xds: update to envoy commit id b16ce6d5ea0d2da73e764d145623e7367dc59e…

…d3 (#6871)

build.gradle

@@ -149,6 +149,7 @@ subprojects {
             opencensus_contrib_grpc_metrics: "io.opencensus:opencensus-contrib-grpc-metrics:${opencensusVersion}",
             opencensus_impl: "io.opencensus:opencensus-impl:${opencensusVersion}",
             opencensus_impl_lite: "io.opencensus:opencensus-impl-lite:${opencensusVersion}",
+            opencensus_proto: "io.opencensus:opencensus-proto:0.2.0",
             instrumentation_api: 'com.google.instrumentation:instrumentation-api:0.4.3',
             perfmark: 'io.perfmark:perfmark-api:0.19.0',
             protobuf: "com.google.protobuf:protobuf-java:${protobufVersion}",

xds/build.gradle

@@ -23,7 +23,8 @@ dependencies {
             project(':grpc-stub'),
             project(':grpc-core'),
             project(':grpc-services'),
-            project(path: ':grpc-alts', configuration: 'shadow')
+            project(path: ':grpc-alts', configuration: 'shadow'),
+            libraries.opencensus_proto
     def nettyDependency = compile project(':grpc-netty')
 
     compile (libraries.protobuf_util) {

xds/src/test/java/io/grpc/xds/XdsClientTestHelper.java

@@ -149,6 +149,7 @@ static Cluster buildSecureCluster(String clusterName, @Nullable String edsServic
     return clusterBuilder.build();
   }
 
+  @SuppressWarnings("deprecation")
   static ClusterLoadAssignment buildClusterLoadAssignment(String clusterName,
       List<io.envoyproxy.envoy.api.v2.endpoint.LocalityLbEndpoints> localityLbEndpoints,
       List<Policy.DropOverload> dropOverloads) {

xds/third_party/envoy/import.sh

@@ -18,7 +18,7 @@
 set -e
 BRANCH=master
 # import VERSION from one of the google internal CLs
-VERSION=c0ab3a4374144728c1e193fc2d43951ed36ccdb7
+VERSION=b16ce6d5ea0d2da73e764d145623e7367dc59ed3
 GIT_REPO="https://github.com/envoyproxy/envoy.git"
 GIT_BASE_DIR=envoy
 SOURCE_PROTO_BASE_DIR=envoy/api
@@ -33,12 +33,14 @@ envoy/api/v2/cluster/circuit_breaker.proto
 envoy/api/v2/cluster/filter.proto
 envoy/api/v2/cluster/outlier_detection.proto
 envoy/api/v2/core/address.proto
+envoy/api/v2/core/backoff.proto
 envoy/api/v2/core/base.proto
 envoy/api/v2/core/config_source.proto
 envoy/api/v2/core/grpc_service.proto
 envoy/api/v2/core/health_check.proto
 envoy/api/v2/core/http_uri.proto
 envoy/api/v2/core/protocol.proto
+envoy/api/v2/core/socket_option.proto
 envoy/api/v2/discovery.proto
 envoy/api/v2/eds.proto
 envoy/api/v2/endpoint.proto
@@ -59,6 +61,7 @@ envoy/api/v2/srds.proto
 envoy/config/filter/accesslog/v2/accesslog.proto
 envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto
 envoy/config/listener/v2/api_listener.proto
+envoy/config/trace/v2/trace.proto
 envoy/service/discovery/v2/ads.proto
 envoy/service/discovery/v2/sds.proto
 envoy/service/load_stats/v2/lrs.proto

xds/third_party/envoy/src/main/proto/envoy/api/v2/auth/cert.proto

@@ -296,8 +296,8 @@ message CertificateValidationContext {
   //
   // .. code-block:: yaml
   //
-  // match_subject_alt_names:
-  //   exact: "api.example.com"
+  //  match_subject_alt_names:
+  //    exact: "api.example.com"
   //
   // .. attention::
   //

xds/third_party/envoy/src/main/proto/envoy/api/v2/cluster.proto

@@ -643,9 +643,6 @@ message Cluster {
   // other than :ref:`STRICT_DNS<envoy_api_enum_value_Cluster.DiscoveryType.STRICT_DNS>` and
   // :ref:`LOGICAL_DNS<envoy_api_enum_value_Cluster.DiscoveryType.LOGICAL_DNS>` this setting is
   // ignored.
-  //
-  // Note: Currently, DNS failures and empty DNS responses are not treated differently and this
-  // configuration is applied in both situations.
   RefreshRate dns_failure_refresh_rate = 44;
 
   // Optional configuration for setting cluster's DNS refresh rate. If the value is set to true,
@@ -734,7 +731,7 @@ message Cluster {
   // cluster. It can be used for stats, logging, and varying filter behavior.
   // Fields should use reverse DNS notation to denote which entity within Envoy
   // will need the information. For instance, if the metadata is intended for
-  // the Router filter, the filter name should be specified as *envoy.router*.
+  // the Router filter, the filter name should be specified as *envoy.filters.http.router*.
   core.Metadata metadata = 25;
 
   // Determines how Envoy selects the protocol used to speak to upstream hosts.

xds/third_party/envoy/src/main/proto/envoy/api/v2/core/address.proto

@@ -2,7 +2,7 @@ syntax = "proto3";
 
 package envoy.api.v2.core;
 
-import "envoy/api/v2/core/base.proto";
+import "envoy/api/v2/core/socket_option.proto";
 
 import "google/protobuf/wrappers.proto";
 
@@ -82,7 +82,7 @@ message TcpKeepalive {
 
   // The number of seconds a connection needs to be idle before keep-alive probes
   // start being sent. Default is to use the OS level configuration (unless
-  // overridden, Linux defaults to 7200s (ie 2 hours.)
+  // overridden, Linux defaults to 7200s (i.e., 2 hours.)
   google.protobuf.UInt32Value keepalive_time = 2;
 
   // The number of seconds between keep-alive probes. Default is to use the OS

xds/third_party/envoy/src/main/proto/envoy/api/v2/core/backoff.proto

@@ -0,0 +1,33 @@
+syntax = "proto3";
+
+package envoy.api.v2.core;
+
+import "google/protobuf/duration.proto";
+
+import "udpa/annotations/migrate.proto";
+import "validate/validate.proto";
+
+option java_package = "io.envoyproxy.envoy.api.v2.core";
+option java_outer_classname = "BackoffProto";
+option java_multiple_files = true;
+option (udpa.annotations.file_migrate).move_to_package = "envoy.config.core.v3";
+
+// [#protodoc-title: Backoff Strategy]
+
+// Configuration defining a jittered exponential back off strategy.
+message BackoffStrategy {
+  // The base interval to be used for the next back off computation. It should
+  // be greater than zero and less than or equal to :ref:`max_interval
+  // <envoy_api_field_core.BackoffStrategy.max_interval>`.
+  google.protobuf.Duration base_interval = 1 [(validate.rules).duration = {
+    required: true
+    gte {nanos: 1000000}
+  }];
+
+  // Specifies the maximum interval between retries. This parameter is optional,
+  // but must be greater than or equal to the :ref:`base_interval
+  // <envoy_api_field_core.BackoffStrategy.base_interval>` if set. The default
+  // is 10 times the :ref:`base_interval
+  // <envoy_api_field_core.BackoffStrategy.base_interval>`.
+  google.protobuf.Duration max_interval = 2 [(validate.rules).duration = {gt {}}];
+}

xds/third_party/envoy/src/main/proto/envoy/api/v2/core/base.proto

@@ -2,17 +2,22 @@ syntax = "proto3";
 
 package envoy.api.v2.core;
 
+import "envoy/api/v2/core/address.proto";
+import "envoy/api/v2/core/backoff.proto";
 import "envoy/api/v2/core/http_uri.proto";
 import "envoy/type/percent.proto";
 import "envoy/type/semantic_version.proto";
 
 import "google/protobuf/any.proto";
+import "google/protobuf/duration.proto";
 import "google/protobuf/struct.proto";
 import "google/protobuf/wrappers.proto";
 
 import "udpa/annotations/migrate.proto";
 import "validate/validate.proto";
 
+import public "envoy/api/v2/core/socket_option.proto";
+
 option java_package = "io.envoyproxy.envoy.api.v2.core";
 option java_outer_classname = "BaseProto";
 option java_multiple_files = true;
@@ -94,7 +99,7 @@ message BuildVersion {
 // [#next-free-field: 6]
 message Extension {
   // This is the name of the Envoy filter as specified in the Envoy
-  // configuration, e.g. envoy.router, com.acme.widget.
+  // configuration, e.g. envoy.filters.http.router, com.acme.widget.
   string name = 1;
 
   // Category of the extension.
@@ -121,7 +126,7 @@ message Extension {
 // Identifies a specific Envoy instance. The node identifier is presented to the
 // management server, which may use this identifier to distinguish per Envoy
 // configuration for serving.
-// [#next-free-field: 11]
+// [#next-free-field: 12]
 message Node {
   // An opaque node identifier for the Envoy node. This also provides the local
   // service node name. It should be set if any of the following features are
@@ -180,6 +185,12 @@ message Node {
   // See :ref:`the list of features <client_features>` that xDS client may
   // support.
   repeated string client_features = 10;
+
+  // Known listening ports on the node as a generic hint to the management server
+  // for filtering :ref:`listeners <config_listeners>` to be returned. For example,
+  // if there is a listener bound to port 80, the list can optionally contain the
+  // SocketAddress `(0.0.0.0,80)`. The field is optional and just a hint.
+  repeated Address listening_addresses = 11;
 }
 
 // Metadata provides additional inputs to filters based on matched listeners,
@@ -233,14 +244,18 @@ message RuntimeFeatureFlag {
 // Header name/value pair.
 message HeaderValue {
   // Header name.
-  string key = 1 [(validate.rules).string = {min_bytes: 1 max_bytes: 16384}];
+  string key = 1
+      [(validate.rules).string =
+           {min_bytes: 1 max_bytes: 16384 well_known_regex: HTTP_HEADER_NAME strict: false}];
 
   // Header value.
   //
   // The same :ref:`format specifier <config_access_log_format>` as used for
   // :ref:`HTTP access logging <config_access_log>` applies here, however
   // unknown header values are replaced with the empty string instead of `-`.
-  string value = 2 [(validate.rules).string = {max_bytes: 16384}];
+  string value = 2 [
+    (validate.rules).string = {max_bytes: 16384 well_known_regex: HTTP_HEADER_VALUE strict: false}
+  ];
 }
 
 // Header name/value pair plus option to control append behavior.
@@ -274,13 +289,28 @@ message DataSource {
   }
 }
 
+// The message specifies the retry policy of remote data source when fetching fails.
+message RetryPolicy {
+  // Specifies parameters that control :ref:`retry backoff strategy <envoy_api_msg_core.BackoffStrategy>`.
+  // This parameter is optional, in which case the default base interval is 1000 milliseconds. The
+  // default maximum interval is 10 times the base interval.
+  BackoffStrategy retry_back_off = 1;
+
+  // Specifies the allowed number of retries. This parameter is optional and
+  // defaults to 1.
+  google.protobuf.UInt32Value num_retries = 2;
+}
+
 // The message specifies how to fetch data from remote and how to verify it.
 message RemoteDataSource {
   // The HTTP URI to fetch the remote data.
   HttpUri http_uri = 1 [(validate.rules).message = {required: true}];
 
   // SHA256 string for verifying data.
   string sha256 = 2 [(validate.rules).string = {min_bytes: 1}];
+
+  // Retry policy for fetching remote data.
+  RetryPolicy retry_policy = 3;
 }
 
 // Async data source which support async data fetch.
@@ -314,46 +344,6 @@ message TransportSocket {
   }
 }
 
-// Generic socket option message. This would be used to set socket options that
-// might not exist in upstream kernels or precompiled Envoy binaries.
-// [#next-free-field: 7]
-message SocketOption {
-  enum SocketState {
-    // Socket options are applied after socket creation but before binding the socket to a port
-    STATE_PREBIND = 0;
-
-    // Socket options are applied after binding the socket to a port but before calling listen()
-    STATE_BOUND = 1;
-
-    // Socket options are applied after calling listen()
-    STATE_LISTENING = 2;
-  }
-
-  // An optional name to give this socket option for debugging, etc.
-  // Uniqueness is not required and no special meaning is assumed.
-  string description = 1;
-
-  // Corresponding to the level value passed to setsockopt, such as IPPROTO_TCP
-  int64 level = 2;
-
-  // The numeric name as passed to setsockopt
-  int64 name = 3;
-
-  oneof value {
-    option (validate.required) = true;
-
-    // Because many sockopts take an int value.
-    int64 int_value = 4;
-
-    // Otherwise it's a byte buffer.
-    bytes buf_value = 5;
-  }
-
-  // The state in which the option will be applied. When used in BindConfig
-  // STATE_PREBIND is currently the only valid value.
-  SocketState state = 6 [(validate.rules).enum = {defined_only: true}];
-}
-
 // Runtime derived FractionalPercent with defaults for when the numerator or denominator is not
 // specified via a runtime key.
 //

xds/third_party/envoy/src/main/proto/envoy/api/v2/core/grpc_service.proto

@@ -221,6 +221,6 @@ message GrpcService {
 
   // Additional metadata to include in streams initiated to the GrpcService.
   // This can be used for scenarios in which additional ad hoc authorization
-  // headers (e.g. `x-foo-bar: baz-key`) are to be injected.
+  // headers (e.g. ``x-foo-bar: baz-key``) are to be injected.
   repeated HeaderValue initial_metadata = 5;
 }

xds/third_party/envoy/src/main/proto/envoy/api/v2/core/protocol.proto

@@ -59,6 +59,12 @@ message HttpProtocolOptions {
   // maximum number of request headers allowed is 100. Requests that exceed this limit will receive
   // a 431 response for HTTP/1.x and cause a stream reset for HTTP/2.
   google.protobuf.UInt32Value max_headers_count = 2 [(validate.rules).uint32 = {gte: 1}];
+
+  // Total duration to keep alive an HTTP request/response stream. If the time limit is reached the stream will be
+  // reset independent of any other timeouts. If not specified, this value is not set.
+  // The current implementation implements this timeout on downstream connections only.
+  // [#comment:TODO(shikugawa): add this functionality to upstream.]
+  google.protobuf.Duration max_stream_duration = 4;
 }
 
 // [#next-free-field: 6]
@@ -112,8 +118,21 @@ message Http1ProtocolOptions {
   bool enable_trailers = 5;
 }
 
-// [#next-free-field: 13]
+// [#next-free-field: 14]
 message Http2ProtocolOptions {
+  // Defines a parameter to be sent in the SETTINGS frame.
+  // See `RFC7540, sec. 6.5.1 <https://tools.ietf.org/html/rfc7540#section-6.5.1>`_ for details.
+  message SettingsParameter {
+    // The 16 bit parameter identifier.
+    google.protobuf.UInt32Value identifier = 1 [
+      (validate.rules).uint32 = {lte: 65536 gte: 1},
+      (validate.rules).message = {required: true}
+    ];
+
+    // The 32 bit parameter value.
+    google.protobuf.UInt32Value value = 2 [(validate.rules).message = {required: true}];
+  }
+
   // `Maximum table size <https://httpwg.org/specs/rfc7541.html#rfc.section.4.2>`_
   // (in octets) that the encoder is permitted to use for the dynamic HPACK table. Valid values
   // range from 0 to 4294967295 (2^32 - 1) and defaults to 4096. 0 effectively disables header
@@ -216,6 +235,34 @@ message Http2ProtocolOptions {
   //
   // See `RFC7540, sec. 8.1 <https://tools.ietf.org/html/rfc7540#section-8.1>`_ for details.
   bool stream_error_on_invalid_http_messaging = 12;
+
+  // [#not-implemented-hide:]
+  // Specifies SETTINGS frame parameters to be sent to the peer, with two exceptions:
+  //
+  // 1. SETTINGS_ENABLE_PUSH (0x2) is not configurable as HTTP/2 server push is not supported by
+  // Envoy.
+  //
+  // 2. SETTINGS_ENABLE_CONNECT_PROTOCOL (0x8) is only configurable through the named field
+  // 'allow_connect'.
+  //
+  // Note that custom parameters specified through this field can not also be set in the
+  // corresponding named parameters:
+  //
+  // .. code-block:: text
+  //
+  //   ID    Field Name
+  //   ----------------
+  //   0x1   hpack_table_size
+  //   0x3   max_concurrent_streams
+  //   0x4   initial_stream_window_size
+  //
+  // Collisions will trigger config validation failure on load/update. Likewise, inconsistencies
+  // between custom parameters with the same identifier will trigger a failure.
+  //
+  // See `IANA HTTP/2 Settings
+  // <https://www.iana.org/assignments/http2-parameters/http2-parameters.xhtml#settings>`_ for
+  // standardized identifiers.
+  repeated SettingsParameter custom_settings_parameters = 13;
 }
 
 // [#not-implemented-hide:]