CONNECT-2370: Update protos in envoy api

README.md

@@ -19,3 +19,4 @@ The `tools` directory follows https://github.com/envoyproxy/java-control-plane/c
 8. You may need to add or remove protos depending on the failures and you would want to refer to the bazel dependencies file to figure out what failed, finally udpate the scripts to have the change.
 
 Note: until we catch up with Envoy head version, slight adjustments might be needed for these scripts, towards matching upstream more closely.
+https://github.com/envoyproxy/envoy/blob/6fe1905459ff267a43a8a26d042ae03a8aa7bc98/api/bazel/repository_locations.bzl

gradle.properties

@@ -1,2 +1,2 @@
-version=1.31.8-1
+version=1.34.4-1
 org.gradle.jvmargs=-Xmx2g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8

src/main/proto/contrib/envoy/extensions/filters/http/golang/v3alpha/golang.proto

@@ -2,6 +2,8 @@ syntax = "proto3";
 
 package envoy.extensions.filters.http.golang.v3alpha;
 
+import "envoy/extensions/transport_sockets/tls/v3/secret.proto";
+
 import "google/protobuf/any.proto";
 
 import "xds/annotations/v3/status.proto";
@@ -21,7 +23,7 @@ option (xds.annotations.v3.file_status).work_in_progress = true;
 // For an overview of the Golang HTTP filter please see the :ref:`configuration reference documentation <config_http_filters_golang>`.
 // [#extension: envoy.filters.http.golang]
 
-// [#next-free-field: 6]
+// [#next-free-field: 7]
 message Config {
   // The meanings are as follows:
   //
@@ -74,6 +76,13 @@ message Config {
   //
   // [#not-implemented-hide:]
   MergePolicy merge_policy = 5 [(validate.rules).enum = {defined_only: true}];
+
+  // Generic secret list available to the plugin.
+  // Looks into SDS or static bootstrap configuration.
+  //
+  // See :repo:`StreamFilter API <contrib/golang/common/go/api/filter.go>`
+  // for more information about how to access secrets from Go.
+  repeated transport_sockets.tls.v3.SdsSecretConfig generic_secrets = 6;
 }
 
 message RouterPlugin {

src/main/proto/contrib/envoy/extensions/filters/network/kafka_broker/v3/kafka_broker.proto

@@ -15,7 +15,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // [#protodoc-title: Kafka Broker]
 // Kafka Broker :ref:`configuration overview <config_network_filters_kafka_broker>`.
 // [#extension: envoy.filters.network.kafka_broker]
-
+// [#next-free-field: 6]
 message KafkaBroker {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.filter.network.kafka_broker.v2alpha1.KafkaBroker";
@@ -39,6 +39,16 @@ message KafkaBroker {
     // Broker address rewrite rules that match by broker ID.
     IdBasedBrokerRewriteSpec id_based_broker_address_rewrite_spec = 3;
   }
+
+  // Optional list of allowed Kafka API keys. Only requests with provided API keys will be
+  // routed, otherwise the connection will be closed. No effect if empty.
+  repeated uint32 api_keys_allowed = 4
+      [(validate.rules).repeated = {items {uint32 {lte: 32767 gte: 0}}}];
+
+  // Optional list of denied Kafka API keys. Requests with API keys matching this list will have
+  // the connection closed. No effect if empty.
+  repeated uint32 api_keys_denied = 5
+      [(validate.rules).repeated = {items {uint32 {lte: 32767 gte: 0}}}];
 }
 
 // Collection of rules matching by broker ID.

src/main/proto/contrib/envoy/extensions/tap_sinks/udp_sink/v3alpha/udp_sink.proto

@@ -0,0 +1,22 @@
+syntax = "proto3";
+
+package envoy.extensions.tap_sinks.udp_sink.v3alpha;
+
+import "envoy/config/core/v3/address.proto";
+
+import "udpa/annotations/status.proto";
+
+option java_package = "io.envoyproxy.envoy.extensions.tap_sinks.udp_sink.v3alpha";
+option java_outer_classname = "UdpSinkProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/contrib/envoy/extensions/tap_sinks/udp_sink/v3alpha";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: Udp sink configuration]
+// [#extension: envoy.tap_sinks.udp_sink]
+
+// Udp sink configuration.
+message UdpSink {
+  // Configure UDP Address.
+  config.core.v3.SocketAddress udp_address = 1;
+}

src/main/proto/contrib/envoy/extensions/upstreams/http/tcp/golang/v3alpha/golang.proto

@@ -0,0 +1,52 @@
+syntax = "proto3";
+
+package envoy.extensions.upstreams.http.tcp.golang.v3alpha;
+
+import "google/protobuf/any.proto";
+
+import "xds/annotations/v3/status.proto";
+
+import "udpa/annotations/status.proto";
+import "validate/validate.proto";
+
+option java_package = "io.envoyproxy.envoy.extensions.upstreams.http.tcp.golang.v3alpha";
+option java_outer_classname = "GolangProto";
+option java_multiple_files = true;
+option go_package = "github.com/envoyproxy/go-control-plane/contrib/envoy/extensions/upstreams/http/tcp/golang/v3alpha";
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+option (xds.annotations.v3.file_status).work_in_progress = true;
+
+// [#protodoc-title: Golang]
+//
+// This bridge enables an Http client to connect to a TCP server via a Golang plugin, facilitating Protocol Convert from HTTP to any RPC protocol in Envoy.
+//
+// For an overview of the Golang HTTP TCP bridge please see the :ref:`configuration reference documentation <config_http_tcp_bridge_golang>`.
+// [#extension: envoy.upstreams.http.tcp.golang]
+
+// [#extension-category: envoy.upstreams]
+message Config {
+  // Globally unique ID for a dynamic library file.
+  string library_id = 1 [(validate.rules).string = {min_len: 1}];
+
+  // Path to a dynamic library implementing the
+  // :repo:`HttpTcpBridge API <contrib/golang/common/go/api.HttpTcpBridge>`
+  // interface.
+  string library_path = 2 [(validate.rules).string = {min_len: 1}];
+
+  // Globally unique name of the Go plugin.
+  //
+  // This name **must** be consistent with the name registered in ``tcp::RegisterHttpTcpBridgeFactoryAndConfigParser``
+  //
+  string plugin_name = 3 [(validate.rules).string = {min_len: 1}];
+
+  // Configuration for the Go plugin.
+  //
+  // .. note::
+  //     This configuration is only parsed in the Golang plugin, and is therefore not validated
+  //     by Envoy.
+  //
+  //     See the :repo:`HttpTcpBridge API <contrib/golang/common/go/api/filter.go>`
+  //     for more information about how the plugin's configuration data can be accessed.
+  //
+  google.protobuf.Any plugin_config = 4;
+}

src/main/proto/envoy/admin/v3/clusters.proto

@@ -41,22 +41,24 @@ message ClusterStatus {
   bool added_via_api = 2;
 
   // The success rate threshold used in the last interval.
-  // If
-  // :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
-  // is ``false``, all errors: externally and locally generated were used to calculate the threshold.
-  // If
-  // :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
-  // is ``true``, only externally generated errors were used to calculate the threshold.
-  // The threshold is used to eject hosts based on their success rate. See
-  // :ref:`Cluster outlier detection <arch_overview_outlier_detection>` documentation for details.
   //
-  // Note: this field may be omitted in any of the three following cases:
+  // * If :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
+  //   is ``false``, all errors: externally and locally generated were used to calculate the threshold.
+  // * If :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
+  //   is ``true``, only externally generated errors were used to calculate the threshold.
+  //
+  // The threshold is used to eject hosts based on their success rate. For more information, see the
+  // :ref:`Cluster outlier detection <arch_overview_outlier_detection>` documentation.
+  //
+  // .. note::
+  //
+  //   This field may be omitted in any of the three following cases:
+  //
+  //   1. There were not enough hosts with enough request volume to proceed with success rate based outlier ejection.
+  //   2. The threshold is computed to be < 0 because a negative value implies that there was no threshold for that
+  //      interval.
+  //   3. Outlier detection is not enabled for this cluster.
   //
-  // 1. There were not enough hosts with enough request volume to proceed with success rate based
-  //    outlier ejection.
-  // 2. The threshold is computed to be < 0 because a negative value implies that there was no
-  //    threshold for that interval.
-  // 3. Outlier detection is not enabled for this cluster.
   type.v3.Percent success_rate_ejection_threshold = 3;
 
   // Mapping from host address to the host's current status.
@@ -67,16 +69,18 @@ message ClusterStatus {
   // This field should be interpreted only when
   // :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
   // is ``true``. The threshold is used to eject hosts based on their success rate.
-  // See :ref:`Cluster outlier detection <arch_overview_outlier_detection>` documentation for
-  // details.
   //
-  // Note: this field may be omitted in any of the three following cases:
+  // For more information, see the :ref:`Cluster outlier detection <arch_overview_outlier_detection>` documentation.
+  //
+  // .. note::
+  //
+  //   This field may be omitted in any of the three following cases:
+  //
+  //   1. There were not enough hosts with enough request volume to proceed with success rate based outlier ejection.
+  //   2. The threshold is computed to be < 0 because a negative value implies that there was no threshold for that
+  //      interval.
+  //   3. Outlier detection is not enabled for this cluster.
   //
-  // 1. There were not enough hosts with enough request volume to proceed with success rate based
-  //    outlier ejection.
-  // 2. The threshold is computed to be < 0 because a negative value implies that there was no
-  //    threshold for that interval.
-  // 3. Outlier detection is not enabled for this cluster.
   type.v3.Percent local_origin_success_rate_ejection_threshold = 5;
 
   // :ref:`Circuit breaking <arch_overview_circuit_break>` settings of the cluster.
@@ -103,19 +107,20 @@ message HostStatus {
   // The host's current health status.
   HostHealthStatus health_status = 3;
 
-  // Request success rate for this host over the last calculated interval.
-  // If
-  // :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
-  // is ``false``, all errors: externally and locally generated were used in success rate
-  // calculation. If
-  // :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
-  // is ``true``, only externally generated errors were used in success rate calculation.
-  // See :ref:`Cluster outlier detection <arch_overview_outlier_detection>` documentation for
-  // details.
+  // The success rate for this host during the last measurement interval.
+  //
+  // * If :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
+  //   is ``false``, all errors: externally and locally generated were used in success rate calculation.
+  // * If :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
+  //   is ``true``, only externally generated errors were used in success rate calculation.
+  //
+  // For more information, see the :ref:`Cluster outlier detection <arch_overview_outlier_detection>` documentation.
+  //
+  // .. note::
+  //
+  //   The message will be missing if the host didn't receive enough traffic to calculate a reliable success rate, or
+  //   if the cluster had too few hosts to apply outlier ejection based on success rate.
   //
-  // Note: the message will not be present if host did not have enough request volume to calculate
-  // success rate or the cluster did not have enough hosts to run through success rate outlier
-  // ejection.
   type.v3.Percent success_rate = 4;
 
   // The host's weight. If not configured, the value defaults to 1.
@@ -127,18 +132,20 @@ message HostStatus {
   // The host's priority. If not configured, the value defaults to 0 (highest priority).
   uint32 priority = 7;
 
-  // Request success rate for this host over the last calculated
-  // interval when only locally originated errors are taken into account and externally originated
-  // errors were treated as success.
-  // This field should be interpreted only when
+  // The success rate for this host during the last interval, considering only locally generated errors. Externally
+  // generated errors are treated as successes.
+  //
+  // This field is only relevant when
   // :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
-  // is ``true``.
-  // See :ref:`Cluster outlier detection <arch_overview_outlier_detection>` documentation for
-  // details.
+  // is set to ``true``.
+  //
+  // For more information, see the :ref:`Cluster outlier detection <arch_overview_outlier_detection>` documentation.
+  //
+  // .. note::
+  //
+  //   The message will be missing if the host didn’t receive enough traffic to compute a success rate, or if the
+  //   cluster didn’t have enough hosts to perform outlier ejection based on success rate.
   //
-  // Note: the message will not be present if host did not have enough request volume to calculate
-  // success rate or the cluster did not have enough hosts to run through success rate outlier
-  // ejection.
   type.v3.Percent local_origin_success_rate = 8;
 
   // locality of the host.

src/main/proto/envoy/admin/v3/config_dump_shared.proto

@@ -39,6 +39,14 @@ enum ClientResourceStatus {
 
   // Client received this resource and replied with NACK.
   NACKED = 4;
+
+  // Client received an error from the control plane. The attached config
+  // dump is the most recent accepted one. If no config is accepted yet,
+  // the attached config dump will be empty.
+  RECEIVED_ERROR = 5;
+
+  // Client timed out waiting for the resource from the control plane.
+  TIMEOUT = 6;
 }
 
 message UpdateFailureState {

src/main/proto/envoy/admin/v3/server_info.proto

@@ -59,7 +59,7 @@ message ServerInfo {
   config.core.v3.Node node = 7;
 }
 
-// [#next-free-field: 41]
+// [#next-free-field: 42]
 message CommandLineOptions {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.admin.v2alpha.CommandLineOptions";
@@ -125,6 +125,9 @@ message CommandLineOptions {
   // See :option:`--ignore-unknown-dynamic-fields` for details.
   bool ignore_unknown_dynamic_fields = 30;
 
+  // See :option:`--skip-deprecated-logs` for details.
+  bool skip_deprecated_logs = 41;
+
   // See :option:`--admin-address-path` for details.
   string admin_address_path = 6;
 

src/main/proto/envoy/config/accesslog/v3/accesslog.proto

@@ -152,35 +152,38 @@ message TraceableFilter {
       "envoy.config.filter.accesslog.v2.TraceableFilter";
 }
 
-// Filters for random sampling of requests.
+// Filters requests based on runtime-configurable sampling rates.
 message RuntimeFilter {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.filter.accesslog.v2.RuntimeFilter";
 
-  // Runtime key to get an optional overridden numerator for use in the
-  // ``percent_sampled`` field. If found in runtime, this value will replace the
-  // default numerator.
+  // Specifies a key used to look up a custom sampling rate from the runtime configuration. If a value is found for this
+  // key, it will override the default sampling rate specified in ``percent_sampled``.
   string runtime_key = 1 [(validate.rules).string = {min_len: 1}];
 
-  // The default sampling percentage. If not specified, defaults to 0% with
-  // denominator of 100.
+  // Defines the default sampling percentage when no runtime override is present. If not specified, the default is
+  // **0%** (with a denominator of 100).
   type.v3.FractionalPercent percent_sampled = 2;
 
-  // By default, sampling pivots on the header
-  // :ref:`x-request-id<config_http_conn_man_headers_x-request-id>` being
-  // present. If :ref:`x-request-id<config_http_conn_man_headers_x-request-id>`
-  // is present, the filter will consistently sample across multiple hosts based
-  // on the runtime key value and the value extracted from
-  // :ref:`x-request-id<config_http_conn_man_headers_x-request-id>`. If it is
-  // missing, or ``use_independent_randomness`` is set to true, the filter will
-  // randomly sample based on the runtime key value alone.
-  // ``use_independent_randomness`` can be used for logging kill switches within
-  // complex nested :ref:`AndFilter
-  // <envoy_v3_api_msg_config.accesslog.v3.AndFilter>` and :ref:`OrFilter
-  // <envoy_v3_api_msg_config.accesslog.v3.OrFilter>` blocks that are easier to
-  // reason about from a probability perspective (i.e., setting to true will
-  // cause the filter to behave like an independent random variable when
-  // composed within logical operator filters).
+  // Controls how sampling decisions are made.
+  //
+  // - Default behavior (``false``):
+  //
+  //   * Uses the :ref:`x-request-id<config_http_conn_man_headers_x-request-id>` as a consistent sampling pivot.
+  //   * When :ref:`x-request-id<config_http_conn_man_headers_x-request-id>` is present, sampling will be consistent
+  //     across multiple hosts based on both the ``runtime_key`` and
+  //     :ref:`x-request-id<config_http_conn_man_headers_x-request-id>`.
+  //   * Useful for tracking related requests across a distributed system.
+  //
+  // - When set to ``true`` or :ref:`x-request-id<config_http_conn_man_headers_x-request-id>` is missing:
+  //
+  //   * Sampling decisions are made randomly based only on the ``runtime_key``.
+  //   * Useful in complex filter configurations (like nested
+  //     :ref:`AndFilter<envoy_v3_api_msg_config.accesslog.v3.AndFilter>`/
+  //     :ref:`OrFilter<envoy_v3_api_msg_config.accesslog.v3.OrFilter>` blocks) where independent probability
+  //     calculations are desired.
+  //   * Can be used to implement logging kill switches with predictable probability distributions.
+  //
   bool use_independent_randomness = 3;
 }
 
@@ -257,6 +260,7 @@ message ResponseFlagFilter {
         in: "DF"
         in: "DO"
         in: "DR"
+        in: "UDO"
       }
     }
   }];

src/main/proto/envoy/config/cluster/redis/redis_cluster.proto

@@ -43,14 +43,14 @@ option (udpa.annotations.file_status).package_version_status = FROZEN;
 //       address: foo.bar.com
 //       port_value: 22120
 //     cluster_type:
-//     name: envoy.clusters.redis
-//     typed_config:
-//       "@type": type.googleapis.com/google.protobuf.Struct
-//       value:
-//         cluster_refresh_rate: 30s
-//         cluster_refresh_timeout: 0.5s
-//         redirect_refresh_interval: 10s
-//         redirect_refresh_threshold: 10
+//       name: envoy.clusters.redis
+//       typed_config:
+//         "@type": type.googleapis.com/google.protobuf.Struct
+//         value:
+//           cluster_refresh_rate: 30s
+//           cluster_refresh_timeout: 0.5s
+//           redirect_refresh_interval: 10s
+//           redirect_refresh_threshold: 10
 // [#extension: envoy.clusters.redis]
 
 // [#next-free-field: 7]