool enable_checksum = 2;

// The higher the value of selected strategy, the more complex it is,
// resulting in stronger and slower compression.
//
// Special: value 0 means "use default strategy".
Strategy strategy = 3 [(validate.rules).enum = {defined_only: true}];

// Value for compressor's next output buffer. If not set, defaults to 4096.
google.protobuf.UInt32Value chunk_size = 5 [(validate.rules).uint32 = {lte: 65536 gte: 4096}];

// Enable QAT to accelerate Zstd compression or not. If not set, defaults to false.
//
// This is useful in the case that users want to enable QAT for a period of time and disable QAT for another period of time,
// they don't have to change the config too much or prepare for another config that has software zstd compressor and just changing the value of this filed.
bool enable_qat_zstd = 6;

// Fallback to software for Qatzstd when input size is less than this value.
// Valid only ``enable_qat_zstd`` is ``true``. 0 means no fallback at all. If not set, defaults to 4000.
google.protobuf.UInt32Value qat_zstd_fallback_threshold = 7
[(validate.rules).uint32 = {lte: 65536 gte: 0}];
}
Original file line number Diff line number Diff line change
@@ -2,6 +2,8 @@ syntax = "proto3";

package envoy.extensions.filters.http.golang.v3alpha;

import "envoy/extensions/transport_sockets/tls/v3/secret.proto";

import "google/protobuf/any.proto";

import "xds/annotations/v3/status.proto";
@@ -21,7 +23,7 @@ option (xds.annotations.v3.file_status).work_in_progress = true;
// For an overview of the Golang HTTP filter please see the :ref:`configuration reference documentation <config_http_filters_golang>`.
// [#extension: envoy.filters.http.golang]

// [#next-free-field: 6]
// [#next-free-field: 7]
message Config {
// The meanings are as follows:
//
@@ -74,6 +76,13 @@ message Config {
//
// [#not-implemented-hide:]
MergePolicy merge_policy = 5 [(validate.rules).enum = {defined_only: true}];

// Generic secret list available to the plugin.
// Looks into SDS or static bootstrap configuration.
//
// See :repo:`StreamFilter API <contrib/golang/common/go/api/filter.go>`
// for more information about how to access secrets from Go.
repeated transport_sockets.tls.v3.SdsSecretConfig generic_secrets = 6;
}

message RouterPlugin {
Original file line number Diff line number Diff line change
@@ -15,7 +15,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Kafka Broker]
// Kafka Broker :ref:`configuration overview <config_network_filters_kafka_broker>`.
// [#extension: envoy.filters.network.kafka_broker]

// [#next-free-field: 6]
message KafkaBroker {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.network.kafka_broker.v2alpha1.KafkaBroker";
@@ -39,6 +39,16 @@ message KafkaBroker {
// Broker address rewrite rules that match by broker ID.
IdBasedBrokerRewriteSpec id_based_broker_address_rewrite_spec = 3;
}

// Optional list of allowed Kafka API keys. Only requests with provided API keys will be
// routed, otherwise the connection will be closed. No effect if empty.
repeated uint32 api_keys_allowed = 4
[(validate.rules).repeated = {items {uint32 {lte: 32767 gte: 0}}}];

// Optional list of denied Kafka API keys. Requests with API keys matching this list will have
// the connection closed. No effect if empty.
repeated uint32 api_keys_denied = 5
[(validate.rules).repeated = {items {uint32 {lte: 32767 gte: 0}}}];
}

// Collection of rules matching by broker ID.
Original file line number Diff line number Diff line change
@@ -21,10 +21,10 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;

// A CryptoMbPrivateKeyMethodConfig message specifies how the CryptoMb private
// key provider is configured. The private key provider provides ``SIMD``
// processing for RSA sign and decrypt operations (ECDSA signing uses regular
// BoringSSL functions). The provider works by gathering the operations into a
// worker-thread specific queue, and processing the queue using ``ipp-crypto``
// library when the queue is full or when a timer expires.
// processing for ECDSA sign operations and RSA sign and decrypt operations.
// The provider works by gathering the operations into a worker-thread specific
// queue, and processing the queue using ``ipp-crypto`` library when the queue
// is full or when a timer expires.
// [#extension-category: envoy.tls.key_providers]
message CryptoMbPrivateKeyMethodConfig {
// Private key to use in the private key provider. If set to inline_bytes or
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
syntax = "proto3";

package envoy.extensions.tap_sinks.udp_sink.v3alpha;

import "envoy/config/core/v3/address.proto";

import "udpa/annotations/status.proto";

option java_package = "io.envoyproxy.envoy.extensions.tap_sinks.udp_sink.v3alpha";
option java_outer_classname = "UdpSinkProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/contrib/envoy/extensions/tap_sinks/udp_sink/v3alpha";
option (udpa.annotations.file_status).package_version_status = ACTIVE;

// [#protodoc-title: Udp sink configuration]
// [#extension: envoy.tap_sinks.udp_sink]

// Udp sink configuration.
message UdpSink {
// Configure UDP Address.
config.core.v3.SocketAddress udp_address = 1;
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
syntax = "proto3";

package envoy.extensions.upstreams.http.tcp.golang.v3alpha;

import "google/protobuf/any.proto";

import "xds/annotations/v3/status.proto";

import "udpa/annotations/status.proto";
import "validate/validate.proto";

option java_package = "io.envoyproxy.envoy.extensions.upstreams.http.tcp.golang.v3alpha";
option java_outer_classname = "GolangProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/contrib/envoy/extensions/upstreams/http/tcp/golang/v3alpha";
option (udpa.annotations.file_status).package_version_status = ACTIVE;
option (xds.annotations.v3.file_status).work_in_progress = true;

// [#protodoc-title: Golang]
//
// This bridge enables an Http client to connect to a TCP server via a Golang plugin, facilitating Protocol Convert from HTTP to any RPC protocol in Envoy.
//
// For an overview of the Golang HTTP TCP bridge please see the :ref:`configuration reference documentation <config_http_tcp_bridge_golang>`.
// [#extension: envoy.upstreams.http.tcp.golang]

// [#extension-category: envoy.upstreams]
message Config {
// Globally unique ID for a dynamic library file.
string library_id = 1 [(validate.rules).string = {min_len: 1}];

// Path to a dynamic library implementing the
// :repo:`HttpTcpBridge API <contrib/golang/common/go/api.HttpTcpBridge>`
// interface.
string library_path = 2 [(validate.rules).string = {min_len: 1}];

// Globally unique name of the Go plugin.
//
// This name **must** be consistent with the name registered in ``tcp::RegisterHttpTcpBridgeFactoryAndConfigParser``
//
string plugin_name = 3 [(validate.rules).string = {min_len: 1}];

// Configuration for the Go plugin.
//
// .. note::
// This configuration is only parsed in the Golang plugin, and is therefore not validated
// by Envoy.
//
// See the :repo:`HttpTcpBridge API <contrib/golang/common/go/api/filter.go>`
// for more information about how the plugin's configuration data can be accessed.
//
google.protobuf.Any plugin_config = 4;
}
95 changes: 51 additions & 44 deletions src/main/proto/envoy/admin/v3/clusters.proto
Original file line number Diff line number Diff line change
@@ -41,22 +41,24 @@ message ClusterStatus {
bool added_via_api = 2;

// The success rate threshold used in the last interval.
// If
// :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// is ``false``, all errors: externally and locally generated were used to calculate the threshold.
// If
// :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// is ``true``, only externally generated errors were used to calculate the threshold.
// The threshold is used to eject hosts based on their success rate. See
// :ref:`Cluster outlier detection <arch_overview_outlier_detection>` documentation for details.
//
// Note: this field may be omitted in any of the three following cases:
// * If :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// is ``false``, all errors: externally and locally generated were used to calculate the threshold.
// * If :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// is ``true``, only externally generated errors were used to calculate the threshold.
//
// The threshold is used to eject hosts based on their success rate. For more information, see the
// :ref:`Cluster outlier detection <arch_overview_outlier_detection>` documentation.
//
// .. note::
//
// This field may be omitted in any of the three following cases:
//
// 1. There were not enough hosts with enough request volume to proceed with success rate based outlier ejection.
// 2. The threshold is computed to be < 0 because a negative value implies that there was no threshold for that
// interval.
// 3. Outlier detection is not enabled for this cluster.
//
// 1. There were not enough hosts with enough request volume to proceed with success rate based
// outlier ejection.
// 2. The threshold is computed to be < 0 because a negative value implies that there was no
// threshold for that interval.
// 3. Outlier detection is not enabled for this cluster.
type.v3.Percent success_rate_ejection_threshold = 3;

// Mapping from host address to the host's current status.
@@ -67,16 +69,18 @@ message ClusterStatus {
// This field should be interpreted only when
// :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// is ``true``. The threshold is used to eject hosts based on their success rate.
// See :ref:`Cluster outlier detection <arch_overview_outlier_detection>` documentation for
// details.
//
// Note: this field may be omitted in any of the three following cases:
// For more information, see the :ref:`Cluster outlier detection <arch_overview_outlier_detection>` documentation.
//
// .. note::
//
// This field may be omitted in any of the three following cases:
//
// 1. There were not enough hosts with enough request volume to proceed with success rate based outlier ejection.
// 2. The threshold is computed to be < 0 because a negative value implies that there was no threshold for that
// interval.
// 3. Outlier detection is not enabled for this cluster.
//
// 1. There were not enough hosts with enough request volume to proceed with success rate based
// outlier ejection.
// 2. The threshold is computed to be < 0 because a negative value implies that there was no
// threshold for that interval.
// 3. Outlier detection is not enabled for this cluster.
type.v3.Percent local_origin_success_rate_ejection_threshold = 5;

// :ref:`Circuit breaking <arch_overview_circuit_break>` settings of the cluster.
@@ -103,19 +107,20 @@ message HostStatus {
// The host's current health status.
HostHealthStatus health_status = 3;

// Request success rate for this host over the last calculated interval.
// If
// :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// is ``false``, all errors: externally and locally generated were used in success rate
// calculation. If
// :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// is ``true``, only externally generated errors were used in success rate calculation.
// See :ref:`Cluster outlier detection <arch_overview_outlier_detection>` documentation for
// details.
// The success rate for this host during the last measurement interval.
//
// * If :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// is ``false``, all errors: externally and locally generated were used in success rate calculation.
// * If :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// is ``true``, only externally generated errors were used in success rate calculation.
//
// For more information, see the :ref:`Cluster outlier detection <arch_overview_outlier_detection>` documentation.
//
// .. note::
//
// The message will be missing if the host didn't receive enough traffic to calculate a reliable success rate, or
// if the cluster had too few hosts to apply outlier ejection based on success rate.
//
// Note: the message will not be present if host did not have enough request volume to calculate
// success rate or the cluster did not have enough hosts to run through success rate outlier
// ejection.
type.v3.Percent success_rate = 4;

// The host's weight. If not configured, the value defaults to 1.
@@ -127,18 +132,20 @@ message HostStatus {
// The host's priority. If not configured, the value defaults to 0 (highest priority).
uint32 priority = 7;

// Request success rate for this host over the last calculated
// interval when only locally originated errors are taken into account and externally originated
// errors were treated as success.
// This field should be interpreted only when
// The success rate for this host during the last interval, considering only locally generated errors. Externally
// generated errors are treated as successes.
//
// This field is only relevant when
// :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// is ``true``.
// See :ref:`Cluster outlier detection <arch_overview_outlier_detection>` documentation for
// details.
// is set to ``true``.
//
// For more information, see the :ref:`Cluster outlier detection <arch_overview_outlier_detection>` documentation.
//
// .. note::
//
// The message will be missing if the host didn’t receive enough traffic to compute a success rate, or if the
// cluster didn’t have enough hosts to perform outlier ejection based on success rate.
//
// Note: the message will not be present if host did not have enough request volume to calculate
// success rate or the cluster did not have enough hosts to run through success rate outlier
// ejection.
type.v3.Percent local_origin_success_rate = 8;

// locality of the host.
8 changes: 8 additions & 0 deletions src/main/proto/envoy/admin/v3/config_dump_shared.proto
Original file line number Diff line number Diff line change
@@ -39,6 +39,14 @@ enum ClientResourceStatus {

// Client received this resource and replied with NACK.
NACKED = 4;

// Client received an error from the control plane. The attached config
// dump is the most recent accepted one. If no config is accepted yet,
// the attached config dump will be empty.
RECEIVED_ERROR = 5;

// Client timed out waiting for the resource from the control plane.
TIMEOUT = 6;
}

message UpdateFailureState {
11 changes: 10 additions & 1 deletion src/main/proto/envoy/admin/v3/server_info.proto
Original file line number Diff line number Diff line change
@@ -59,7 +59,7 @@ message ServerInfo {
config.core.v3.Node node = 7;
}

// [#next-free-field: 39]
// [#next-free-field: 42]
message CommandLineOptions {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.CommandLineOptions";
@@ -98,6 +98,12 @@ message CommandLineOptions {
// See :option:`--use-dynamic-base-id` for details.
bool use_dynamic_base_id = 31;

// See :option:`--skip-hot-restart-on-no-parent` for details.
bool skip_hot_restart_on_no_parent = 39;

// See :option:`--skip-hot-restart-parent-stats` for details.
bool skip_hot_restart_parent_stats = 40;

// See :option:`--base-id-path` for details.
string base_id_path = 32;

@@ -119,6 +125,9 @@ message CommandLineOptions {
// See :option:`--ignore-unknown-dynamic-fields` for details.
bool ignore_unknown_dynamic_fields = 30;

// See :option:`--skip-deprecated-logs` for details.
bool skip_deprecated_logs = 41;

// See :option:`--admin-address-path` for details.
string admin_address_path = 6;

47 changes: 26 additions & 21 deletions src/main/proto/envoy/config/accesslog/v3/accesslog.proto
Original file line number Diff line number Diff line change
@@ -152,35 +152,38 @@ message TraceableFilter {
"envoy.config.filter.accesslog.v2.TraceableFilter";
}

// Filters for random sampling of requests.
// Filters requests based on runtime-configurable sampling rates.
message RuntimeFilter {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.accesslog.v2.RuntimeFilter";

// Runtime key to get an optional overridden numerator for use in the
// ``percent_sampled`` field. If found in runtime, this value will replace the
// default numerator.
// Specifies a key used to look up a custom sampling rate from the runtime configuration. If a value is found for this
// key, it will override the default sampling rate specified in ``percent_sampled``.
string runtime_key = 1 [(validate.rules).string = {min_len: 1}];

// The default sampling percentage. If not specified, defaults to 0% with
// denominator of 100.
// Defines the default sampling percentage when no runtime override is present. If not specified, the default is
// **0%** (with a denominator of 100).
type.v3.FractionalPercent percent_sampled = 2;

// By default, sampling pivots on the header
// :ref:`x-request-id<config_http_conn_man_headers_x-request-id>` being
// present. If :ref:`x-request-id<config_http_conn_man_headers_x-request-id>`
// is present, the filter will consistently sample across multiple hosts based
// on the runtime key value and the value extracted from
// :ref:`x-request-id<config_http_conn_man_headers_x-request-id>`. If it is
// missing, or ``use_independent_randomness`` is set to true, the filter will
// randomly sample based on the runtime key value alone.
// ``use_independent_randomness`` can be used for logging kill switches within
// complex nested :ref:`AndFilter
// <envoy_v3_api_msg_config.accesslog.v3.AndFilter>` and :ref:`OrFilter
// <envoy_v3_api_msg_config.accesslog.v3.OrFilter>` blocks that are easier to
// reason about from a probability perspective (i.e., setting to true will
// cause the filter to behave like an independent random variable when
// composed within logical operator filters).
// Controls how sampling decisions are made.
//
// - Default behavior (``false``):
//
// * Uses the :ref:`x-request-id<config_http_conn_man_headers_x-request-id>` as a consistent sampling pivot.
// * When :ref:`x-request-id<config_http_conn_man_headers_x-request-id>` is present, sampling will be consistent
// across multiple hosts based on both the ``runtime_key`` and
// :ref:`x-request-id<config_http_conn_man_headers_x-request-id>`.
// * Useful for tracking related requests across a distributed system.
//
// - When set to ``true`` or :ref:`x-request-id<config_http_conn_man_headers_x-request-id>` is missing:
//
// * Sampling decisions are made randomly based only on the ``runtime_key``.
// * Useful in complex filter configurations (like nested
// :ref:`AndFilter<envoy_v3_api_msg_config.accesslog.v3.AndFilter>`/
// :ref:`OrFilter<envoy_v3_api_msg_config.accesslog.v3.OrFilter>` blocks) where independent probability
// calculations are desired.
// * Can be used to implement logging kill switches with predictable probability distributions.
//
bool use_independent_randomness = 3;
}

@@ -256,6 +259,8 @@ message ResponseFlagFilter {
in: "OM"
in: "DF"
in: "DO"
in: "DR"
in: "UDO"
}
}
}];
17 changes: 16 additions & 1 deletion src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto
Original file line number Diff line number Diff line change
@@ -41,7 +41,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// <config_overview_bootstrap>` for more detail.

// Bootstrap :ref:`configuration overview <config_overview_bootstrap>`.
// [#next-free-field: 41]
// [#next-free-field: 42]
message Bootstrap {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.bootstrap.v2.Bootstrap";
@@ -411,6 +411,10 @@ message Bootstrap {

// Optional gRPC async manager config.
GrpcAsyncClientManagerConfig grpc_async_client_manager_config = 40;

// Optional configuration for memory allocation manager.
// Memory releasing is only supported for `tcmalloc allocator <https://github.com/google/tcmalloc>`_.
MemoryAllocatorManager memory_allocator_manager = 41;
}

// Administration interface :ref:`operations documentation
@@ -734,3 +738,14 @@ message CustomInlineHeader {
// The type of the header that is expected to be set as the inline header.
InlineHeaderType inline_header_type = 2 [(validate.rules).enum = {defined_only: true}];
}

message MemoryAllocatorManager {
// Configures tcmalloc to perform background release of free memory in amount of bytes per ``memory_release_interval`` interval.
// If equals to ``0``, no memory release will occur. Defaults to ``0``.
uint64 bytes_to_release = 1;

// Interval in milliseconds for memory releasing. If specified, during every
// interval Envoy will try to release ``bytes_to_release`` of free memory back to operating system for reuse.
// Defaults to 1000 milliseconds.
google.protobuf.Duration memory_release_interval = 2;
}
16 changes: 8 additions & 8 deletions src/main/proto/envoy/config/cluster/redis/redis_cluster.proto
Original file line number Diff line number Diff line change
@@ -43,14 +43,14 @@ option (udpa.annotations.file_status).package_version_status = FROZEN;
// address: foo.bar.com
// port_value: 22120
// cluster_type:
// name: envoy.clusters.redis
// typed_config:
// "@type": type.googleapis.com/google.protobuf.Struct
// value:
// cluster_refresh_rate: 30s
// cluster_refresh_timeout: 0.5s
// redirect_refresh_interval: 10s
// redirect_refresh_threshold: 10
// name: envoy.clusters.redis
// typed_config:
// "@type": type.googleapis.com/google.protobuf.Struct
// value:
// cluster_refresh_rate: 30s
// cluster_refresh_timeout: 0.5s
// redirect_refresh_interval: 10s
// redirect_refresh_threshold: 10
// [#extension: envoy.clusters.redis]

// [#next-free-field: 7]
120 changes: 105 additions & 15 deletions src/main/proto/envoy/config/cluster/v3/cluster.proto
Original file line number Diff line number Diff line change
@@ -45,7 +45,7 @@ message ClusterCollection {
}

// Configuration for a single upstream cluster.
// [#next-free-field: 57]
// [#next-free-field: 59]
message Cluster {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Cluster";

@@ -168,7 +168,7 @@ message Cluster {
// The name of the match, used in stats generation.
string name = 1 [(validate.rules).string = {min_len: 1}];

// Optional endpoint metadata match criteria.
// Optional metadata match criteria.
// The connection to the endpoint with metadata matching what is set in this field
// will use the transport socket configuration specified here.
// The endpoint's metadata entry in ``envoy.transport_socket_match`` is used to match
@@ -754,12 +754,14 @@ message Cluster {

reserved "hosts", "tls_context", "extension_protocol_options";

// Configuration to use different transport sockets for different endpoints.
// The entry of ``envoy.transport_socket_match`` in the
// :ref:`LbEndpoint.Metadata <envoy_v3_api_field_config.endpoint.v3.LbEndpoint.metadata>`
// is used to match against the transport sockets as they appear in the list. The first
// :ref:`match <envoy_v3_api_msg_config.cluster.v3.Cluster.TransportSocketMatch>` is used.
// For example, with the following match
// Configuration to use different transport sockets for different endpoints. The entry of
// ``envoy.transport_socket_match`` in the :ref:`LbEndpoint.Metadata
// <envoy_v3_api_field_config.endpoint.v3.LbEndpoint.metadata>` is used to match against the
// transport sockets as they appear in the list. If a match is not found, the search continues in
// :ref:`LocalityLbEndpoints.Metadata
// <envoy_v3_api_field_config.endpoint.v3.LocalityLbEndpoints.metadata>`. The first :ref:`match
// <envoy_v3_api_msg_config.cluster.v3.Cluster.TransportSocketMatch>` is used. For example, with
// the following match
//
// .. code-block:: yaml
//
@@ -783,8 +785,9 @@ message Cluster {
// socket match in case above.
//
// If an endpoint metadata's value under ``envoy.transport_socket_match`` does not match any
// ``TransportSocketMatch``, socket configuration fallbacks to use the ``tls_context`` or
// ``transport_socket`` specified in this cluster.
// ``TransportSocketMatch``, the locality metadata is then checked for a match. Barring any
// matches in the endpoint or locality metadata, the socket configuration fallbacks to use the
// ``tls_context`` or ``transport_socket`` specified in this cluster.
//
// This field allows gradual and flexible transport socket configuration changes.
//
@@ -939,6 +942,7 @@ message Cluster {
// "envoy.filters.network.thrift_proxy". See the extension's documentation for details on
// specific options.
// [#next-major-version: make this a list of typed extensions.]
// [#extension-category: envoy.upstream_options]
map<string, google.protobuf.Any> typed_extension_protocol_options = 36;

// If the DNS refresh rate is specified and the cluster type is either
@@ -950,8 +954,34 @@ message Cluster {
// :ref:`STRICT_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>`
// and :ref:`LOGICAL_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>`
// this setting is ignored.
google.protobuf.Duration dns_refresh_rate = 16
[(validate.rules).duration = {gt {nanos: 1000000}}];
// This field is deprecated in favor of using the :ref:`cluster_type<envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>`
// extension point and configuring it with :ref:`DnsCluster<envoy_v3_api_msg_extensions.clusters.dns.v3.DnsCluster>`.
// If :ref:`cluster_type<envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>` is configured with
// :ref:`DnsCluster<envoy_v3_api_msg_extensions.clusters.dns.v3.DnsCluster>`, this field will be ignored.
google.protobuf.Duration dns_refresh_rate = 16 [
deprecated = true,
(validate.rules).duration = {gt {nanos: 1000000}},
(envoy.annotations.deprecated_at_minor_version) = "3.0"
];

// DNS jitter can be optionally specified if the cluster type is either
// :ref:`STRICT_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>`,
// or :ref:`LOGICAL_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>`.
// DNS jitter causes the cluster to refresh DNS entries later by a random amount of time to avoid a
// stampede of DNS requests. This value sets the upper bound (exclusive) for the random amount.
// There will be no jitter if this value is omitted. For cluster types other than
// :ref:`STRICT_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>`
// and :ref:`LOGICAL_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>`
// this setting is ignored.
// This field is deprecated in favor of using the :ref:`cluster_type<envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>`
// extension point and configuring it with :ref:`DnsCluster<envoy_v3_api_msg_extensions.clusters.dns.v3.DnsCluster>`.
// If :ref:`cluster_type<envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>` is configured with
// :ref:`DnsCluster<envoy_v3_api_msg_extensions.clusters.dns.v3.DnsCluster>`, this field will be ignored.
google.protobuf.Duration dns_jitter = 58 [
deprecated = true,
(validate.rules).duration = {gte {}},
(envoy.annotations.deprecated_at_minor_version) = "3.0"
];

// If the DNS failure refresh rate is specified and the cluster type is either
// :ref:`STRICT_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>`,
@@ -961,16 +991,31 @@ message Cluster {
// other than :ref:`STRICT_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>` and
// :ref:`LOGICAL_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>` this setting is
// ignored.
RefreshRate dns_failure_refresh_rate = 44;
// This field is deprecated in favor of using the :ref:`cluster_type<envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>`
// extension point and configuring it with :ref:`DnsCluster<envoy_v3_api_msg_extensions.clusters.dns.v3.DnsCluster>`.
// If :ref:`cluster_type<envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>` is configured with
// :ref:`DnsCluster<envoy_v3_api_msg_extensions.clusters.dns.v3.DnsCluster>`, this field will be ignored.
RefreshRate dns_failure_refresh_rate = 44
[deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];

// Optional configuration for setting cluster's DNS refresh rate. If the value is set to true,
// cluster's DNS refresh rate will be set to resource record's TTL which comes from DNS
// resolution.
bool respect_dns_ttl = 39;
// This field is deprecated in favor of using the :ref:`cluster_type<envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>`
// extension point and configuring it with :ref:`DnsCluster<envoy_v3_api_msg_extensions.clusters.dns.v3.DnsCluster>`.
// If :ref:`cluster_type<envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>` is configured with
// :ref:`DnsCluster<envoy_v3_api_msg_extensions.clusters.dns.v3.DnsCluster>`, this field will be ignored.
bool respect_dns_ttl = 39
[deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];

// The DNS IP address resolution policy. If this setting is not specified, the
// value defaults to
// :ref:`AUTO<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DnsLookupFamily.AUTO>`.
// For logical and strict dns cluster, this field is deprecated in favor of using the
// :ref:`cluster_type<envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>`
// extension point and configuring it with :ref:`DnsCluster<envoy_v3_api_msg_extensions.clusters.dns.v3.DnsCluster>`.
// If :ref:`cluster_type<envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>` is configured with
// :ref:`DnsCluster<envoy_v3_api_msg_extensions.clusters.dns.v3.DnsCluster>`, this field will be ignored.
DnsLookupFamily dns_lookup_family = 17 [(validate.rules).enum = {defined_only: true}];

// If DNS resolvers are specified and the cluster type is either
@@ -1010,6 +1055,9 @@ message Cluster {
// During the transition period when both ``dns_resolution_config`` and ``typed_dns_resolver_config`` exists,
// when ``typed_dns_resolver_config`` is in place, Envoy will use it and ignore ``dns_resolution_config``.
// When ``typed_dns_resolver_config`` is missing, the default behavior is in place.
// Also note that this field is deprecated for logical dns and strict dns clusters and will be ignored when
// :ref:`cluster_type<envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>` is configured with
// :ref:`DnsCluster<envoy_v3_api_msg_extensions.clusters.dns.v3.DnsCluster>`.
// [#extension-category: envoy.network.dns_resolver]
core.v3.TypedExtensionConfig typed_dns_resolver_config = 55;

@@ -1148,6 +1196,23 @@ message Cluster {
// from the LRS stream here.]
core.v3.ConfigSource lrs_server = 42;

// A list of metric names from :ref:`ORCA load reports <envoy_v3_api_msg_.xds.data.orca.v3.OrcaLoadReport>` to propagate to LRS.
//
// If not specified, then ORCA load reports will not be propagated to LRS.
//
// For map fields in the ORCA proto, the string will be of the form ``<map_field_name>.<map_key>``.
// For example, the string ``named_metrics.foo`` will mean to look for the key ``foo`` in the ORCA
// :ref:`named_metrics <envoy_v3_api_field_.xds.data.orca.v3.OrcaLoadReport.named_metrics>` field.
//
// The special map key ``*`` means to report all entries in the map (e.g., ``named_metrics.*`` means to
// report all entries in the ORCA named_metrics field). Note that this should be used only with trusted
// backends.
//
// The metric names in LRS will follow the same semantics as this field. In other words, if this field
// contains ``named_metrics.foo``, then the LRS load report will include the data with that same string
// as the key.
repeated string lrs_report_endpoint_metrics = 57;

// If track_timeout_budgets is true, the :ref:`timeout budget histograms
// <config_cluster_manager_cluster_stats_timeout_budgets>` will be published for each
// request. These show what percentage of a request's per try and global timeout was used. A value
@@ -1236,13 +1301,38 @@ message UpstreamConnectionOptions {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.UpstreamConnectionOptions";

enum FirstAddressFamilyVersion {
// respect the native ranking of destination ip addresses returned from dns
// resolution
DEFAULT = 0;

V4 = 1;

V6 = 2;
}

message HappyEyeballsConfig {
// Specify the IP address family to attempt connection first in happy
// eyeballs algorithm according to RFC8305#section-4.
FirstAddressFamilyVersion first_address_family_version = 1;

// Specify the number of addresses of the first_address_family_version being
// attempted for connection before the other address family.
google.protobuf.UInt32Value first_address_family_count = 2 [(validate.rules).uint32 = {gte: 1}];
}

// If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives.
core.v3.TcpKeepalive tcp_keepalive = 1;

// If enabled, associates the interface name of the local address with the upstream connection.
// This can be used by extensions during processing of requests. The association mechanism is
// implementation specific. Defaults to false due to performance concerns.
bool set_local_interface_name_on_upstream_connections = 2;

// Configurations for happy eyeballs algorithm.
// Add configs for first_address_family_version and first_address_family_count
// when sorting destination ip addresses.
HappyEyeballsConfig happy_eyeballs_config = 3;
}

message TrackClusterStats {
@@ -1255,7 +1345,7 @@ message TrackClusterStats {

// If request_response_sizes is true, then the :ref:`histograms
// <config_cluster_manager_cluster_stats_request_response_sizes>` tracking header and body sizes
// of requests and responses will be published.
// of requests and responses will be published. Additionally, number of headers in the requests and responses will be tracked.
bool request_response_sizes = 2;

// If true, some stats will be emitted per-endpoint, similar to the stats in admin ``/clusters``
Loading