Support Envoy {AccessLog,Metrics}Service API V3 (#6116)

CHANGES.md

@@ -41,6 +41,7 @@ Release Notes.
 * Fix CVE of UninstrumentedGateways in Dynamic Configuration activation.
 * Improve query performance in storage-influxdb-plugin.
 * Fix the uuid field in GRPCConfigWatcherRegister is not updated.
+* Support Envoy {AccessLog,Metrics}Service API V3.
 
 #### UI
 * Fix un-removed tags in trace query.

oap-server/server-receiver-plugin/envoy-metrics-receiver-plugin/src/main/java/org/apache/skywalking/oap/server/receiver/envoy/AccessLogServiceGRPCHandler.java

@@ -19,8 +19,8 @@
 package org.apache.skywalking.oap.server.receiver.envoy;
 
 import io.envoyproxy.envoy.service.accesslog.v2.AccessLogServiceGrpc;
-import io.envoyproxy.envoy.service.accesslog.v2.StreamAccessLogsMessage;
-import io.envoyproxy.envoy.service.accesslog.v2.StreamAccessLogsResponse;
+import io.envoyproxy.envoy.service.accesslog.v3.StreamAccessLogsMessage;
+import io.envoyproxy.envoy.service.accesslog.v3.StreamAccessLogsResponse;
 import io.grpc.stub.StreamObserver;
 import java.util.ArrayList;
 import java.util.List;
@@ -67,6 +67,7 @@ public class AccessLogServiceGRPCHandler extends AccessLogServiceGrpc.AccessLogS
         sourceDispatcherCounter = metricCreator.createCounter("envoy_als_source_dispatch_count", "The count of envoy ALS metric received", MetricsTag.EMPTY_KEY, MetricsTag.EMPTY_VALUE);
     }
 
+    @Override
     public StreamObserver<StreamAccessLogsMessage> streamAccessLogs(
         StreamObserver<StreamAccessLogsResponse> responseObserver) {
         return new StreamObserver<StreamAccessLogsMessage>() {

oap-server/server-receiver-plugin/envoy-metrics-receiver-plugin/src/main/java/org/apache/skywalking/oap/server/receiver/envoy/AccessLogServiceGRPCHandlerV3.java

+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.skywalking.oap.server.receiver.envoy;
+
+import io.envoyproxy.envoy.service.accesslog.v3.AccessLogServiceGrpc;
+import io.envoyproxy.envoy.service.accesslog.v3.StreamAccessLogsMessage;
+import io.envoyproxy.envoy.service.accesslog.v3.StreamAccessLogsResponse;
+import io.grpc.stub.StreamObserver;
+import lombok.RequiredArgsConstructor;
+
+@RequiredArgsConstructor
+public class AccessLogServiceGRPCHandlerV3 extends AccessLogServiceGrpc.AccessLogServiceImplBase {
+    private final AccessLogServiceGRPCHandler delegate;
+
+    @Override
+    public StreamObserver<StreamAccessLogsMessage> streamAccessLogs(final StreamObserver<StreamAccessLogsResponse> responseObserver) {
+        return delegate.streamAccessLogs(responseObserver);
+    }
+}

oap-server/server-receiver-plugin/envoy-metrics-receiver-plugin/src/main/java/org/apache/skywalking/oap/server/receiver/envoy/EnvoyMetricReceiverProvider.java

@@ -68,9 +68,13 @@ public class EnvoyMetricReceiverProvider extends ModuleProvider {
                         .getService(OALEngineLoaderService.class)
                         .load(EnvoyOALDefine.INSTANCE);
 
-            service.addHandler(new MetricServiceGRPCHandler(getManager()));
+            final MetricServiceGRPCHandler handler = new MetricServiceGRPCHandler(getManager());
+            service.addHandler(handler);
+            service.addHandler(new MetricServiceGRPCHandlerV3(handler));
         }
-        service.addHandler(new AccessLogServiceGRPCHandler(getManager(), config));
+        final AccessLogServiceGRPCHandler handler = new AccessLogServiceGRPCHandler(getManager(), config);
+        service.addHandler(handler);
+        service.addHandler(new AccessLogServiceGRPCHandlerV3(handler));
     }
 
     @Override

oap-server/server-receiver-plugin/envoy-metrics-receiver-plugin/src/main/java/org/apache/skywalking/oap/server/receiver/envoy/MetricServiceGRPCHandler.java

@@ -18,10 +18,10 @@
 
 package org.apache.skywalking.oap.server.receiver.envoy;
 
-import io.envoyproxy.envoy.api.v2.core.Node;
-import io.envoyproxy.envoy.service.metrics.v2.MetricsServiceGrpc;
-import io.envoyproxy.envoy.service.metrics.v2.StreamMetricsMessage;
-import io.envoyproxy.envoy.service.metrics.v2.StreamMetricsResponse;
+import io.envoyproxy.envoy.config.core.v3.Node;
+import io.envoyproxy.envoy.service.metrics.v3.MetricsServiceGrpc;
+import io.envoyproxy.envoy.service.metrics.v3.StreamMetricsMessage;
+import io.envoyproxy.envoy.service.metrics.v3.StreamMetricsResponse;
 import io.grpc.stub.StreamObserver;
 import io.prometheus.client.Metrics;
 import java.util.List;

oap-server/server-receiver-plugin/envoy-metrics-receiver-plugin/src/main/java/org/apache/skywalking/oap/server/receiver/envoy/MetricServiceGRPCHandlerV3.java

+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.skywalking.oap.server.receiver.envoy;
+
+import io.envoyproxy.envoy.service.metrics.v3.MetricsServiceGrpc;
+import io.envoyproxy.envoy.service.metrics.v3.StreamMetricsMessage;
+import io.envoyproxy.envoy.service.metrics.v3.StreamMetricsResponse;
+import io.grpc.stub.StreamObserver;
+import lombok.RequiredArgsConstructor;
+
+@RequiredArgsConstructor
+public class MetricServiceGRPCHandlerV3 extends MetricsServiceGrpc.MetricsServiceImplBase {
+    private final MetricServiceGRPCHandler delegate;
+
+    @Override
+    public StreamObserver<StreamMetricsMessage> streamMetrics(final StreamObserver<StreamMetricsResponse> responseObserver) {
+        return delegate.streamMetrics(responseObserver);
+    }
+}

oap-server/server-receiver-plugin/envoy-metrics-receiver-plugin/src/main/java/org/apache/skywalking/oap/server/receiver/envoy/als/ALSHTTPAnalysis.java

@@ -18,8 +18,8 @@
 
 package org.apache.skywalking.oap.server.receiver.envoy.als;
 
-import io.envoyproxy.envoy.data.accesslog.v2.HTTPAccessLogEntry;
-import io.envoyproxy.envoy.service.accesslog.v2.StreamAccessLogsMessage;
+import io.envoyproxy.envoy.data.accesslog.v3.HTTPAccessLogEntry;
+import io.envoyproxy.envoy.service.accesslog.v3.StreamAccessLogsMessage;
 import java.util.List;
 import org.apache.skywalking.apm.network.servicemesh.v3.ServiceMeshMetric;
 import org.apache.skywalking.oap.server.library.module.ModuleManager;

oap-server/server-receiver-plugin/envoy-metrics-receiver-plugin/src/main/java/org/apache/skywalking/oap/server/receiver/envoy/als/AbstractALSAnalyzer.java

@@ -18,9 +18,9 @@
 
 package org.apache.skywalking.oap.server.receiver.envoy.als;
 
-import io.envoyproxy.envoy.api.v2.core.Node;
-import io.envoyproxy.envoy.data.accesslog.v2.HTTPAccessLogEntry;
-import io.envoyproxy.envoy.service.accesslog.v2.StreamAccessLogsMessage;
+import io.envoyproxy.envoy.config.core.v3.Node;
+import io.envoyproxy.envoy.data.accesslog.v3.HTTPAccessLogEntry;
+import io.envoyproxy.envoy.service.accesslog.v3.StreamAccessLogsMessage;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.skywalking.apm.network.servicemesh.v3.ServiceMeshMetric;
 

oap-server/server-receiver-plugin/envoy-metrics-receiver-plugin/src/main/java/org/apache/skywalking/oap/server/receiver/envoy/als/LogEntry2MetricsAdapter.java

@@ -21,12 +21,12 @@ package org.apache.skywalking.oap.server.receiver.envoy.als;
 import com.google.protobuf.Duration;
 import com.google.protobuf.Timestamp;
 import com.google.protobuf.UInt32Value;
-import io.envoyproxy.envoy.data.accesslog.v2.AccessLogCommon;
-import io.envoyproxy.envoy.data.accesslog.v2.HTTPAccessLogEntry;
-import io.envoyproxy.envoy.data.accesslog.v2.HTTPRequestProperties;
-import io.envoyproxy.envoy.data.accesslog.v2.HTTPResponseProperties;
-import io.envoyproxy.envoy.data.accesslog.v2.ResponseFlags;
-import io.envoyproxy.envoy.data.accesslog.v2.TLSProperties;
+import io.envoyproxy.envoy.data.accesslog.v3.AccessLogCommon;
+import io.envoyproxy.envoy.data.accesslog.v3.HTTPAccessLogEntry;
+import io.envoyproxy.envoy.data.accesslog.v3.HTTPRequestProperties;
+import io.envoyproxy.envoy.data.accesslog.v3.HTTPResponseProperties;
+import io.envoyproxy.envoy.data.accesslog.v3.ResponseFlags;
+import io.envoyproxy.envoy.data.accesslog.v3.TLSProperties;
 import java.time.Instant;
 import java.util.List;
 import java.util.Optional;

oap-server/server-receiver-plugin/envoy-metrics-receiver-plugin/src/main/java/org/apache/skywalking/oap/server/receiver/envoy/als/k8s/K8sALSServiceMeshHTTPAnalysis.java

@@ -18,11 +18,11 @@
 
 package org.apache.skywalking.oap.server.receiver.envoy.als.k8s;
 
-import io.envoyproxy.envoy.api.v2.core.Address;
-import io.envoyproxy.envoy.api.v2.core.SocketAddress;
-import io.envoyproxy.envoy.data.accesslog.v2.AccessLogCommon;
-import io.envoyproxy.envoy.data.accesslog.v2.HTTPAccessLogEntry;
-import io.envoyproxy.envoy.service.accesslog.v2.StreamAccessLogsMessage;
+import io.envoyproxy.envoy.config.core.v3.Address;
+import io.envoyproxy.envoy.config.core.v3.SocketAddress;
+import io.envoyproxy.envoy.data.accesslog.v3.AccessLogCommon;
+import io.envoyproxy.envoy.data.accesslog.v3.HTTPAccessLogEntry;
+import io.envoyproxy.envoy.service.accesslog.v3.StreamAccessLogsMessage;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;

oap-server/server-receiver-plugin/envoy-metrics-receiver-plugin/src/main/java/org/apache/skywalking/oap/server/receiver/envoy/als/mx/MetaExchangeALSHTTPAnalyzer.java

@@ -20,9 +20,9 @@ package org.apache.skywalking.oap.server.receiver.envoy.als.mx;
 
 import com.google.protobuf.Any;
 import com.google.protobuf.TextFormat;
-import io.envoyproxy.envoy.data.accesslog.v2.AccessLogCommon;
-import io.envoyproxy.envoy.data.accesslog.v2.HTTPAccessLogEntry;
-import io.envoyproxy.envoy.service.accesslog.v2.StreamAccessLogsMessage;
+import io.envoyproxy.envoy.data.accesslog.v3.AccessLogCommon;
+import io.envoyproxy.envoy.data.accesslog.v3.HTTPAccessLogEntry;
+import io.envoyproxy.envoy.service.accesslog.v3.StreamAccessLogsMessage;
 import java.util.ArrayList;
 import java.util.Base64;
 import java.util.Collections;

oap-server/server-receiver-plugin/envoy-metrics-receiver-plugin/src/test/java/org/apache/skywalking/oap/server/receiver/envoy/MetricServiceGRPCHandlerTestMain.java

@@ -20,8 +20,8 @@ package org.apache.skywalking.oap.server.receiver.envoy;
 
 import com.google.protobuf.TextFormat;
 import io.envoyproxy.envoy.service.metrics.v2.MetricsServiceGrpc;
-import io.envoyproxy.envoy.service.metrics.v2.StreamMetricsMessage;
-import io.envoyproxy.envoy.service.metrics.v2.StreamMetricsResponse;
+import io.envoyproxy.envoy.service.metrics.v3.StreamMetricsMessage;
+import io.envoyproxy.envoy.service.metrics.v3.StreamMetricsResponse;
 import io.grpc.ManagedChannel;
 import io.grpc.ManagedChannelBuilder;
 import io.grpc.stub.StreamObserver;

oap-server/server-receiver-plugin/envoy-metrics-receiver-plugin/src/test/java/org/apache/skywalking/oap/server/receiver/envoy/als/k8s/K8SALSServiceMeshHTTPAnalysisTest.java

@@ -19,7 +19,7 @@
 package org.apache.skywalking.oap.server.receiver.envoy.als.k8s;
 
 import com.google.protobuf.util.JsonFormat;
-import io.envoyproxy.envoy.service.accesslog.v2.StreamAccessLogsMessage;
+import io.envoyproxy.envoy.service.accesslog.v3.StreamAccessLogsMessage;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;

oap-server/server-receiver-plugin/envoy-metrics-receiver-plugin/src/test/java/org/apache/skywalking/oap/server/receiver/envoy/als/mx/FieldsHelperTest.java

@@ -19,7 +19,7 @@
 package org.apache.skywalking.oap.server.receiver.envoy.als.mx;
 
 import com.google.protobuf.util.JsonFormat;
-import io.envoyproxy.envoy.service.accesslog.v2.StreamAccessLogsMessage;
+import io.envoyproxy.envoy.service.accesslog.v3.StreamAccessLogsMessage;
 import java.io.ByteArrayInputStream;
 import java.io.InputStreamReader;
 import java.util.Arrays;

oap-server/server-receiver-plugin/envoy-metrics-receiver-plugin/src/test/resources/envoy-ingress.msg

@@ -30,8 +30,7 @@
                 "ROUTER_MODE": "sni-dnat",
                 "istio": "sidecar"
             },
-            "locality": { },
-            "buildVersion": "55c80965eab994e6bfa2227e3942fa89928d0d70/1.10.0-dev/Clean/RELEASE/BoringSSL"
+            "locality": { }
         },
         "logName": "als"
     },
@@ -86,4 +85,4 @@
             }
         ]
     }
-}
\ No newline at end of file
+}

oap-server/server-receiver-plugin/envoy-metrics-receiver-plugin/src/test/resources/envoy-ingress2sidecar.msg

@@ -34,8 +34,7 @@
                     "pod-template-hash": "822879871",
                     "version": "v1"
                 },
-                "locality": { },
-                "buildVersion": "55c80965eab994e6bfa2227e3942fa89928d0d70/1.10.0-dev/Clean/RELEASE/BoringSSL"
+                "locality": { }
             },
             "logName": "als"
         },

oap-server/server-receiver-plugin/envoy-metrics-receiver-plugin/src/test/resources/envoy-mesh-client-sidecar.msg

@@ -33,8 +33,7 @@
                     "pod-template-hash": "822879871",
                     "version": "v1"
                 },
-                "locality": { },
-                "buildVersion": "55c80965eab994e6bfa2227e3942fa89928d0d70/1.10.0-dev/Clean/RELEASE/BoringSSL"
+                "locality": { }
             },
             "logName": "als"
         },
@@ -89,4 +88,4 @@
             ]
         }
     }
-}
\ No newline at end of file
+}

oap-server/server-receiver-plugin/envoy-metrics-receiver-plugin/src/test/resources/envoy-mesh-server-sidecar.msg

@@ -33,8 +33,7 @@
                 "pod-template-hash": "822879871",
                 "version": "v1"
             },
-            "locality": { },
-            "buildVersion": "55c80965eab994e6bfa2227e3942fa89928d0d70/1.10.0-dev/Clean/RELEASE/BoringSSL"
+            "locality": { }
         },
         "logName": "als"
     },
@@ -93,4 +92,4 @@
             }
         ]
     }
-}
\ No newline at end of file
+}

oap-server/server-receiver-plugin/envoy-metrics-receiver-plugin/src/test/resources/envoy-metric.msg

@@ -34,8 +34,7 @@ identifier {
         region: "ap-southeast-1"
         zone: "zone1"
         sub_zone: "subzone1"
-      },
-      build_version: "caf7ab123964cedd172a2d4cb29b2f2e05ca9156/1.10.0-dev/Clean/RELEASE/BoringSSL"
+      }
     }
 }
 envoy_metrics [

oap-server/server-receiver-plugin/envoy-metrics-receiver-plugin/src/test/resources/field-helper.msg

@@ -82,8 +82,7 @@
       "locality": {
         "region": "us-central1",
         "zone": "us-central1-a"
-      },
-      "buildVersion": "262253d9d066f8ef7ed82fd175c28b8f95acbec0/1.15.0/Clean/RELEASE/BoringSSL"
+      }
     },
     "logName": "http_envoy_accesslog"
   }

oap-server/server-receiver-plugin/receiver-proto/src/main/proto/envoy/api/v2/core/address.proto → oap-server/server-receiver-plugin/receiver-proto/src/main/proto/envoy/config/core/v3/address.proto

 syntax = "proto3";
 
-package envoy.api.v2.core;
+package envoy.config.core.v3;
 
-option java_outer_classname = "AddressProto";
-option java_multiple_files = true;
-option java_package = "io.envoyproxy.envoy.api.v2.core";
-
-import "envoy/api/v2/core/base.proto";
+import "envoy/config/core/v3/socket_option.proto";
 
 import "google/protobuf/wrappers.proto";
 
+import "udpa/annotations/status.proto";
+import "udpa/annotations/versioning.proto";
 import "validate/validate.proto";
-import "gogoproto/gogo.proto";
 
-option (gogoproto.equal_all) = true;
+option java_package = "io.envoyproxy.envoy.config.core.v3";
+option java_outer_classname = "AddressProto";
+option java_multiple_files = true;
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
 
 // [#protodoc-title: Network addresses]
 
 message Pipe {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Pipe";
+
   // Unix Domain Socket path. On Linux, paths starting with '@' will use the
   // abstract namespace. The starting '@' is replaced by a null byte by Envoy.
   // Paths starting with '@' will result in an error in environments other than
   // Linux.
-  string path = 1 [(validate.rules).string.min_bytes = 1];
+  string path = 1 [(validate.rules).string = {min_len: 1}];
+
+  // The mode for the Pipe. Not applicable for abstract sockets.
+  uint32 mode = 2 [(validate.rules).uint32 = {lte: 511}];
 }
 
+// [#not-implemented-hide:] The address represents an envoy internal listener.
+// TODO(lambdai): Make this address available for listener and endpoint.
+// TODO(asraa): When address available, remove workaround from test/server/server_fuzz_test.cc:30.
+message EnvoyInternalAddress {
+  oneof address_name_specifier {
+    option (validate.required) = true;
+
+    // [#not-implemented-hide:] The :ref:`listener name <envoy_api_field_config.listener.v3.Listener.name>` of the destination internal listener.
+    string server_listener_name = 1;
+  }
+}
+
+// [#next-free-field: 7]
 message SocketAddress {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.SocketAddress";
+
   enum Protocol {
-    option (gogoproto.goproto_enum_prefix) = false;
     TCP = 0;
-    // [#not-implemented-hide:]
     UDP = 1;
   }
-  Protocol protocol = 1 [(validate.rules).enum.defined_only = true];
+
+  Protocol protocol = 1 [(validate.rules).enum = {defined_only: true}];
+
   // The address for this socket. :ref:`Listeners <config_listeners>` will bind
   // to the address. An empty address is not allowed. Specify ``0.0.0.0`` or ``::``
   // to bind to any address. [#comment:TODO(zuercher) reinstate when implemented:
   // It is possible to distinguish a Listener address via the prefix/suffix matching
-  // in :ref:`FilterChainMatch <envoy_api_msg_listener.FilterChainMatch>`.] When used
-  // within an upstream :ref:`BindConfig <envoy_api_msg_core.BindConfig>`, the address
+  // in :ref:`FilterChainMatch <envoy_api_msg_config.listener.v3.FilterChainMatch>`.] When used
+  // within an upstream :ref:`BindConfig <envoy_api_msg_config.core.v3.BindConfig>`, the address
   // controls the source address of outbound connections. For :ref:`clusters
-  // <envoy_api_msg_Cluster>`, the cluster type determines whether the
+  // <envoy_api_msg_config.cluster.v3.Cluster>`, the cluster type determines whether the
   // address must be an IP (*STATIC* or *EDS* clusters) or a hostname resolved by DNS
   // (*STRICT_DNS* or *LOGICAL_DNS* clusters). Address resolution can be customized
-  // via :ref:`resolver_name <envoy_api_field_core.SocketAddress.resolver_name>`.
-  string address = 2 [(validate.rules).string.min_bytes = 1];
+  // via :ref:`resolver_name <envoy_api_field_config.core.v3.SocketAddress.resolver_name>`.
+  string address = 2 [(validate.rules).string = {min_len: 1}];
+
   oneof port_specifier {
     option (validate.required) = true;
-    uint32 port_value = 3 [(validate.rules).uint32.lte = 65535];
+
+    uint32 port_value = 3 [(validate.rules).uint32 = {lte: 65535}];
+
     // This is only valid if :ref:`resolver_name
-    // <envoy_api_field_core.SocketAddress.resolver_name>` is specified below and the
+    // <envoy_api_field_config.core.v3.SocketAddress.resolver_name>` is specified below and the
     // named resolver is capable of named port resolution.
     string named_port = 4;
   }
-  // The name of the resolver. This must have been registered with Envoy. If this is
-  // empty, a context dependent default applies. If address is a hostname this
-  // should be set for resolution other than DNS. If the address is a concrete
-  // IP address, no resolution will occur.
+
+  // The name of the custom resolver. This must have been registered with Envoy. If
+  // this is empty, a context dependent default applies. If the address is a concrete
+  // IP address, no resolution will occur. If address is a hostname this
+  // should be set for resolution other than DNS. Specifying a custom resolver with
+  // *STRICT_DNS* or *LOGICAL_DNS* will generate an error at runtime.
   string resolver_name = 5;
 
   // When binding to an IPv6 address above, this enables `IPv4 compatibility
@@ -67,27 +92,32 @@ message SocketAddress {
 }
 
 message TcpKeepalive {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.TcpKeepalive";
+
   // Maximum number of keepalive probes to send without response before deciding
   // the connection is dead. Default is to use the OS level configuration (unless
   // overridden, Linux defaults to 9.)
   google.protobuf.UInt32Value keepalive_probes = 1;
+
   // The number of seconds a connection needs to be idle before keep-alive probes
   // start being sent. Default is to use the OS level configuration (unless
-  // overridden, Linux defaults to 7200s (ie 2 hours.)
+  // overridden, Linux defaults to 7200s (i.e., 2 hours.)
   google.protobuf.UInt32Value keepalive_time = 2;
+
   // The number of seconds between keep-alive probes. Default is to use the OS
   // level configuration (unless overridden, Linux defaults to 75s.)
   google.protobuf.UInt32Value keepalive_interval = 3;
 }
 
 message BindConfig {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.BindConfig";
+
   // The address to bind to when creating a socket.
-  SocketAddress source_address = 1
-      [(validate.rules).message.required = true, (gogoproto.nullable) = false];
+  SocketAddress source_address = 1 [(validate.rules).message = {required: true}];
 
   // Whether to set the *IP_FREEBIND* option when creating the socket. When this
   // flag is set to true, allows the :ref:`source_address
-  // <envoy_api_field_UpstreamBindConfig.source_address>` to be an IP address
+  // <envoy_api_field_config.cluster.v3.UpstreamBindConfig.source_address>` to be an IP address
   // that is not configured on the system running Envoy. When this flag is set
   // to false, the option *IP_FREEBIND* is disabled on the socket. When this
   // flag is not set (default), the socket is not modified, i.e. the option is
@@ -103,19 +133,28 @@ message BindConfig {
 // used to tell Envoy where to bind/listen, connect to upstream and find
 // management servers.
 message Address {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Address";
+
   oneof address {
     option (validate.required) = true;
 
     SocketAddress socket_address = 1;
+
     Pipe pipe = 2;
+
+    // [#not-implemented-hide:]
+    EnvoyInternalAddress envoy_internal_address = 3;
   }
 }
 
 // CidrRange specifies an IP Address and a prefix length to construct
 // the subnet mask for a `CIDR <https://tools.ietf.org/html/rfc4632>`_ range.
 message CidrRange {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.CidrRange";
+
   // IPv4 or IPv6 address, e.g. ``192.0.0.0`` or ``2001:db8::``.
-  string address_prefix = 1 [(validate.rules).string.min_bytes = 1];
+  string address_prefix = 1 [(validate.rules).string = {min_len: 1}];
+
   // Length of prefix, e.g. 0, 32.
-  google.protobuf.UInt32Value prefix_len = 2 [(validate.rules).uint32.lte = 128];
+  google.protobuf.UInt32Value prefix_len = 2 [(validate.rules).uint32 = {lte: 128}];
 }

oap-server/server-receiver-plugin/receiver-proto/src/main/proto/envoy/config/core/v3/backoff.proto

+syntax = "proto3";
+
+package envoy.config.core.v3;
+
+import "google/protobuf/duration.proto";
+
+import "udpa/annotations/status.proto";
+import "udpa/annotations/versioning.proto";
+import "validate/validate.proto";
+
+option java_package = "io.envoyproxy.envoy.config.core.v3";
+option java_outer_classname = "BackoffProto";
+option java_multiple_files = true;
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: Backoff Strategy]
+
+// Configuration defining a jittered exponential back off strategy.
+message BackoffStrategy {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.BackoffStrategy";
+
+  // The base interval to be used for the next back off computation. It should
+  // be greater than zero and less than or equal to :ref:`max_interval
+  // <envoy_api_field_config.core.v3.BackoffStrategy.max_interval>`.
+  google.protobuf.Duration base_interval = 1 [(validate.rules).duration = {
+    required: true
+    gte {nanos: 1000000}
+  }];
+
+  // Specifies the maximum interval between retries. This parameter is optional,
+  // but must be greater than or equal to the :ref:`base_interval
+  // <envoy_api_field_config.core.v3.BackoffStrategy.base_interval>` if set. The default
+  // is 10 times the :ref:`base_interval
+  // <envoy_api_field_config.core.v3.BackoffStrategy.base_interval>`.
+  google.protobuf.Duration max_interval = 2 [(validate.rules).duration = {gt {}}];
+}

oap-server/server-receiver-plugin/receiver-proto/src/main/proto/envoy/api/v2/core/base.proto → oap-server/server-receiver-plugin/receiver-proto/src/main/proto/envoy/config/core/v3/base.proto

 syntax = "proto3";
 
-package envoy.api.v2.core;
+package envoy.config.core.v3;
 
-option java_outer_classname = "BaseProto";
-option java_multiple_files = true;
-option java_package = "io.envoyproxy.envoy.api.v2.core";
-option go_package = "core";
+import "envoy/config/core/v3/address.proto";
+import "envoy/config/core/v3/backoff.proto";
+import "envoy/config/core/v3/http_uri.proto";
+import "envoy/type/v3/percent.proto";
+import "envoy/type/v3/semantic_version.proto";
 
 import "google/protobuf/any.proto";
 import "google/protobuf/struct.proto";
 import "google/protobuf/wrappers.proto";
 
+import "udpa/annotations/migrate.proto";
+import "udpa/annotations/status.proto";
+import "udpa/annotations/versioning.proto";
 import "validate/validate.proto";
-import "gogoproto/gogo.proto";
 
-import "envoy/type/percent.proto";
-
-option (gogoproto.equal_all) = true;
-option (gogoproto.stable_marshaler_all) = true;
+option java_package = "io.envoyproxy.envoy.config.core.v3";
+option java_outer_classname = "BaseProto";
+option java_multiple_files = true;
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
 
 // [#protodoc-title: Common types]
 
+// Envoy supports :ref:`upstream priority routing
+// <arch_overview_http_routing_priority>` both at the route and the virtual
+// cluster level. The current priority implementation uses different connection
+// pool and circuit breaking settings for each priority level. This means that
+// even for HTTP/2 requests, two physical connections will be used to an
+// upstream host. In the future Envoy will likely support true HTTP/2 priority
+// over a single upstream connection.
+enum RoutingPriority {
+  DEFAULT = 0;
+  HIGH = 1;
+}
+
+// HTTP request method.
+enum RequestMethod {
+  METHOD_UNSPECIFIED = 0;
+  GET = 1;
+  HEAD = 2;
+  POST = 3;
+  PUT = 4;
+  DELETE = 5;
+  CONNECT = 6;
+  OPTIONS = 7;
+  TRACE = 8;
+  PATCH = 9;
+}
+
+// Identifies the direction of the traffic relative to the local Envoy.
+enum TrafficDirection {
+  // Default option is unspecified.
+  UNSPECIFIED = 0;
+
+  // The transport is used for incoming traffic.
+  INBOUND = 1;
+
+  // The transport is used for outgoing traffic.
+  OUTBOUND = 2;
+}
+
 // Identifies location of where either Envoy runs or where upstream hosts run.
 message Locality {
-  // Region this :ref:`zone <envoy_api_field_core.Locality.zone>` belongs to.
+  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Locality";
+
+  // Region this :ref:`zone <envoy_api_field_config.core.v3.Locality.zone>` belongs to.
   string region = 1;
 
   // Defines the local service zone where Envoy is running. Though optional, it
   // should be set if discovery service routing is used and the discovery
-  // service exposes :ref:`zone data <envoy_api_field_endpoint.LocalityLbEndpoints.locality>`,
+  // service exposes :ref:`zone data <envoy_api_field_config.endpoint.v3.LocalityLbEndpoints.locality>`,
   // either in this message or via :option:`--service-zone`. The meaning of zone
   // is context dependent, e.g. `Availability Zone (AZ)
   // <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html>`_
@@ -42,10 +85,60 @@ message Locality {
   string sub_zone = 3;
 }
 
+// BuildVersion combines SemVer version of extension with free-form build information
+// (i.e. 'alpha', 'private-build') as a set of strings.
+message BuildVersion {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.BuildVersion";
+
+  // SemVer version of extension.
+  type.v3.SemanticVersion version = 1;
+
+  // Free-form build information.
+  // Envoy defines several well known keys in the source/common/version/version.h file
+  google.protobuf.Struct metadata = 2;
+}
+
+// Version and identification for an Envoy extension.
+// [#next-free-field: 6]
+message Extension {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Extension";
+
+  // This is the name of the Envoy filter as specified in the Envoy
+  // configuration, e.g. envoy.filters.http.router, com.acme.widget.
+  string name = 1;
+
+  // Category of the extension.
+  // Extension category names use reverse DNS notation. For instance "envoy.filters.listener"
+  // for Envoy's built-in listener filters or "com.acme.filters.http" for HTTP filters from
+  // acme.com vendor.
+  // [#comment:TODO(yanavlasov): Link to the doc with existing envoy category names.]
+  string category = 2;
+
+  // [#not-implemented-hide:] Type descriptor of extension configuration proto.
+  // [#comment:TODO(yanavlasov): Link to the doc with existing configuration protos.]
+  // [#comment:TODO(yanavlasov): Add tests when PR #9391 lands.]
+  string type_descriptor = 3;
+
+  // The version is a property of the extension and maintained independently
+  // of other extensions and the Envoy API.
+  // This field is not set when extension did not provide version information.
+  BuildVersion version = 4;
+
+  // Indicates that the extension is present but was disabled via dynamic configuration.
+  bool disabled = 5;
+}
+
 // Identifies a specific Envoy instance. The node identifier is presented to the
 // management server, which may use this identifier to distinguish per Envoy
 // configuration for serving.
+// [#next-free-field: 12]
 message Node {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Node";
+
+  reserved 5;
+
+  reserved "build_version";
+
   // An opaque node identifier for the Envoy node. This also provides the local
   // service node name. It should be set if any of the following features are
   // used: :ref:`statsd <arch_overview_statistics>`, :ref:`CDS
@@ -57,10 +150,11 @@ message Node {
   // Defines the local service cluster name where Envoy is running. Though
   // optional, it should be set if any of the following features are used:
   // :ref:`statsd <arch_overview_statistics>`, :ref:`health check cluster
-  // verification <envoy_api_field_core.HealthCheck.HttpHealthCheck.service_name>`,
-  // :ref:`runtime override directory <envoy_api_msg_config.bootstrap.v2.Runtime>`,
+  // verification
+  // <envoy_api_field_config.core.v3.HealthCheck.HttpHealthCheck.service_name_matcher>`,
+  // :ref:`runtime override directory <envoy_api_msg_config.bootstrap.v3.Runtime>`,
   // :ref:`user agent addition
-  // <envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.add_user_agent>`,
+  // <envoy_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.add_user_agent>`,
   // :ref:`HTTP global rate limiting <config_http_filters_rate_limit>`,
   // :ref:`CDS <config_cluster_manager_cds>`, and :ref:`HTTP tracing
   // <arch_overview_tracing>`, either in this message or via
@@ -74,10 +168,34 @@ message Node {
   // Locality specifying where the Envoy instance is running.
   Locality locality = 4;
 
-  // This is motivated by informing a management server during canary which
-  // version of Envoy is being tested in a heterogeneous fleet. This will be set
-  // by Envoy in management server RPCs.
-  string build_version = 5;
+  // Free-form string that identifies the entity requesting config.
+  // E.g. "envoy" or "grpc"
+  string user_agent_name = 6;
+
+  oneof user_agent_version_type {
+    // Free-form string that identifies the version of the entity requesting config.
+    // E.g. "1.12.2" or "abcd1234", or "SpecialEnvoyBuild"
+    string user_agent_version = 7;
+
+    // Structured version of the entity requesting config.
+    BuildVersion user_agent_build_version = 8;
+  }
+
+  // List of extensions and their versions supported by the node.
+  repeated Extension extensions = 9;
+
+  // Client feature support list. These are well known features described
+  // in the Envoy API repository for a given major version of an API. Client features
+  // use reverse DNS naming scheme, for example `com.acme.feature`.
+  // See :ref:`the list of features <client_features>` that xDS client may
+  // support.
+  repeated string client_features = 10;
+
+  // Known listening ports on the node as a generic hint to the management server
+  // for filtering :ref:`listeners <config_listeners>` to be returned. For example,
+  // if there is a listener bound to port 80, the list can optionally contain the
+  // SocketAddress `(0.0.0.0,80)`. The field is optional and just a hint.
+  repeated Address listening_addresses = 11 [deprecated = true];
 }
 
 // Metadata provides additional inputs to filters based on matched listeners,
@@ -101,7 +219,10 @@ message Node {
 // * ``{"envoy.lb": {"canary": <bool> }}`` This indicates the canary status of an
 //   endpoint and is also used during header processing
 //   (x-envoy-upstream-canary) and for stats purposes.
+// [#next-major-version: move to type/metadata/v2]
 message Metadata {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Metadata";
+
   // Key is the reverse DNS filter name, e.g. com.acme.widget. The envoy.*
   // namespace is reserved for Envoy's built-in filters.
   map<string, google.protobuf.Struct> filter_metadata = 1;
@@ -109,139 +230,195 @@ message Metadata {
 
 // Runtime derived uint32 with a default when not specified.
 message RuntimeUInt32 {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.RuntimeUInt32";
+
   // Default value if runtime value is not available.
   uint32 default_value = 2;
 
   // Runtime key to get value for comparison. This value is used if defined.
-  string runtime_key = 3 [(validate.rules).string.min_bytes = 1];
+  string runtime_key = 3 [(validate.rules).string = {min_len: 1}];
 }
 
-// Envoy supports :ref:`upstream priority routing
-// <arch_overview_http_routing_priority>` both at the route and the virtual
-// cluster level. The current priority implementation uses different connection
-// pool and circuit breaking settings for each priority level. This means that
-// even for HTTP/2 requests, two physical connections will be used to an
-// upstream host. In the future Envoy will likely support true HTTP/2 priority
-// over a single upstream connection.
-enum RoutingPriority {
-  DEFAULT = 0;
-  HIGH = 1;
+// Runtime derived percentage with a default when not specified.
+message RuntimePercent {
+  // Default value if runtime value is not available.
+  type.v3.Percent default_value = 1;
+
+  // Runtime key to get value for comparison. This value is used if defined.
+  string runtime_key = 2 [(validate.rules).string = {min_len: 1}];
 }
 
-// HTTP request method.
-enum RequestMethod {
-  option (gogoproto.goproto_enum_prefix) = false;
-  METHOD_UNSPECIFIED = 0;
-  GET = 1;
-  HEAD = 2;
-  POST = 3;
-  PUT = 4;
-  DELETE = 5;
-  CONNECT = 6;
-  OPTIONS = 7;
-  TRACE = 8;
+// Runtime derived double with a default when not specified.
+message RuntimeDouble {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.RuntimeDouble";
+
+  // Default value if runtime value is not available.
+  double default_value = 1;
+
+  // Runtime key to get value for comparison. This value is used if defined.
+  string runtime_key = 2 [(validate.rules).string = {min_len: 1}];
+}
+
+// Runtime derived bool with a default when not specified.
+message RuntimeFeatureFlag {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.api.v2.core.RuntimeFeatureFlag";
+
+  // Default value if runtime value is not available.
+  google.protobuf.BoolValue default_value = 1 [(validate.rules).message = {required: true}];
+
+  // Runtime key to get value for comparison. This value is used if defined. The boolean value must
+  // be represented via its
+  // `canonical JSON encoding <https://developers.google.com/protocol-buffers/docs/proto3#json>`_.
+  string runtime_key = 2 [(validate.rules).string = {min_len: 1}];
 }
 
 // Header name/value pair.
 message HeaderValue {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.HeaderValue";
+
   // Header name.
-  string key = 1 [(validate.rules).string = {min_bytes: 1, max_bytes: 16384}];
+  string key = 1
+      [(validate.rules).string =
+           {min_len: 1 max_bytes: 16384 well_known_regex: HTTP_HEADER_NAME strict: false}];
 
   // Header value.
   //
   // The same :ref:`format specifier <config_access_log_format>` as used for
   // :ref:`HTTP access logging <config_access_log>` applies here, however
   // unknown header values are replaced with the empty string instead of `-`.
-  string value = 2 [(validate.rules).string.max_bytes = 16384];
+  string value = 2 [
+    (validate.rules).string = {max_bytes: 16384 well_known_regex: HTTP_HEADER_VALUE strict: false}
+  ];
 }
 
 // Header name/value pair plus option to control append behavior.
 message HeaderValueOption {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.api.v2.core.HeaderValueOption";
+
   // Header name/value pair that this option applies to.
-  HeaderValue header = 1 [(validate.rules).message.required = true];
+  HeaderValue header = 1 [(validate.rules).message = {required: true}];
 
   // Should the value be appended? If true (default), the value is appended to
-  // existing values.
+  // existing values. Otherwise it replaces any existing values.
   google.protobuf.BoolValue append = 2;
 }
 
 // Wrapper for a set of headers.
 message HeaderMap {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.HeaderMap";
+
   repeated HeaderValue headers = 1;
 }
 
+// A directory that is watched for changes, e.g. by inotify on Linux. Move/rename
+// events inside this directory trigger the watch.
+message WatchedDirectory {
+  // Directory path to watch.
+  string path = 1 [(validate.rules).string = {min_len: 1}];
+}
+
 // Data source consisting of either a file or an inline value.
 message DataSource {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.DataSource";
+
   oneof specifier {
     option (validate.required) = true;
 
     // Local filesystem data source.
-    string filename = 1 [(validate.rules).string.min_bytes = 1];
+    string filename = 1 [(validate.rules).string = {min_len: 1}];
 
     // Bytes inlined in the configuration.
-    bytes inline_bytes = 2 [(validate.rules).bytes.min_len = 1];
+    bytes inline_bytes = 2 [(validate.rules).bytes = {min_len: 1}];
 
     // String inlined in the configuration.
-    string inline_string = 3 [(validate.rules).string.min_bytes = 1];
+    string inline_string = 3 [(validate.rules).string = {min_len: 1}];
+  }
+}
+
+// The message specifies the retry policy of remote data source when fetching fails.
+message RetryPolicy {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.RetryPolicy";
+
+  // Specifies parameters that control :ref:`retry backoff strategy <envoy_api_msg_config.core.v3.BackoffStrategy>`.
+  // This parameter is optional, in which case the default base interval is 1000 milliseconds. The
+  // default maximum interval is 10 times the base interval.
+  BackoffStrategy retry_back_off = 1;
+
+  // Specifies the allowed number of retries. This parameter is optional and
+  // defaults to 1.
+  google.protobuf.UInt32Value num_retries = 2
+      [(udpa.annotations.field_migrate).rename = "max_retries"];
+}
+
+// The message specifies how to fetch data from remote and how to verify it.
+message RemoteDataSource {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.RemoteDataSource";
+
+  // The HTTP URI to fetch the remote data.
+  HttpUri http_uri = 1 [(validate.rules).message = {required: true}];
+
+  // SHA256 string for verifying data.
+  string sha256 = 2 [(validate.rules).string = {min_len: 1}];
+
+  // Retry policy for fetching remote data.
+  RetryPolicy retry_policy = 3;
+}
+
+// Async data source which support async data fetch.
+message AsyncDataSource {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.AsyncDataSource";
+
+  oneof specifier {
+    option (validate.required) = true;
+
+    // Local async data source.
+    DataSource local = 1;
+
+    // Remote async data source.
+    RemoteDataSource remote = 2;
   }
 }
 
 // Configuration for transport socket in :ref:`listeners <config_listeners>` and
-// :ref:`clusters <envoy_api_msg_Cluster>`. If the configuration is
+// :ref:`clusters <envoy_api_msg_config.cluster.v3.Cluster>`. If the configuration is
 // empty, a default transport socket implementation and configuration will be
 // chosen based on the platform and existence of tls_context.
 message TransportSocket {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.TransportSocket";
+
+  reserved 2;
+
+  reserved "config";
+
   // The name of the transport socket to instantiate. The name must match a supported transport
   // socket implementation.
-  string name = 1 [(validate.rules).string.min_bytes = 1];
+  string name = 1 [(validate.rules).string = {min_len: 1}];
 
   // Implementation specific configuration which depends on the implementation being instantiated.
   // See the supported transport socket implementations for further documentation.
   oneof config_type {
-    google.protobuf.Struct config = 2;
-
     google.protobuf.Any typed_config = 3;
   }
 }
 
-// Generic socket option message. This would be used to set socket options that
-// might not exist in upstream kernels or precompiled Envoy binaries.
-message SocketOption {
-  // An optional name to give this socket option for debugging, etc.
-  // Uniqueness is not required and no special meaning is assumed.
-  string description = 1;
-  // Corresponding to the level value passed to setsockopt, such as IPPROTO_TCP
-  int64 level = 2;
-  // The numeric name as passed to setsockopt
-  int64 name = 3;
-  oneof value {
-    option (validate.required) = true;
-
-    // Because many sockopts take an int value.
-    int64 int_value = 4;
-    // Otherwise it's a byte buffer.
-    bytes buf_value = 5;
-  }
-  enum SocketState {
-    option (gogoproto.goproto_enum_prefix) = false;
-    // Socket options are applied after socket creation but before binding the socket to a port
-    STATE_PREBIND = 0;
-    // Socket options are applied after binding the socket to a port but before calling listen()
-    STATE_BOUND = 1;
-    // Socket options are applied after calling listen()
-    STATE_LISTENING = 2;
-  }
-  // The state in which the option will be applied. When used in BindConfig
-  // STATE_PREBIND is currently the only valid value.
-  SocketState state = 6
-      [(validate.rules).message.required = true, (validate.rules).enum.defined_only = true];
-}
-
 // Runtime derived FractionalPercent with defaults for when the numerator or denominator is not
 // specified via a runtime key.
+//
+// .. note::
+//
+//   Parsing of the runtime key's data is implemented such that it may be represented as a
+//   :ref:`FractionalPercent <envoy_api_msg_type.v3.FractionalPercent>` proto represented as JSON/YAML
+//   and may also be represented as an integer with the assumption that the value is an integral
+//   percentage out of 100. For instance, a runtime key lookup returning the value "42" would parse
+//   as a `FractionalPercent` whose numerator is 42 and denominator is HUNDRED.
 message RuntimeFractionalPercent {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.api.v2.core.RuntimeFractionalPercent";
+
   // Default value if the runtime value's for the numerator/denominator keys are not available.
-  envoy.type.FractionalPercent default_value = 1 [(validate.rules).message.required = true];
+  type.v3.FractionalPercent default_value = 1 [(validate.rules).message = {required: true}];
 
   // Runtime key for a YAML representation of a FractionalPercent.
   string runtime_key = 2;
@@ -249,6 +426,8 @@ message RuntimeFractionalPercent {
 
 // Identifies a specific ControlPlane instance that Envoy is connected to.
 message ControlPlane {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.ControlPlane";
+
   // An opaque control plane identifier that uniquely identifies an instance
   // of control plane. This can be used to identify which control plane instance,
   // the Envoy is connected to.

oap-server/server-receiver-plugin/receiver-proto/src/main/proto/envoy/config/core/v3/http_uri.proto

+syntax = "proto3";
+
+package envoy.config.core.v3;
+
+import "google/protobuf/duration.proto";
+
+import "udpa/annotations/status.proto";
+import "udpa/annotations/versioning.proto";
+import "validate/validate.proto";
+
+option java_package = "io.envoyproxy.envoy.config.core.v3";
+option java_outer_classname = "HttpUriProto";
+option java_multiple_files = true;
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: HTTP Service URI ]
+
+// Envoy external URI descriptor
+message HttpUri {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.HttpUri";
+
+  // The HTTP server URI. It should be a full FQDN with protocol, host and path.
+  //
+  // Example:
+  //
+  // .. code-block:: yaml
+  //
+  //    uri: https://www.googleapis.com/oauth2/v1/certs
+  //
+  string uri = 1 [(validate.rules).string = {min_len: 1}];
+
+  // Specify how `uri` is to be fetched. Today, this requires an explicit
+  // cluster, but in the future we may support dynamic cluster creation or
+  // inline DNS resolution. See `issue
+  // <https://github.com/envoyproxy/envoy/issues/1606>`_.
+  oneof http_upstream_type {
+    option (validate.required) = true;
+
+    // A cluster is created in the Envoy "cluster_manager" config
+    // section. This field specifies the cluster name.
+    //
+    // Example:
+    //
+    // .. code-block:: yaml
+    //
+    //    cluster: jwks_cluster
+    //
+    string cluster = 2 [(validate.rules).string = {min_len: 1}];
+  }
+
+  // Sets the maximum duration in milliseconds that a response can take to arrive upon request.
+  google.protobuf.Duration timeout = 3 [(validate.rules).duration = {
+    required: true
+    gte {}
+  }];
+}

oap-server/server-receiver-plugin/receiver-proto/src/main/proto/envoy/config/core/v3/socket_option.proto

+syntax = "proto3";
+
+package envoy.config.core.v3;
+
+import "udpa/annotations/status.proto";
+import "udpa/annotations/versioning.proto";
+import "validate/validate.proto";
+
+option java_package = "io.envoyproxy.envoy.config.core.v3";
+option java_outer_classname = "SocketOptionProto";
+option java_multiple_files = true;
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: Socket Option ]
+
+// Generic socket option message. This would be used to set socket options that
+// might not exist in upstream kernels or precompiled Envoy binaries.
+// [#next-free-field: 7]
+message SocketOption {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.SocketOption";
+
+  enum SocketState {
+    // Socket options are applied after socket creation but before binding the socket to a port
+    STATE_PREBIND = 0;
+
+    // Socket options are applied after binding the socket to a port but before calling listen()
+    STATE_BOUND = 1;
+
+    // Socket options are applied after calling listen()
+    STATE_LISTENING = 2;
+  }
+
+  // An optional name to give this socket option for debugging, etc.
+  // Uniqueness is not required and no special meaning is assumed.
+  string description = 1;
+
+  // Corresponding to the level value passed to setsockopt, such as IPPROTO_TCP
+  int64 level = 2;
+
+  // The numeric name as passed to setsockopt
+  int64 name = 3;
+
+  oneof value {
+    option (validate.required) = true;
+
+    // Because many sockopts take an int value.
+    int64 int_value = 4;
+
+    // Otherwise it's a byte buffer.
+    bytes buf_value = 5;
+  }
+
+  // The state in which the option will be applied. When used in BindConfig
+  // STATE_PREBIND is currently the only valid value.
+  SocketState state = 6 [(validate.rules).enum = {defined_only: true}];
+}

oap-server/server-receiver-plugin/receiver-proto/src/main/proto/envoy/data/accesslog/v2/accesslog.proto → oap-server/server-receiver-plugin/receiver-proto/src/main/proto/envoy/data/accesslog/v3/accesslog.proto

 syntax = "proto3";
 
-package envoy.data.accesslog.v2;
+package envoy.data.accesslog.v3;
 
-option java_outer_classname = "AccesslogProto";
-option java_multiple_files = true;
-option java_package = "io.envoyproxy.envoy.data.accesslog.v2";
-
-import "envoy/api/v2/core/address.proto";
-import "envoy/api/v2/core/base.proto";
+import "envoy/config/core/v3/address.proto";
+import "envoy/config/core/v3/base.proto";
 
 import "google/protobuf/any.proto";
 import "google/protobuf/duration.proto";
 import "google/protobuf/timestamp.proto";
 import "google/protobuf/wrappers.proto";
 
+import "udpa/annotations/status.proto";
+import "udpa/annotations/versioning.proto";
 import "validate/validate.proto";
 
+option java_package = "io.envoyproxy.envoy.data.accesslog.v3";
+option java_outer_classname = "AccesslogProto";
+option java_multiple_files = true;
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
 // [#protodoc-title: gRPC access logs]
 // Envoy access logs describe incoming interaction with Envoy over a fixed
 // period of time, and typically cover a single request/response exchange,
@@ -28,6 +31,9 @@ import "validate/validate.proto";
 // in their name.
 
 message TCPAccessLogEntry {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.data.accesslog.v2.TCPAccessLogEntry";
+
   // Common properties shared by all Envoy access logs.
   AccessLogCommon common_properties = 1;
 
@@ -36,6 +42,9 @@ message TCPAccessLogEntry {
 }
 
 message HTTPAccessLogEntry {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.data.accesslog.v2.HTTPAccessLogEntry";
+
   // HTTP version
   enum HTTPVersion {
     PROTOCOL_UNSPECIFIED = 0;
@@ -59,6 +68,9 @@ message HTTPAccessLogEntry {
 
 // Defines fields for a connection
 message ConnectionProperties {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.data.accesslog.v2.ConnectionProperties";
+
   // Number of bytes received from downstream.
   uint64 received_bytes = 1;
 
@@ -69,6 +81,9 @@ message ConnectionProperties {
 // Defines fields that are shared by all Envoy access logs.
 // [#next-free-field: 22]
 message AccessLogCommon {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.data.accesslog.v2.AccessLogCommon";
+
   // [#not-implemented-hide:]
   // This field indicates the rate at which this log entry was sampled.
   // Valid range is (0.0, 1.0].
@@ -77,10 +92,10 @@ message AccessLogCommon {
   // This field is the remote/origin address on which the request from the user was received.
   // Note: This may not be the physical peer. E.g, if the remote address is inferred from for
   // example the x-forwarder-for header, proxy protocol, etc.
-  envoy.api.v2.core.Address downstream_remote_address = 2;
+  config.core.v3.Address downstream_remote_address = 2;
 
   // This field is the local/destination address on which the request from the user was received.
-  envoy.api.v2.core.Address downstream_local_address = 3;
+  config.core.v3.Address downstream_local_address = 3;
 
   // If the connection is secure,S this field will contain TLS properties.
   TLSProperties tls_properties = 4;
@@ -129,10 +144,10 @@ message AccessLogCommon {
 
   // The upstream remote/destination address that handles this exchange. This does not include
   // retries.
-  envoy.api.v2.core.Address upstream_remote_address = 13;
+  config.core.v3.Address upstream_remote_address = 13;
 
   // The upstream local/origin address that handles this exchange. This does not include retries.
-  envoy.api.v2.core.Address upstream_local_address = 14;
+  config.core.v3.Address upstream_local_address = 14;
 
   // The upstream cluster that *upstream_remote_address* belongs to.
   string upstream_cluster = 15;
@@ -148,7 +163,7 @@ message AccessLogCommon {
   // route created from a higher level forwarding rule with some ID can place
   // that ID in this field and cross reference later. It can also be used to
   // determine if a canary endpoint was used or not.
-  envoy.api.v2.core.Metadata metadata = 17;
+  config.core.v3.Metadata metadata = 17;
 
   // If upstream connection failed due to transport socket (e.g. TLS handshake), provides the
   // failure reason from the transport socket. The format of this field depends on the configured
@@ -162,7 +177,7 @@ message AccessLogCommon {
   // This field is the downstream direct remote address on which the request from the user was
   // received. Note: This is always the physical peer, even if the remote address is inferred from
   // for example the x-forwarder-for header, proxy protocol, etc.
-  envoy.api.v2.core.Address downstream_direct_remote_address = 20;
+  config.core.v3.Address downstream_direct_remote_address = 20;
 
   // Map of filter state in stream info that have been configured to be logged. If the filter
   // state serialized to any message other than `google.protobuf.Any` it will be packed into
@@ -171,9 +186,15 @@ message AccessLogCommon {
 }
 
 // Flags indicating occurrences during request/response processing.
-// [#next-free-field: 20]
+// [#next-free-field: 24]
 message ResponseFlags {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.data.accesslog.v2.ResponseFlags";
+
   message Unauthorized {
+    option (udpa.annotations.versioning).previous_message_type =
+        "envoy.data.accesslog.v2.ResponseFlags.Unauthorized";
+
     // Reasons why the request was unauthorized
     enum Reason {
       REASON_UNSPECIFIED = 0;
@@ -242,11 +263,26 @@ message ResponseFlags {
 
   // Indicates there was an HTTP protocol error on the downstream request.
   bool downstream_protocol_error = 19;
+
+  // Indicates there was a max stream duration reached on the upstream request.
+  bool upstream_max_stream_duration_reached = 20;
+
+  // Indicates the response was served from a cache filter.
+  bool response_from_cache_filter = 21;
+
+  // Indicates that a filter configuration is not available.
+  bool no_filter_config_found = 22;
+
+  // Indicates that request or connection exceeded the downstream connection duration.
+  bool duration_timeout = 23;
 }
 
 // Properties of a negotiated TLS connection.
 // [#next-free-field: 7]
 message TLSProperties {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.data.accesslog.v2.TLSProperties";
+
   enum TLSVersion {
     VERSION_UNSPECIFIED = 0;
     TLSv1 = 1;
@@ -256,7 +292,13 @@ message TLSProperties {
   }
 
   message CertificateProperties {
+    option (udpa.annotations.versioning).previous_message_type =
+        "envoy.data.accesslog.v2.TLSProperties.CertificateProperties";
+
     message SubjectAltName {
+      option (udpa.annotations.versioning).previous_message_type =
+          "envoy.data.accesslog.v2.TLSProperties.CertificateProperties.SubjectAltName";
+
       oneof san {
         string uri = 1;
 
@@ -297,8 +339,11 @@ message TLSProperties {
 
 // [#next-free-field: 14]
 message HTTPRequestProperties {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.data.accesslog.v2.HTTPRequestProperties";
+
   // The request method (RFC 7231/2616).
-  envoy.api.v2.core.RequestMethod request_method = 1 [(validate.rules).enum = {defined_only: true}];
+  config.core.v3.RequestMethod request_method = 1 [(validate.rules).enum = {defined_only: true}];
 
   // The scheme portion of the incoming request URI.
   string scheme = 2;
@@ -350,6 +395,9 @@ message HTTPRequestProperties {
 
 // [#next-free-field: 7]
 message HTTPResponseProperties {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.data.accesslog.v2.HTTPResponseProperties";
+
   // The HTTP response code returned by Envoy.
   google.protobuf.UInt32Value response_code = 1;
 

oap-server/server-receiver-plugin/receiver-proto/src/main/proto/envoy/service/accesslog/v2/als.proto

@@ -8,66 +8,16 @@ option java_package = "io.envoyproxy.envoy.service.accesslog.v2";
 option go_package = "v2";
 option java_generic_services = true;
 
-import "envoy/api/v2/core/base.proto";
-import "envoy/data/accesslog/v2/accesslog.proto";
-
-import "validate/validate.proto";
+import "envoy/service/accesslog/v3/als.proto";
 
 // [#protodoc-title: gRPC Access Log Service (ALS)]
 
 // Service for streaming access logs from Envoy to an access log server.
 service AccessLogService {
-  // Envoy will connect and send StreamAccessLogsMessage messages forever. It does not expect any
-  // response to be sent as nothing would be done in the case of failure. The server should
-  // disconnect if it expects Envoy to reconnect. In the future we may decide to add a different
-  // API for "critical" access logs in which Envoy will buffer access logs for some period of time
-  // until it gets an ACK so it could then retry. This API is designed for high throughput with the
-  // expectation that it might be lossy.
-  rpc StreamAccessLogs(stream StreamAccessLogsMessage) returns (StreamAccessLogsResponse) {
-  }
-}
-
-// Empty response for the StreamAccessLogs API. Will never be sent. See below.
-message StreamAccessLogsResponse {
-}
-
-// Stream message for the StreamAccessLogs API. Envoy will open a stream to the server and stream
-// access logs without ever expecting a response.
-message StreamAccessLogsMessage {
-  message Identifier {
-    // The node sending the access log messages over the stream.
-    envoy.api.v2.core.Node node = 1 [(validate.rules).message.required = true];
-
-    // The friendly name of the log configured in :ref:`CommonGrpcAccessLogConfig
-    // <envoy_api_msg_config.accesslog.v2.CommonGrpcAccessLogConfig>`.
-    string log_name = 2 [(validate.rules).string.min_bytes = 1];
-  }
-
-  // Identifier data that will only be sent in the first message on the stream. This is effectively
-  // structured metadata and is a performance optimization.
-  Identifier identifier = 1;
-
-  // Wrapper for batches of HTTP access log entries.
-  message HTTPAccessLogEntries {
-    repeated envoy.data.accesslog.v2.HTTPAccessLogEntry log_entry = 1
-        [(validate.rules).repeated .min_items = 1];
-  }
-
-  // [#not-implemented-hide:]
-  // Wrapper for batches of TCP access log entries.
-  message TCPAccessLogEntries {
-    repeated envoy.data.accesslog.v2.TCPAccessLogEntry log_entry = 1
-        [(validate.rules).repeated .min_items = 1];
-  }
-
-  // Batches of log entries of a single type. Generally speaking, a given stream should only
-  // ever include one type of log entry.
-  oneof log_entries {
-    option (validate.required) = true;
-
-    HTTPAccessLogEntries http_logs = 2;
-
-    // [#not-implemented-hide:]
-    TCPAccessLogEntries tcp_logs = 3;
+  // In order to simultaneously support Envoy AccessLogService V2 and V3 without duplicating too many codes,
+  // we combine the V2 service definition and V3 message protobuf and delegate the V2 service handler to V3,
+  // this is only feasible when the message protobuf of V3 is compatible with V2 (i.e. backward compatibility).
+  // For more about AccessLogService, read envoy/service/accesslog/v3/als.proto
+  rpc StreamAccessLogs(stream envoy.service.accesslog.v3.StreamAccessLogsMessage) returns (envoy.service.accesslog.v3.StreamAccessLogsResponse) {
   }
 }

oap-server/server-receiver-plugin/receiver-proto/src/main/proto/envoy/service/accesslog/v3/als.proto

+syntax = "proto3";
+
+package envoy.service.accesslog.v3;
+
+import "envoy/config/core/v3/base.proto";
+import "envoy/data/accesslog/v3/accesslog.proto";
+
+import "udpa/annotations/status.proto";
+import "udpa/annotations/versioning.proto";
+import "validate/validate.proto";
+
+option java_package = "io.envoyproxy.envoy.service.accesslog.v3";
+option java_outer_classname = "AlsProto";
+option java_multiple_files = true;
+option java_generic_services = true;
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: gRPC Access Log Service (ALS)]
+
+// Service for streaming access logs from Envoy to an access log server.
+service AccessLogService {
+  // Envoy will connect and send StreamAccessLogsMessage messages forever. It does not expect any
+  // response to be sent as nothing would be done in the case of failure. The server should
+  // disconnect if it expects Envoy to reconnect. In the future we may decide to add a different
+  // API for "critical" access logs in which Envoy will buffer access logs for some period of time
+  // until it gets an ACK so it could then retry. This API is designed for high throughput with the
+  // expectation that it might be lossy.
+  rpc StreamAccessLogs(stream StreamAccessLogsMessage) returns (StreamAccessLogsResponse) {
+  }
+}
+
+// Empty response for the StreamAccessLogs API. Will never be sent. See below.
+message StreamAccessLogsResponse {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.service.accesslog.v2.StreamAccessLogsResponse";
+}
+
+// Stream message for the StreamAccessLogs API. Envoy will open a stream to the server and stream
+// access logs without ever expecting a response.
+message StreamAccessLogsMessage {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.service.accesslog.v2.StreamAccessLogsMessage";
+
+  message Identifier {
+    option (udpa.annotations.versioning).previous_message_type =
+        "envoy.service.accesslog.v2.StreamAccessLogsMessage.Identifier";
+
+    // The node sending the access log messages over the stream.
+    config.core.v3.Node node = 1 [(validate.rules).message = {required: true}];
+
+    // The friendly name of the log configured in :ref:`CommonGrpcAccessLogConfig
+    // <envoy_api_msg_extensions.access_loggers.grpc.v3.CommonGrpcAccessLogConfig>`.
+    string log_name = 2 [(validate.rules).string = {min_len: 1}];
+  }
+
+  // Wrapper for batches of HTTP access log entries.
+  message HTTPAccessLogEntries {
+    option (udpa.annotations.versioning).previous_message_type =
+        "envoy.service.accesslog.v2.StreamAccessLogsMessage.HTTPAccessLogEntries";
+
+    repeated data.accesslog.v3.HTTPAccessLogEntry log_entry = 1
+        [(validate.rules).repeated = {min_items: 1}];
+  }
+
+  // Wrapper for batches of TCP access log entries.
+  message TCPAccessLogEntries {
+    option (udpa.annotations.versioning).previous_message_type =
+        "envoy.service.accesslog.v2.StreamAccessLogsMessage.TCPAccessLogEntries";
+
+    repeated data.accesslog.v3.TCPAccessLogEntry log_entry = 1
+        [(validate.rules).repeated = {min_items: 1}];
+  }
+
+  // Identifier data that will only be sent in the first message on the stream. This is effectively
+  // structured metadata and is a performance optimization.
+  Identifier identifier = 1;
+
+  // Batches of log entries of a single type. Generally speaking, a given stream should only
+  // ever include one type of log entry.
+  oneof log_entries {
+    option (validate.required) = true;
+
+    HTTPAccessLogEntries http_logs = 2;
+
+    TCPAccessLogEntries tcp_logs = 3;
+  }
+}

oap-server/server-receiver-plugin/receiver-proto/src/main/proto/envoy/service/metrics/v2/metrics_service.proto

@@ -8,7 +8,7 @@ option java_package = "io.envoyproxy.envoy.service.metrics.v2";
 option go_package = "v2";
 option java_generic_services = true;
 
-import "envoy/api/v2/core/base.proto";
+import "envoy/service/metrics/v3/metrics_service.proto";
 
 // This line is different from the definition in https://github.com/envoyproxy/data-plane-api to let
 // the dependency structure clearer.
@@ -19,25 +19,10 @@ import "validate/validate.proto";
 // Service for streaming metrics to server that consumes the metrics data. It uses Prometheus metric
 // data model as a standard to represent metrics information.
 service MetricsService {
-  // Envoy will connect and send StreamMetricsMessage messages forever. It does not expect any
-  // response to be sent as nothing would be done in the case of failure.
-  rpc StreamMetrics(stream StreamMetricsMessage) returns (StreamMetricsResponse) {
+  // In order to simultaneously support Envoy MetricsService V2 and V3 without duplicating too many codes,
+  // we combine the V2 service definition and V3 message protobuf and delegate the V2 service handler to V3,
+  // this is only feasible when the message protobuf of V3 is compatible with V2 (i.e. backward compatibility).
+  // For more about MetricsService, read envoy/service/metrics/v3/metrics_service.proto
+  rpc StreamMetrics(stream envoy.service.metrics.v3.StreamMetricsMessage) returns (envoy.service.metrics.v3.StreamMetricsResponse) {
   }
 }
-
-message StreamMetricsResponse {
-}
-
-message StreamMetricsMessage {
-  message Identifier {
-    // The node sending metrics over the stream.
-    envoy.api.v2.core.Node node = 1 [(validate.rules).message.required = true];
-  }
-
-  // Identifier data effectively is a structured metadata. As a performance optimization this will
-  // only be sent in the first message on the stream.
-  Identifier identifier = 1;
-
-  // A list of metric entries
-  repeated io.prometheus.client.MetricFamily envoy_metrics = 2;
-}

oap-server/server-receiver-plugin/receiver-proto/src/main/proto/envoy/service/metrics/v3/metrics_service.proto

+syntax = "proto3";
+
+package envoy.service.metrics.v3;
+
+import "envoy/config/core/v3/base.proto";
+
+import "prometheus/client_model/metrics.proto";
+
+import "udpa/annotations/status.proto";
+import "udpa/annotations/versioning.proto";
+import "validate/validate.proto";
+
+option java_package = "io.envoyproxy.envoy.service.metrics.v3";
+option java_outer_classname = "MetricsServiceProto";
+option java_multiple_files = true;
+option java_generic_services = true;
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: Metrics service]
+
+// Service for streaming metrics to server that consumes the metrics data. It uses Prometheus metric
+// data model as a standard to represent metrics information.
+service MetricsService {
+  // Envoy will connect and send StreamMetricsMessage messages forever. It does not expect any
+  // response to be sent as nothing would be done in the case of failure.
+  rpc StreamMetrics(stream StreamMetricsMessage) returns (StreamMetricsResponse) {
+  }
+}
+
+message StreamMetricsResponse {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.service.metrics.v2.StreamMetricsResponse";
+}
+
+message StreamMetricsMessage {
+  option (udpa.annotations.versioning).previous_message_type =
+      "envoy.service.metrics.v2.StreamMetricsMessage";
+
+  message Identifier {
+    option (udpa.annotations.versioning).previous_message_type =
+        "envoy.service.metrics.v2.StreamMetricsMessage.Identifier";
+
+    // The node sending metrics over the stream.
+    config.core.v3.Node node = 1 [(validate.rules).message = {required: true}];
+  }
+
+  // Identifier data effectively is a structured metadata. As a performance optimization this will
+  // only be sent in the first message on the stream.
+  Identifier identifier = 1;
+
+  // A list of metric entries
+  repeated io.prometheus.client.MetricFamily envoy_metrics = 2;
+}

oap-server/server-receiver-plugin/receiver-proto/src/main/proto/envoy/type/percent.proto → oap-server/server-receiver-plugin/receiver-proto/src/main/proto/envoy/type/v3/percent.proto

 syntax = "proto3";
 
-package envoy.type;
-
-option java_outer_classname = "PercentProto";
-option java_multiple_files = true;
-option java_package = "io.envoyproxy.envoy.type";
+package envoy.type.v3;
 
+import "udpa/annotations/status.proto";
+import "udpa/annotations/versioning.proto";
 import "validate/validate.proto";
-import "gogoproto/gogo.proto";
 
-option (gogoproto.equal_all) = true;
+option java_package = "io.envoyproxy.envoy.type.v3";
+option java_outer_classname = "PercentProto";
+option java_multiple_files = true;
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
 
 // [#protodoc-title: Percent]
 
 // Identifies a percentage, in the range [0.0, 100.0].
 message Percent {
-  double value = 1 [(validate.rules).double = {gte: 0, lte: 100}];
+  option (udpa.annotations.versioning).previous_message_type = "envoy.type.Percent";
+
+  double value = 1 [(validate.rules).double = {lte: 100.0 gte: 0.0}];
 }
 
 // A fractional percentage is used in cases in which for performance reasons performing floating
@@ -25,8 +27,7 @@ message Percent {
 // * **Example**: 1/100 = 1%.
 // * **Example**: 3/10000 = 0.03%.
 message FractionalPercent {
-  // Specifies the numerator. Defaults to 0.
-  uint32 numerator = 1;
+  option (udpa.annotations.versioning).previous_message_type = "envoy.type.FractionalPercent";
 
   // Fraction percentages support several fixed denominator values.
   enum DenominatorType {
@@ -46,7 +47,10 @@ message FractionalPercent {
     MILLION = 2;
   }
 
+  // Specifies the numerator. Defaults to 0.
+  uint32 numerator = 1;
+
   // Specifies the denominator. If the denominator specified is less than the numerator, the final
   // fractional percentage is capped at 1 (100%).
-  DenominatorType denominator = 2 [(validate.rules).enum.defined_only = true];
+  DenominatorType denominator = 2 [(validate.rules).enum = {defined_only: true}];
 }

oap-server/server-receiver-plugin/receiver-proto/src/main/proto/envoy/type/v3/semantic_version.proto

+syntax = "proto3";
+
+package envoy.type.v3;
+
+import "udpa/annotations/status.proto";
+import "udpa/annotations/versioning.proto";
+
+option java_package = "io.envoyproxy.envoy.type.v3";
+option java_outer_classname = "SemanticVersionProto";
+option java_multiple_files = true;
+option (udpa.annotations.file_status).package_version_status = ACTIVE;
+
+// [#protodoc-title: Semantic Version]
+
+// Envoy uses SemVer (https://semver.org/). Major/minor versions indicate
+// expected behaviors and APIs, the patch version field is used only
+// for security fixes and can be generally ignored.
+message SemanticVersion {
+  option (udpa.annotations.versioning).previous_message_type = "envoy.type.SemanticVersion";
+
+  uint32 major_number = 1;
+
+  uint32 minor_number = 2;
+
+  uint32 patch = 3;
+}

oap-server/server-receiver-plugin/receiver-proto/src/main/proto/udpa/annotations/migrate.proto

+syntax = "proto3";
+
+package udpa.annotations;
+
+import "google/protobuf/descriptor.proto";
+
+// Magic number in this file derived from top 28bit of SHA256 digest of
+// "udpa.annotation.migrate".
+
+extend google.protobuf.MessageOptions {
+  MigrateAnnotation message_migrate = 171962766;
+}
+
+extend google.protobuf.FieldOptions {
+  FieldMigrateAnnotation field_migrate = 171962766;
+}
+
+extend google.protobuf.EnumOptions {
+  MigrateAnnotation enum_migrate = 171962766;
+}
+
+extend google.protobuf.EnumValueOptions {
+  MigrateAnnotation enum_value_migrate = 171962766;
+}
+
+extend google.protobuf.FileOptions {
+  FileMigrateAnnotation file_migrate = 171962766;
+}
+
+message MigrateAnnotation {
+  // Rename the message/enum/enum value in next version.
+  string rename = 1;
+}
+
+message FieldMigrateAnnotation {
+  // Rename the field in next version.
+  string rename = 1;
+
+  // Add the field to a named oneof in next version. If this already exists, the
+  // field will join its siblings under the oneof, otherwise a new oneof will be
+  // created with the given name.
+  string oneof_promotion = 2;
+}
+
+message FileMigrateAnnotation {
+  // Move all types in the file to another package, this implies changing proto
+  // file path.
+  string move_to_package = 2;
+}

oap-server/server-receiver-plugin/receiver-proto/src/main/proto/udpa/annotations/status.proto

+syntax = "proto3";
+
+package udpa.annotations;
+
+import "google/protobuf/descriptor.proto";
+
+// Magic number in this file derived from top 28bit of SHA256 digest of
+// "udpa.annotation.status".
+extend google.protobuf.FileOptions {
+  StatusAnnotation file_status = 222707719;
+}
+
+enum PackageVersionStatus {
+  // Unknown package version status.
+  UNKNOWN = 0;
+
+  // This version of the package is frozen.
+  FROZEN = 1;
+
+  // This version of the package is the active development version.
+  ACTIVE = 2;
+
+  // This version of the package is the candidate for the next major version. It
+  // is typically machine generated from the active development version.
+  NEXT_MAJOR_VERSION_CANDIDATE = 3;
+}
+
+message StatusAnnotation {
+  // The entity is work-in-progress and subject to breaking changes.
+  bool work_in_progress = 1;
+
+  // The entity belongs to a package with the given version status.
+  PackageVersionStatus package_version_status = 2;
+}

oap-server/server-receiver-plugin/receiver-proto/src/main/proto/udpa/annotations/versioning.proto

+syntax = "proto3";
+
+package udpa.annotations;
+
+import "google/protobuf/descriptor.proto";
+
+extend google.protobuf.MessageOptions {
+  // Magic number derived from 0x78 ('x') 0x44 ('D') 0x53 ('S')
+  VersioningAnnotation versioning = 7881811;
+}
+
+message VersioningAnnotation {
+  // Track the previous message type. E.g. this message might be
+  // udpa.foo.v3alpha.Foo and it was previously udpa.bar.v2.Bar. This
+  // information is consumed by UDPA via proto descriptors.
+  string previous_message_type = 1;
+}

oap-server/server-receiver-plugin/receiver-proto/src/main/proto/validate/validate.proto

 syntax = "proto2";
 package validate;
 
-option go_package = "github.com/lyft/protoc-gen-validate/validate";
-option java_package = "com.lyft.pgv.validate";
+option go_package = "github.com/envoyproxy/protoc-gen-validate/validate";
+option java_package = "io.envoyproxy.pgv.validate";
 
 import "google/protobuf/descriptor.proto";
 import "google/protobuf/duration.proto";
@@ -12,26 +12,29 @@ import "google/protobuf/timestamp.proto";
 extend google.protobuf.MessageOptions {
     // Disabled nullifies any validation rules for this message, including any
     // message fields associated with it that do support validation.
-    optional bool disabled = 919191;
+    optional bool disabled = 1071;
+    // Ignore skips generation of validation methods for this message.
+    optional bool ignored = 1072;
 }
 
 // Validation rules applied at the oneof level
 extend google.protobuf.OneofOptions {
     // Required ensures that exactly one the field options in a oneof is set;
     // validation fails if no fields in the oneof are set.
-    optional bool required = 919191;
+    optional bool required = 1071;
 }
 
 // Validation rules applied at the field level
 extend google.protobuf.FieldOptions {
     // Rules specify the validations to be performed on this field. By default,
     // no validation is performed against a field.
-    optional FieldRules rules = 919191;
+    optional FieldRules rules = 1071;
 }
 
 // FieldRules encapsulates the rules for each type of field. Depending on the
 // field, the correct set should be used to ensure proper validations.
 message FieldRules {
+    optional MessageRules message = 17;
     oneof type {
         // Scalar Field Types
         FloatRules    float    = 1;
@@ -52,7 +55,6 @@ message FieldRules {
 
         // Complex Field Types
         EnumRules     enum     = 16;
-        MessageRules  message  = 17;
         RepeatedRules repeated = 18;
         MapRules      map      = 19;
 
@@ -502,6 +504,10 @@ message StringRules {
     // anywhere in the string.
     optional string contains = 9;
 
+    // NotContains specifies that this field cannot have the specified substring
+    // anywhere in the string.
+    optional string not_contains = 23;
+
     // In specifies that this field must be equal to one of the specified
     // values
     repeated string in     = 10;
@@ -540,7 +546,37 @@ message StringRules {
         // UriRef specifies that the field must be a valid URI as defined by RFC
         // 3986 and may be relative or absolute.
         bool uri_ref  = 18;
+
+        // Address specifies that the field must be either a valid hostname as
+        // defined by RFC 1034 (which does not support internationalized domain
+        // names or IDNs), or it can be a valid IP (v4 or v6).
+        bool address  = 21;
+
+        // Uuid specifies that the field must be a valid UUID as defined by
+        // RFC 4122
+        bool uuid     = 22;
+
+        // WellKnownRegex specifies a common well known pattern defined as a regex.
+        KnownRegex well_known_regex = 24;
     }
+
+  // This applies to regexes HTTP_HEADER_NAME and HTTP_HEADER_VALUE to enable
+  // strict header validation.
+  // By default, this is true, and HTTP header validations are RFC-compliant.
+  // Setting to false will enable a looser validations that only disallows
+  // \r\n\0 characters, which can be used to bypass header matching rules.
+  optional bool strict = 25 [default = true];
+}
+
+// WellKnownRegex contain some well-known patterns.
+enum KnownRegex {
+  UNKNOWN = 0;
+
+  // HTTP header name as defined by RFC 7230.
+  HTTP_HEADER_NAME = 1;
+
+  // HTTP header value as defined by RFC 7230.
+  HTTP_HEADER_VALUE = 2;
 }
 
 // BytesRules describe the constraints applied to `bytes` values

pom.xml

@@ -503,6 +503,7 @@
                         <!-- Proto files of Istio, envoy, prometheus and gogoproto projects -->
                         <exclude>**/src/main/fbs/istio/**</exclude>
                         <exclude>**/src/main/proto/envoy/**</exclude>
+                        <exclude>**/src/main/proto/udpa/**</exclude>
                         <exclude>**/src/main/proto/gogoproto/gogo.proto</exclude>
                         <exclude>**/src/main/proto/google/**</exclude>
                         <exclude>**/src/main/proto/istio/**</exclude>