api: GoogleRE2 max_program_size should be checked by server, not client.

api/envoy/admin/v4alpha/BUILD

@@ -10,7 +10,7 @@ api_proto_package(
         "//envoy/annotations:pkg",
         "//envoy/config/bootstrap/v4alpha:pkg",
         "//envoy/config/core/v4alpha:pkg",
-        "//envoy/config/tap/v3:pkg",
+        "//envoy/config/tap/v4alpha:pkg",
         "//envoy/type/v3:pkg",
         "@com_github_cncf_udpa//udpa/annotations:pkg",
     ],

api/envoy/admin/v4alpha/tap.proto

@@ -2,7 +2,7 @@ syntax = "proto3";
 
 package envoy.admin.v4alpha;
 
-import "envoy/config/tap/v3/common.proto";
+import "envoy/config/tap/v4alpha/common.proto";
 
 import "udpa/annotations/status.proto";
 import "udpa/annotations/versioning.proto";
@@ -24,5 +24,5 @@ message TapRequest {
   string config_id = 1 [(validate.rules).string = {min_bytes: 1}];
 
   // The tap configuration to load.
-  config.tap.v3.TapConfig tap_config = 2 [(validate.rules).message = {required: true}];
+  config.tap.v4alpha.TapConfig tap_config = 2 [(validate.rules).message = {required: true}];
 }

api/envoy/config/accesslog/v4alpha/BUILD

@@ -0,0 +1,15 @@
+# DO NOT EDIT. This file is generated by tools/proto_sync.py.
+
+load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
+
+licenses(["notice"])  # Apache 2
+
+api_proto_package(
+    deps = [
+        "//envoy/config/accesslog/v3:pkg",
+        "//envoy/config/core/v4alpha:pkg",
+        "//envoy/config/route/v4alpha:pkg",
+        "//envoy/type/v3:pkg",
+        "@com_github_cncf_udpa//udpa/annotations:pkg",
+    ],
+)

api/envoy/config/accesslog/v4alpha/accesslog.proto

@@ -0,0 +1,298 @@
+syntax = "proto3";
+
+package envoy.config.accesslog.v4alpha;
+
+import "envoy/config/core/v4alpha/base.proto";
+import "envoy/config/route/v4alpha/route_components.proto";
+import "envoy/type/v3/percent.proto";
+
+import "google/protobuf/any.proto";
+import "google/protobuf/struct.proto";
+
+import "udpa/annotations/status.proto";
+import "udpa/annotations/versioning.proto";
+import "validate/validate.proto";
+
+option java_package = "io.envoyproxy.envoy.config.accesslog.v4alpha";
+option java_outer_classname = "AccesslogProto";
+option java_multiple_files = true;
+option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE;
+
+// [#protodoc-title: Common access log types]
+
+message AccessLog {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.config.accesslog.v3.AccessLog";
+
+  reserved 3;
+
+  reserved "config";
+
+  // The name of the access log implementation to instantiate. The name must
+  // match a statically registered access log. Current built-in loggers include:
+  //
+  // #. "envoy.access_loggers.file"
+  // #. "envoy.access_loggers.http_grpc"
+  // #. "envoy.access_loggers.tcp_grpc"
+  string name = 1;
+
+  // Filter which is used to determine if the access log needs to be written.
+  AccessLogFilter filter = 2;
+
+  // Custom configuration that depends on the access log being instantiated. Built-in
+  // configurations include:
+  //
+  // #. "envoy.access_loggers.file": :ref:`FileAccessLog
+  //    <envoy_api_msg_extensions.access_loggers.file.v3.FileAccessLog>`
+  // #. "envoy.access_loggers.http_grpc": :ref:`HttpGrpcAccessLogConfig
+  //    <envoy_api_msg_extensions.access_loggers.grpc.v3.HttpGrpcAccessLogConfig>`
+  // #. "envoy.access_loggers.tcp_grpc": :ref:`TcpGrpcAccessLogConfig
+  //    <envoy_api_msg_extensions.access_loggers.grpc.v3.TcpGrpcAccessLogConfig>`
+  oneof config_type {
+    google.protobuf.Any typed_config = 4;
+  }
+}
+
+// [#next-free-field: 12]
+message AccessLogFilter {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.config.accesslog.v3.AccessLogFilter";
+
+  oneof filter_specifier {
+    option (validate.required) = true;
+
+    // Status code filter.
+    StatusCodeFilter status_code_filter = 1;
+
+    // Duration filter.
+    DurationFilter duration_filter = 2;
+
+    // Not health check filter.
+    NotHealthCheckFilter not_health_check_filter = 3;
+
+    // Traceable filter.
+    TraceableFilter traceable_filter = 4;
+
+    // Runtime filter.
+    RuntimeFilter runtime_filter = 5;
+
+    // And filter.
+    AndFilter and_filter = 6;
+
+    // Or filter.
+    OrFilter or_filter = 7;
+
+    // Header filter.
+    HeaderFilter header_filter = 8;
+
+    // Response flag filter.
+    ResponseFlagFilter response_flag_filter = 9;
+
+    // gRPC status filter.
+    GrpcStatusFilter grpc_status_filter = 10;
+
+    // Extension filter.
+    ExtensionFilter extension_filter = 11;
+  }
+}
+
+// Filter on an integer comparison.
+message ComparisonFilter {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.config.accesslog.v3.ComparisonFilter";
+
+  enum Op {
+    // =
+    EQ = 0;
+
+    // >=
+    GE = 1;
+
+    // <=
+    LE = 2;
+  }
+
+  // Comparison operator.
+  Op op = 1 [(validate.rules).enum = {defined_only: true}];
+
+  // Value to compare against.
+  core.v4alpha.RuntimeUInt32 value = 2;
+}
+
+// Filters on HTTP response/status code.
+message StatusCodeFilter {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.config.accesslog.v3.StatusCodeFilter";
+
+  // Comparison.
+  ComparisonFilter comparison = 1 [(validate.rules).message = {required: true}];
+}
+
+// Filters on total request duration in milliseconds.
+message DurationFilter {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.config.accesslog.v3.DurationFilter";
+
+  // Comparison.
+  ComparisonFilter comparison = 1 [(validate.rules).message = {required: true}];
+}
+
+// Filters for requests that are not health check requests. A health check
+// request is marked by the health check filter.
+message NotHealthCheckFilter {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.config.accesslog.v3.NotHealthCheckFilter";
+}
+
+// Filters for requests that are traceable. See the tracing overview for more
+// information on how a request becomes traceable.
+message TraceableFilter {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.config.accesslog.v3.TraceableFilter";
+}
+
+// Filters for random sampling of requests.
+message RuntimeFilter {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.config.accesslog.v3.RuntimeFilter";
+
+  // Runtime key to get an optional overridden numerator for use in the *percent_sampled* field.
+  // If found in runtime, this value will replace the default numerator.
+  string runtime_key = 1 [(validate.rules).string = {min_bytes: 1}];
+
+  // The default sampling percentage. If not specified, defaults to 0% with denominator of 100.
+  type.v3.FractionalPercent percent_sampled = 2;
+
+  // By default, sampling pivots on the header
+  // :ref:`x-request-id<config_http_conn_man_headers_x-request-id>` being present. If
+  // :ref:`x-request-id<config_http_conn_man_headers_x-request-id>` is present, the filter will
+  // consistently sample across multiple hosts based on the runtime key value and the value
+  // extracted from :ref:`x-request-id<config_http_conn_man_headers_x-request-id>`. If it is
+  // missing, or *use_independent_randomness* is set to true, the filter will randomly sample based
+  // on the runtime key value alone. *use_independent_randomness* can be used for logging kill
+  // switches within complex nested :ref:`AndFilter
+  // <envoy_api_msg_config.accesslog.v4alpha.AndFilter>` and :ref:`OrFilter
+  // <envoy_api_msg_config.accesslog.v4alpha.OrFilter>` blocks that are easier to reason about
+  // from a probability perspective (i.e., setting to true will cause the filter to behave like
+  // an independent random variable when composed within logical operator filters).
+  bool use_independent_randomness = 3;
+}
+
+// Performs a logical “and” operation on the result of each filter in filters.
+// Filters are evaluated sequentially and if one of them returns false, the
+// filter returns false immediately.
+message AndFilter {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.config.accesslog.v3.AndFilter";
+
+  repeated AccessLogFilter filters = 1 [(validate.rules).repeated = {min_items: 2}];
+}
+
+// Performs a logical “or” operation on the result of each individual filter.
+// Filters are evaluated sequentially and if one of them returns true, the
+// filter returns true immediately.
+message OrFilter {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.config.accesslog.v3.OrFilter";
+
+  repeated AccessLogFilter filters = 2 [(validate.rules).repeated = {min_items: 2}];
+}
+
+// Filters requests based on the presence or value of a request header.
+message HeaderFilter {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.config.accesslog.v3.HeaderFilter";
+
+  // Only requests with a header which matches the specified HeaderMatcher will pass the filter
+  // check.
+  route.v4alpha.HeaderMatcher header = 1 [(validate.rules).message = {required: true}];
+}
+
+// Filters requests that received responses with an Envoy response flag set.
+// A list of the response flags can be found
+// in the access log formatter :ref:`documentation<config_access_log_format_response_flags>`.
+message ResponseFlagFilter {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.config.accesslog.v3.ResponseFlagFilter";
+
+  // Only responses with the any of the flags listed in this field will be logged.
+  // This field is optional. If it is not specified, then any response flag will pass
+  // the filter check.
+  repeated string flags = 1 [(validate.rules).repeated = {
+    items {
+      string {
+        in: "LH"
+        in: "UH"
+        in: "UT"
+        in: "LR"
+        in: "UR"
+        in: "UF"
+        in: "UC"
+        in: "UO"
+        in: "NR"
+        in: "DI"
+        in: "FI"
+        in: "RL"
+        in: "UAEX"
+        in: "RLSE"
+        in: "DC"
+        in: "URX"
+        in: "SI"
+        in: "IH"
+        in: "DPE"
+      }
+    }
+  }];
+}
+
+// Filters gRPC requests based on their response status. If a gRPC status is not provided, the
+// filter will infer the status from the HTTP status code.
+message GrpcStatusFilter {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.config.accesslog.v3.GrpcStatusFilter";
+
+  enum Status {
+    OK = 0;
+    CANCELED = 1;
+    UNKNOWN = 2;
+    INVALID_ARGUMENT = 3;
+    DEADLINE_EXCEEDED = 4;
+    NOT_FOUND = 5;
+    ALREADY_EXISTS = 6;
+    PERMISSION_DENIED = 7;
+    RESOURCE_EXHAUSTED = 8;
+    FAILED_PRECONDITION = 9;
+    ABORTED = 10;
+    OUT_OF_RANGE = 11;
+    UNIMPLEMENTED = 12;
+    INTERNAL = 13;
+    UNAVAILABLE = 14;
+    DATA_LOSS = 15;
+    UNAUTHENTICATED = 16;
+  }
+
+  // Logs only responses that have any one of the gRPC statuses in this field.
+  repeated Status statuses = 1 [(validate.rules).repeated = {items {enum {defined_only: true}}}];
+
+  // If included and set to true, the filter will instead block all responses with a gRPC status or
+  // inferred gRPC status enumerated in statuses, and allow all other responses.
+  bool exclude = 2;
+}
+
+// Extension filter is statically registered at runtime.
+message ExtensionFilter {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.config.accesslog.v3.ExtensionFilter";
+
+  reserved 2;
+
+  reserved "config";
+
+  // The name of the filter implementation to instantiate. The name must
+  // match a statically registered filter.
+  string name = 1;
+
+  // Custom configuration that depends on the filter being instantiated.
+  oneof config_type {
+    google.protobuf.Any typed_config = 3;
+  }
+}

api/envoy/config/bootstrap/v4alpha/BUILD

@@ -10,8 +10,8 @@ api_proto_package(
         "//envoy/config/bootstrap/v3:pkg",
         "//envoy/config/cluster/v4alpha:pkg",
         "//envoy/config/core/v4alpha:pkg",
-        "//envoy/config/listener/v3:pkg",
-        "//envoy/config/metrics/v3:pkg",
+        "//envoy/config/listener/v4alpha:pkg",
+        "//envoy/config/metrics/v4alpha:pkg",
         "//envoy/config/overload/v3:pkg",
         "//envoy/extensions/transport_sockets/tls/v4alpha:pkg",
         "@com_github_cncf_udpa//udpa/annotations:pkg",