| syntax = "proto3"; |
| |
| package envoy.config.accesslog.v3; |
| |
| import "envoy/config/core/v3/base.proto"; |
| import "envoy/config/route/v3/route_components.proto"; |
| import "envoy/type/matcher/v3/metadata.proto"; |
| import "envoy/type/v3/percent.proto"; |
| |
| import "google/protobuf/any.proto"; |
| import "google/protobuf/struct.proto"; |
| import "google/protobuf/wrappers.proto"; |
| |
| import "udpa/annotations/status.proto"; |
| import "udpa/annotations/versioning.proto"; |
| import "validate/validate.proto"; |
| |
| option java_package = "io.envoyproxy.envoy.config.accesslog.v3"; |
| option java_outer_classname = "AccesslogProto"; |
| option java_multiple_files = true; |
| option (udpa.annotations.file_status).package_version_status = ACTIVE; |
| |
| // [#protodoc-title: Common access log types] |
| |
| message AccessLog { |
| option (udpa.annotations.versioning).previous_message_type = |
| "envoy.config.filter.accesslog.v2.AccessLog"; |
| |
| reserved 3; |
| |
| reserved "config"; |
| |
| // The name of the access log implementation to instantiate. The name must |
| // match a statically registered access log. Current built-in loggers include: |
| // |
| // #. "envoy.access_loggers.file" |
| // #. "envoy.access_loggers.http_grpc" |
| // #. "envoy.access_loggers.tcp_grpc" |
| string name = 1; |
| |
| // Filter which is used to determine if the access log needs to be written. |
| AccessLogFilter filter = 2; |
| |
| // Custom configuration that depends on the access log being instantiated. |
| // Built-in configurations include: |
| // |
| // #. "envoy.access_loggers.file": :ref:`FileAccessLog |
| // <envoy_api_msg_extensions.access_loggers.file.v3.FileAccessLog>` |
| // #. "envoy.access_loggers.http_grpc": :ref:`HttpGrpcAccessLogConfig |
| // <envoy_api_msg_extensions.access_loggers.grpc.v3.HttpGrpcAccessLogConfig>` |
| // #. "envoy.access_loggers.tcp_grpc": :ref:`TcpGrpcAccessLogConfig |
| // <envoy_api_msg_extensions.access_loggers.grpc.v3.TcpGrpcAccessLogConfig>` |
| oneof config_type { |
| google.protobuf.Any typed_config = 4; |
| } |
| } |
| |
| // [#next-free-field: 13] |
| message AccessLogFilter { |
| option (udpa.annotations.versioning).previous_message_type = |
| "envoy.config.filter.accesslog.v2.AccessLogFilter"; |
| |
| oneof filter_specifier { |
| option (validate.required) = true; |
| |
| // Status code filter. |
| StatusCodeFilter status_code_filter = 1; |
| |
| // Duration filter. |
| DurationFilter duration_filter = 2; |
| |
| // Not health check filter. |
| NotHealthCheckFilter not_health_check_filter = 3; |
| |
| // Traceable filter. |
| TraceableFilter traceable_filter = 4; |
| |
| // Runtime filter. |
| RuntimeFilter runtime_filter = 5; |
| |
| // And filter. |
| AndFilter and_filter = 6; |
| |
| // Or filter. |
| OrFilter or_filter = 7; |
| |
| // Header filter. |
| HeaderFilter header_filter = 8; |
| |
| // Response flag filter. |
| ResponseFlagFilter response_flag_filter = 9; |
| |
| // gRPC status filter. |
| GrpcStatusFilter grpc_status_filter = 10; |
| |
| // Extension filter. |
| ExtensionFilter extension_filter = 11; |
| |
| // Metadata Filter |
| MetadataFilter metadata_filter = 12; |
| } |
| } |
| |
| // Filter on an integer comparison. |
| message ComparisonFilter { |
| option (udpa.annotations.versioning).previous_message_type = |
| "envoy.config.filter.accesslog.v2.ComparisonFilter"; |
| |
| enum Op { |
| // = |
| EQ = 0; |
| |
| // >= |
| GE = 1; |
| |
| // <= |
| LE = 2; |
| } |
| |
| // Comparison operator. |
| Op op = 1 [(validate.rules).enum = {defined_only: true}]; |
| |
| // Value to compare against. |
| core.v3.RuntimeUInt32 value = 2; |
| } |
| |
| // Filters on HTTP response/status code. |
| message StatusCodeFilter { |
| option (udpa.annotations.versioning).previous_message_type = |
| "envoy.config.filter.accesslog.v2.StatusCodeFilter"; |
| |
| // Comparison. |
| ComparisonFilter comparison = 1 [(validate.rules).message = {required: true}]; |
| } |
| |
| // Filters on total request duration in milliseconds. |
| message DurationFilter { |
| option (udpa.annotations.versioning).previous_message_type = |
| "envoy.config.filter.accesslog.v2.DurationFilter"; |
| |
| // Comparison. |
| ComparisonFilter comparison = 1 [(validate.rules).message = {required: true}]; |
| } |
| |
| // Filters for requests that are not health check requests. A health check |
| // request is marked by the health check filter. |
| message NotHealthCheckFilter { |
| option (udpa.annotations.versioning).previous_message_type = |
| "envoy.config.filter.accesslog.v2.NotHealthCheckFilter"; |
| } |
| |
| // Filters for requests that are traceable. See the tracing overview for more |
| // information on how a request becomes traceable. |
| message TraceableFilter { |
| option (udpa.annotations.versioning).previous_message_type = |
| "envoy.config.filter.accesslog.v2.TraceableFilter"; |
| } |
| |
| // Filters for random sampling of requests. |
| message RuntimeFilter { |
| option (udpa.annotations.versioning).previous_message_type = |
| "envoy.config.filter.accesslog.v2.RuntimeFilter"; |
| |
| // Runtime key to get an optional overridden numerator for use in the |
| // *percent_sampled* field. If found in runtime, this value will replace the |
| // default numerator. |
| string runtime_key = 1 [(validate.rules).string = {min_bytes: 1}]; |
| |
| // The default sampling percentage. If not specified, defaults to 0% with |
| // denominator of 100. |
| type.v3.FractionalPercent percent_sampled = 2; |
| |
| // By default, sampling pivots on the header |
| // :ref:`x-request-id<config_http_conn_man_headers_x-request-id>` being |
| // present. If :ref:`x-request-id<config_http_conn_man_headers_x-request-id>` |
| // is present, the filter will consistently sample across multiple hosts based |
| // on the runtime key value and the value extracted from |
| // :ref:`x-request-id<config_http_conn_man_headers_x-request-id>`. If it is |
| // missing, or *use_independent_randomness* is set to true, the filter will |
| // randomly sample based on the runtime key value alone. |
| // *use_independent_randomness* can be used for logging kill switches within |
| // complex nested :ref:`AndFilter |
| // <envoy_api_msg_config.accesslog.v3.AndFilter>` and :ref:`OrFilter |
| // <envoy_api_msg_config.accesslog.v3.OrFilter>` blocks that are easier to |
| // reason about from a probability perspective (i.e., setting to true will |
| // cause the filter to behave like an independent random variable when |
| // composed within logical operator filters). |
| bool use_independent_randomness = 3; |
| } |
| |
| // Performs a logical “and” operation on the result of each filter in filters. |
| // Filters are evaluated sequentially and if one of them returns false, the |
| // filter returns false immediately. |
| message AndFilter { |
| option (udpa.annotations.versioning).previous_message_type = |
| "envoy.config.filter.accesslog.v2.AndFilter"; |
| |
| repeated AccessLogFilter filters = 1 [(validate.rules).repeated = {min_items: 2}]; |
| } |
| |
| // Performs a logical “or” operation on the result of each individual filter. |
| // Filters are evaluated sequentially and if one of them returns true, the |
| // filter returns true immediately. |
| message OrFilter { |
| option (udpa.annotations.versioning).previous_message_type = |
| "envoy.config.filter.accesslog.v2.OrFilter"; |
| |
| repeated AccessLogFilter filters = 2 [(validate.rules).repeated = {min_items: 2}]; |
| } |
| |
| // Filters requests based on the presence or value of a request header. |
| message HeaderFilter { |
| option (udpa.annotations.versioning).previous_message_type = |
| "envoy.config.filter.accesslog.v2.HeaderFilter"; |
| |
| // Only requests with a header which matches the specified HeaderMatcher will |
| // pass the filter check. |
| route.v3.HeaderMatcher header = 1 [(validate.rules).message = {required: true}]; |
| } |
| |
| // Filters requests that received responses with an Envoy response flag set. |
| // A list of the response flags can be found |
| // in the access log formatter |
| // :ref:`documentation<config_access_log_format_response_flags>`. |
| message ResponseFlagFilter { |
| option (udpa.annotations.versioning).previous_message_type = |
| "envoy.config.filter.accesslog.v2.ResponseFlagFilter"; |
| |
| // Only responses with the any of the flags listed in this field will be |
| // logged. This field is optional. If it is not specified, then any response |
| // flag will pass the filter check. |
| repeated string flags = 1 [(validate.rules).repeated = { |
| items { |
| string { |
| in: "LH" |
| in: "UH" |
| in: "UT" |
| in: "LR" |
| in: "UR" |
| in: "UF" |
| in: "UC" |
| in: "UO" |
| in: "NR" |
| in: "DI" |
| in: "FI" |
| in: "RL" |
| in: "UAEX" |
| in: "RLSE" |
| in: "DC" |
| in: "URX" |
| in: "SI" |
| in: "IH" |
| in: "DPE" |
| in: "UMSDR" |
| in: "RFCF" |
| in: "NFCF" |
| } |
| } |
| }]; |
| } |
| |
| // Filters gRPC requests based on their response status. If a gRPC status is not |
| // provided, the filter will infer the status from the HTTP status code. |
| message GrpcStatusFilter { |
| option (udpa.annotations.versioning).previous_message_type = |
| "envoy.config.filter.accesslog.v2.GrpcStatusFilter"; |
| |
| enum Status { |
| OK = 0; |
| CANCELED = 1; |
| UNKNOWN = 2; |
| INVALID_ARGUMENT = 3; |
| DEADLINE_EXCEEDED = 4; |
| NOT_FOUND = 5; |
| ALREADY_EXISTS = 6; |
| PERMISSION_DENIED = 7; |
| RESOURCE_EXHAUSTED = 8; |
| FAILED_PRECONDITION = 9; |
| ABORTED = 10; |
| OUT_OF_RANGE = 11; |
| UNIMPLEMENTED = 12; |
| INTERNAL = 13; |
| UNAVAILABLE = 14; |
| DATA_LOSS = 15; |
| UNAUTHENTICATED = 16; |
| } |
| |
| // Logs only responses that have any one of the gRPC statuses in this field. |
| repeated Status statuses = 1 [(validate.rules).repeated = {items {enum {defined_only: true}}}]; |
| |
| // If included and set to true, the filter will instead block all responses |
| // with a gRPC status or inferred gRPC status enumerated in statuses, and |
| // allow all other responses. |
| bool exclude = 2; |
| } |
| |
| // Filters based on matching dynamic metadata. |
| // If the matcher path and key correspond to an existing key in dynamic |
| // metadata, the request is logged only if the matcher value is equal to the |
| // metadata value. If the matcher path and key *do not* correspond to an |
| // existing key in dynamic metadata, the request is logged only if |
| // match_if_key_not_found is "true" or unset. |
| message MetadataFilter { |
| option (udpa.annotations.versioning).previous_message_type = |
| "envoy.config.filter.accesslog.v2.MetadataFilter"; |
| |
| // Matcher to check metadata for specified value. For example, to match on the |
| // access_log_hint metadata, set the filter to "envoy.common" and the path to |
| // "access_log_hint", and the value to "true". |
| type.matcher.v3.MetadataMatcher matcher = 1; |
| |
| // Default result if the key does not exist in dynamic metadata: if unset or |
| // true, then log; if false, then don't log. |
| google.protobuf.BoolValue match_if_key_not_found = 2; |
| } |
| |
| // Extension filter is statically registered at runtime. |
| message ExtensionFilter { |
| option (udpa.annotations.versioning).previous_message_type = |
| "envoy.config.filter.accesslog.v2.ExtensionFilter"; |
| |
| reserved 2; |
| |
| reserved "config"; |
| |
| // The name of the filter implementation to instantiate. The name must |
| // match a statically registered filter. |
| string name = 1; |
| |
| // Custom configuration that depends on the filter being instantiated. |
| oneof config_type { |
| google.protobuf.Any typed_config = 3; |
| } |
| } |