1syntax = "proto3";
2
3package envoy.config.accesslog.v4alpha;
4
5import "envoy/config/core/v4alpha/base.proto";
6import "envoy/config/route/v4alpha/route_components.proto";
7import "envoy/type/matcher/v4alpha/metadata.proto";
8import "envoy/type/v3/percent.proto";
9
10import "google/protobuf/any.proto";
11import "google/protobuf/struct.proto";
12import "google/protobuf/wrappers.proto";
13
14import "udpa/annotations/status.proto";
15import "udpa/annotations/versioning.proto";
16import "validate/validate.proto";
17
18option java_package = "io.envoyproxy.envoy.config.accesslog.v4alpha";
19option java_outer_classname = "AccesslogProto";
20option java_multiple_files = true;
21option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE;
22
23// [#protodoc-title: Common access log types]
24
25message AccessLog {
26 option (udpa.annotations.versioning).previous_message_type =
27 "envoy.config.accesslog.v3.AccessLog";
28
29 reserved 3;
30
31 reserved "config";
32
33 // The name of the access log implementation to instantiate. The name must
34 // match a statically registered access log. Current built-in loggers include:
35 //
36 // #. "envoy.access_loggers.file"
37 // #. "envoy.access_loggers.http_grpc"
38 // #. "envoy.access_loggers.tcp_grpc"
39 string name = 1;
40
41 // Filter which is used to determine if the access log needs to be written.
42 AccessLogFilter filter = 2;
43
44 // Custom configuration that depends on the access log being instantiated.
45 // Built-in configurations include:
46 //
47 // #. "envoy.access_loggers.file": :ref:`FileAccessLog
48 // <envoy_api_msg_extensions.access_loggers.file.v4alpha.FileAccessLog>`
49 // #. "envoy.access_loggers.http_grpc": :ref:`HttpGrpcAccessLogConfig
50 // <envoy_api_msg_extensions.access_loggers.grpc.v4alpha.HttpGrpcAccessLogConfig>`
51 // #. "envoy.access_loggers.tcp_grpc": :ref:`TcpGrpcAccessLogConfig
52 // <envoy_api_msg_extensions.access_loggers.grpc.v4alpha.TcpGrpcAccessLogConfig>`
53 oneof config_type {
54 google.protobuf.Any typed_config = 4;
55 }
56}
57
58// [#next-free-field: 13]
59message AccessLogFilter {
60 option (udpa.annotations.versioning).previous_message_type =
61 "envoy.config.accesslog.v3.AccessLogFilter";
62
63 oneof filter_specifier {
64 option (validate.required) = true;
65
66 // Status code filter.
67 StatusCodeFilter status_code_filter = 1;
68
69 // Duration filter.
70 DurationFilter duration_filter = 2;
71
72 // Not health check filter.
73 NotHealthCheckFilter not_health_check_filter = 3;
74
75 // Traceable filter.
76 TraceableFilter traceable_filter = 4;
77
78 // Runtime filter.
79 RuntimeFilter runtime_filter = 5;
80
81 // And filter.
82 AndFilter and_filter = 6;
83
84 // Or filter.
85 OrFilter or_filter = 7;
86
87 // Header filter.
88 HeaderFilter header_filter = 8;
89
90 // Response flag filter.
91 ResponseFlagFilter response_flag_filter = 9;
92
93 // gRPC status filter.
94 GrpcStatusFilter grpc_status_filter = 10;
95
96 // Extension filter.
97 ExtensionFilter extension_filter = 11;
98
99 // Metadata Filter
100 MetadataFilter metadata_filter = 12;
101 }
102}
103
104// Filter on an integer comparison.
105message ComparisonFilter {
106 option (udpa.annotations.versioning).previous_message_type =
107 "envoy.config.accesslog.v3.ComparisonFilter";
108
109 enum Op {
110 // =
111 EQ = 0;
112
113 // >=
114 GE = 1;
115
116 // <=
117 LE = 2;
118 }
119
120 // Comparison operator.
121 Op op = 1 [(validate.rules).enum = {defined_only: true}];
122
123 // Value to compare against.
124 core.v4alpha.RuntimeUInt32 value = 2;
125}
126
127// Filters on HTTP response/status code.
128message StatusCodeFilter {
129 option (udpa.annotations.versioning).previous_message_type =
130 "envoy.config.accesslog.v3.StatusCodeFilter";
131
132 // Comparison.
133 ComparisonFilter comparison = 1 [(validate.rules).message = {required: true}];
134}
135
136// Filters on total request duration in milliseconds.
137message DurationFilter {
138 option (udpa.annotations.versioning).previous_message_type =
139 "envoy.config.accesslog.v3.DurationFilter";
140
141 // Comparison.
142 ComparisonFilter comparison = 1 [(validate.rules).message = {required: true}];
143}
144
145// Filters for requests that are not health check requests. A health check
146// request is marked by the health check filter.
147message NotHealthCheckFilter {
148 option (udpa.annotations.versioning).previous_message_type =
149 "envoy.config.accesslog.v3.NotHealthCheckFilter";
150}
151
152// Filters for requests that are traceable. See the tracing overview for more
153// information on how a request becomes traceable.
154message TraceableFilter {
155 option (udpa.annotations.versioning).previous_message_type =
156 "envoy.config.accesslog.v3.TraceableFilter";
157}
158
159// Filters for random sampling of requests.
160message RuntimeFilter {
161 option (udpa.annotations.versioning).previous_message_type =
162 "envoy.config.accesslog.v3.RuntimeFilter";
163
164 // Runtime key to get an optional overridden numerator for use in the
165 // *percent_sampled* field. If found in runtime, this value will replace the
166 // default numerator.
167 string runtime_key = 1 [(validate.rules).string = {min_len: 1}];
168
169 // The default sampling percentage. If not specified, defaults to 0% with
170 // denominator of 100.
171 type.v3.FractionalPercent percent_sampled = 2;
172
173 // By default, sampling pivots on the header
174 // :ref:`x-request-id<config_http_conn_man_headers_x-request-id>` being
175 // present. If :ref:`x-request-id<config_http_conn_man_headers_x-request-id>`
176 // is present, the filter will consistently sample across multiple hosts based
177 // on the runtime key value and the value extracted from
178 // :ref:`x-request-id<config_http_conn_man_headers_x-request-id>`. If it is
179 // missing, or *use_independent_randomness* is set to true, the filter will
180 // randomly sample based on the runtime key value alone.
181 // *use_independent_randomness* can be used for logging kill switches within
182 // complex nested :ref:`AndFilter
183 // <envoy_api_msg_config.accesslog.v4alpha.AndFilter>` and :ref:`OrFilter
184 // <envoy_api_msg_config.accesslog.v4alpha.OrFilter>` blocks that are easier to
185 // reason about from a probability perspective (i.e., setting to true will
186 // cause the filter to behave like an independent random variable when
187 // composed within logical operator filters).
188 bool use_independent_randomness = 3;
189}
190
191// Performs a logical “and” operation on the result of each filter in filters.
192// Filters are evaluated sequentially and if one of them returns false, the
193// filter returns false immediately.
194message AndFilter {
195 option (udpa.annotations.versioning).previous_message_type =
196 "envoy.config.accesslog.v3.AndFilter";
197
198 repeated AccessLogFilter filters = 1 [(validate.rules).repeated = {min_items: 2}];
199}
200
201// Performs a logical “or” operation on the result of each individual filter.
202// Filters are evaluated sequentially and if one of them returns true, the
203// filter returns true immediately.
204message OrFilter {
205 option (udpa.annotations.versioning).previous_message_type = "envoy.config.accesslog.v3.OrFilter";
206
207 repeated AccessLogFilter filters = 2 [(validate.rules).repeated = {min_items: 2}];
208}
209
210// Filters requests based on the presence or value of a request header.
211message HeaderFilter {
212 option (udpa.annotations.versioning).previous_message_type =
213 "envoy.config.accesslog.v3.HeaderFilter";
214
215 // Only requests with a header which matches the specified HeaderMatcher will
216 // pass the filter check.
217 route.v4alpha.HeaderMatcher header = 1 [(validate.rules).message = {required: true}];
218}
219
220// Filters requests that received responses with an Envoy response flag set.
221// A list of the response flags can be found
222// in the access log formatter
223// :ref:`documentation<config_access_log_format_response_flags>`.
224message ResponseFlagFilter {
225 option (udpa.annotations.versioning).previous_message_type =
226 "envoy.config.accesslog.v3.ResponseFlagFilter";
227
228 // Only responses with the any of the flags listed in this field will be
229 // logged. This field is optional. If it is not specified, then any response
230 // flag will pass the filter check.
231 repeated string flags = 1 [(validate.rules).repeated = {
232 items {
233 string {
234 in: "LH"
235 in: "UH"
236 in: "UT"
237 in: "LR"
238 in: "UR"
239 in: "UF"
240 in: "UC"
241 in: "UO"
242 in: "NR"
243 in: "DI"
244 in: "FI"
245 in: "RL"
246 in: "UAEX"
247 in: "RLSE"
248 in: "DC"
249 in: "URX"
250 in: "SI"
251 in: "IH"
252 in: "DPE"
253 in: "UMSDR"
254 in: "RFCF"
255 in: "NFCF"
256 in: "DT"
257 }
258 }
259 }];
260}
261
262// Filters gRPC requests based on their response status. If a gRPC status is not
263// provided, the filter will infer the status from the HTTP status code.
264message GrpcStatusFilter {
265 option (udpa.annotations.versioning).previous_message_type =
266 "envoy.config.accesslog.v3.GrpcStatusFilter";
267
268 enum Status {
269 OK = 0;
270 CANCELED = 1;
271 UNKNOWN = 2;
272 INVALID_ARGUMENT = 3;
273 DEADLINE_EXCEEDED = 4;
274 NOT_FOUND = 5;
275 ALREADY_EXISTS = 6;
276 PERMISSION_DENIED = 7;
277 RESOURCE_EXHAUSTED = 8;
278 FAILED_PRECONDITION = 9;
279 ABORTED = 10;
280 OUT_OF_RANGE = 11;
281 UNIMPLEMENTED = 12;
282 INTERNAL = 13;
283 UNAVAILABLE = 14;
284 DATA_LOSS = 15;
285 UNAUTHENTICATED = 16;
286 }
287
288 // Logs only responses that have any one of the gRPC statuses in this field.
289 repeated Status statuses = 1 [(validate.rules).repeated = {items {enum {defined_only: true}}}];
290
291 // If included and set to true, the filter will instead block all responses
292 // with a gRPC status or inferred gRPC status enumerated in statuses, and
293 // allow all other responses.
294 bool exclude = 2;
295}
296
297// Filters based on matching dynamic metadata.
298// If the matcher path and key correspond to an existing key in dynamic
299// metadata, the request is logged only if the matcher value is equal to the
300// metadata value. If the matcher path and key *do not* correspond to an
301// existing key in dynamic metadata, the request is logged only if
302// match_if_key_not_found is "true" or unset.
303message MetadataFilter {
304 option (udpa.annotations.versioning).previous_message_type =
305 "envoy.config.accesslog.v3.MetadataFilter";
306
307 // Matcher to check metadata for specified value. For example, to match on the
308 // access_log_hint metadata, set the filter to "envoy.common" and the path to
309 // "access_log_hint", and the value to "true".
310 type.matcher.v4alpha.MetadataMatcher matcher = 1;
311
312 // Default result if the key does not exist in dynamic metadata: if unset or
313 // true, then log; if false, then don't log.
314 google.protobuf.BoolValue match_if_key_not_found = 2;
315}
316
317// Extension filter is statically registered at runtime.
318message ExtensionFilter {
319 option (udpa.annotations.versioning).previous_message_type =
320 "envoy.config.accesslog.v3.ExtensionFilter";
321
322 reserved 2;
323
324 reserved "config";
325
326 // The name of the filter implementation to instantiate. The name must
327 // match a statically registered filter.
328 string name = 1;
329
330 // Custom configuration that depends on the filter being instantiated.
331 oneof config_type {
332 google.protobuf.Any typed_config = 3;
333 }
334}
View as plain text