tooling: restoring runtime fatal-by-defaults and changing to fully qu…

…alified (#9591) Changing from relative name to absolute name, and fixing the fatal-by-defaults that were broken by the v3 switch. The old way to allow fatal-by-defaults was envoy.deprecated_features:proto_file.proto:field_name the new way is envoy.deprecated_features:full.namespace.field_name When we switched to v3, all the hard-coded v2 names stopped working. This reinstates them via hopefully more permanent proto annotation. The only remaining ugly bit is that unfortunately the full namespace and field name are the v3 versions even if the original config was v2. Between @htuch and I we should fix that before merging. Risk Level: Medium Testing: added new unit tests Docs Changes: updated Release Notes: n/a Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
envoyproxy · Jan 15, 2020 · 156d7c9 · 156d7c9
1 parent 9e83625
commit 156d7c9
Show file tree

Hide file tree

Showing 81 changed files with 258 additions and 140 deletions.
diff --git a/api/envoy/admin/v2alpha/BUILD b/api/envoy/admin/v2alpha/BUILD
@@ -6,6 +6,7 @@ licenses(["notice"])  # Apache 2
 
 api_proto_package(
     deps = [
+        "//envoy/annotations:pkg",
         "//envoy/api/v2/core:pkg",
         "//envoy/config/bootstrap/v2:pkg",
         "//envoy/service/tap/v2alpha:pkg",

diff --git a/api/envoy/admin/v2alpha/server_info.proto b/api/envoy/admin/v2alpha/server_info.proto
@@ -4,6 +4,8 @@ package envoy.admin.v2alpha;
 
 import "google/protobuf/duration.proto";
 
+import "envoy/annotations/deprecation.proto";
+
 option java_package = "io.envoyproxy.envoy.admin.v2alpha";
 option java_outer_classname = "ServerInfoProto";
 option java_multiple_files = true;
@@ -128,9 +130,10 @@ message CommandLineOptions {
   Mode mode = 19;
 
   // max_stats and max_obj_name_len are now unused and have no effect.
-  uint64 max_stats = 20 [deprecated = true];
+  uint64 max_stats = 20 [deprecated = true, (envoy.annotations.disallowed_by_default) = true];
 
-  uint64 max_obj_name_len = 21 [deprecated = true];
+  uint64 max_obj_name_len = 21
+      [deprecated = true, (envoy.annotations.disallowed_by_default) = true];
 
   // See :option:`--disable-hot-restart` for details.
   bool disable_hot_restart = 22;

diff --git a/api/envoy/admin/v3alpha/BUILD b/api/envoy/admin/v3alpha/BUILD
@@ -7,6 +7,7 @@ licenses(["notice"])  # Apache 2
 api_proto_package(
     deps = [
         "//envoy/admin/v2alpha:pkg",
+        "//envoy/annotations:pkg",
         "//envoy/config/bootstrap/v3alpha:pkg",
         "//envoy/config/core/v3alpha:pkg",
         "//envoy/config/tap/v3alpha:pkg",

diff --git a/api/envoy/admin/v3alpha/server_info.proto b/api/envoy/admin/v3alpha/server_info.proto
@@ -6,6 +6,8 @@ import "google/protobuf/duration.proto";
 
 import "udpa/annotations/versioning.proto";
 
+import "envoy/annotations/deprecation.proto";
+
 option java_package = "io.envoyproxy.envoy.admin.v3alpha";
 option java_outer_classname = "ServerInfoProto";
 option java_multiple_files = true;

diff --git a/api/envoy/annotations/deprecation.proto b/api/envoy/annotations/deprecation.proto
@@ -0,0 +1,21 @@
+syntax = "proto3";
+
+package envoy.annotations;
+
+import "google/protobuf/descriptor.proto";
+
+// Allows tagging proto fields as fatal by default. One Envoy release after
+// deprecation, deprecated fields will be disallowed by default, a state which
+// is reversible with :ref:`runtime overrides <config_runtime_deprecation>`.
+
+// Magic number in this file derived from top 28bit of SHA256 digest of
+// "envoy.annotation.disallowed_by_default"
+extend google.protobuf.FieldOptions {
+  bool disallowed_by_default = 189503207;
+}
+
+// Magic number in this file derived from top 28bit of SHA256 digest of
+// "envoy.annotation.disallowed_by_default_enum"
+extend google.protobuf.EnumValueOptions {
+  bool disallowed_by_default_enum = 70100853;
+}
diff --git a/api/envoy/api/v2/core/BUILD b/api/envoy/api/v2/core/BUILD
@@ -6,6 +6,7 @@ licenses(["notice"])  # Apache 2
 
 api_proto_package(
     deps = [
+        "//envoy/annotations:pkg",
         "//envoy/type:pkg",
         "//envoy/type/matcher:pkg",
         "@com_github_cncf_udpa//udpa/annotations:pkg",

diff --git a/api/envoy/api/v2/core/config_source.proto b/api/envoy/api/v2/core/config_source.proto
@@ -7,6 +7,7 @@ import "envoy/api/v2/core/grpc_service.proto";
 import "google/protobuf/duration.proto";
 import "google/protobuf/wrappers.proto";
 
+import "envoy/annotations/deprecation.proto";
 import "udpa/annotations/migrate.proto";
 import "validate/validate.proto";
 
@@ -40,7 +41,8 @@ message ApiConfigSource {
   enum ApiType {
     // Ideally this would be 'reserved 0' but one can't reserve the default
     // value. Instead we throw an exception if this is ever used.
-    UNSUPPORTED_REST_LEGACY = 0 [deprecated = true];
+    UNSUPPORTED_REST_LEGACY = 0
+        [deprecated = true, (envoy.annotations.disallowed_by_default_enum) = true];
 
     // REST-JSON v2 API. The `canonical JSON encoding
     // <https://developers.google.com/protocol-buffers/docs/proto3#json>`_ for

diff --git a/api/envoy/api/v2/route/BUILD b/api/envoy/api/v2/route/BUILD
@@ -6,6 +6,7 @@ licenses(["notice"])  # Apache 2
 
 api_proto_package(
     deps = [
+        "//envoy/annotations:pkg",
         "//envoy/api/v2/core:pkg",
         "//envoy/type:pkg",
         "//envoy/type/matcher:pkg",

diff --git a/api/envoy/api/v2/route/route_components.proto b/api/envoy/api/v2/route/route_components.proto
@@ -14,6 +14,7 @@ import "google/protobuf/duration.proto";
 import "google/protobuf/struct.proto";
 import "google/protobuf/wrappers.proto";
 
+import "envoy/annotations/deprecation.proto";
 import "udpa/annotations/migrate.proto";
 import "validate/validate.proto";
 
@@ -494,7 +495,8 @@ message CorsPolicy {
     //
     //   **This field is deprecated**. Set the
     //   :ref:`filter_enabled<envoy_api_field_route.CorsPolicy.filter_enabled>` field instead.
-    google.protobuf.BoolValue enabled = 7 [deprecated = true];
+    google.protobuf.BoolValue enabled = 7
+        [deprecated = true, (envoy.annotations.disallowed_by_default) = true];
 
     // Specifies the % of requests for which the CORS filter is enabled.
     //
@@ -558,7 +560,7 @@ message RouteAction {
     //   **This field is deprecated**. Set the
     //   :ref:`runtime_fraction
     //   <envoy_api_field_route.RouteAction.RequestMirrorPolicy.runtime_fraction>` field instead.
-    string runtime_key = 2 [deprecated = true];
+    string runtime_key = 2 [deprecated = true, (envoy.annotations.disallowed_by_default) = true];
 
     // If both :ref:`runtime_key
     // <envoy_api_field_route.RouteAction.RequestMirrorPolicy.runtime_key>` and this field are not

diff --git a/api/envoy/config/bootstrap/v2/BUILD b/api/envoy/config/bootstrap/v2/BUILD
@@ -6,6 +6,7 @@ licenses(["notice"])  # Apache 2
 
 api_proto_package(
     deps = [
+        "//envoy/annotations:pkg",
         "//envoy/api/v2:pkg",
         "//envoy/api/v2/auth:pkg",
         "//envoy/api/v2/core:pkg",

diff --git a/api/envoy/config/bootstrap/v2/bootstrap.proto b/api/envoy/config/bootstrap/v2/bootstrap.proto
@@ -16,6 +16,7 @@ import "google/protobuf/duration.proto";
 import "google/protobuf/struct.proto";
 import "google/protobuf/wrappers.proto";
 
+import "envoy/annotations/deprecation.proto";
 import "validate/validate.proto";
 
 option java_package = "io.envoyproxy.envoy.config.bootstrap.v2";
@@ -119,7 +120,7 @@ message Bootstrap {
   // Configuration for the runtime configuration provider (deprecated). If not
   // specified, a “null” provider will be used which will result in all defaults
   // being used.
-  Runtime runtime = 11 [deprecated = true];
+  Runtime runtime = 11 [deprecated = true, (envoy.annotations.disallowed_by_default) = true];
 
   // Configuration for the runtime configuration provider. If not
   // specified, a “null” provider will be used which will result in all defaults

diff --git a/api/envoy/config/bootstrap/v3alpha/BUILD b/api/envoy/config/bootstrap/v3alpha/BUILD
@@ -6,6 +6,7 @@ licenses(["notice"])  # Apache 2
 
 api_proto_package(
     deps = [
+        "//envoy/annotations:pkg",
         "//envoy/config/bootstrap/v2:pkg",
         "//envoy/config/cluster/v3alpha:pkg",
         "//envoy/config/core/v3alpha:pkg",

diff --git a/api/envoy/config/bootstrap/v3alpha/bootstrap.proto b/api/envoy/config/bootstrap/v3alpha/bootstrap.proto
@@ -18,6 +18,7 @@ import "google/protobuf/wrappers.proto";
 
 import "udpa/annotations/versioning.proto";
 
+import "envoy/annotations/deprecation.proto";
 import "validate/validate.proto";
 
 option java_package = "io.envoyproxy.envoy.config.bootstrap.v3alpha";

diff --git a/api/envoy/config/core/v3alpha/BUILD b/api/envoy/config/core/v3alpha/BUILD
@@ -6,6 +6,7 @@ licenses(["notice"])  # Apache 2
 
 api_proto_package(
     deps = [
+        "//envoy/annotations:pkg",
         "//envoy/api/v2/core:pkg",
         "//envoy/type/matcher/v3alpha:pkg",
         "//envoy/type/v3alpha:pkg",

diff --git a/api/envoy/config/core/v3alpha/config_source.proto b/api/envoy/config/core/v3alpha/config_source.proto
@@ -9,6 +9,7 @@ import "google/protobuf/wrappers.proto";
 
 import "udpa/annotations/versioning.proto";
 
+import "envoy/annotations/deprecation.proto";
 import "validate/validate.proto";
 
 option java_package = "io.envoyproxy.envoy.config.core.v3alpha";
@@ -42,7 +43,8 @@ message ApiConfigSource {
   enum ApiType {
     // Ideally this would be 'reserved 0' but one can't reserve the default
     // value. Instead we throw an exception if this is ever used.
-    DEPRECATED_AND_UNAVAILABLE_DO_NOT_USE = 0 [deprecated = true];
+    DEPRECATED_AND_UNAVAILABLE_DO_NOT_USE = 0
+        [deprecated = true, (envoy.annotations.disallowed_by_default_enum) = true];
 
     // REST-JSON v2 API. The `canonical JSON encoding
     // <https://developers.google.com/protocol-buffers/docs/proto3#json>`_ for

diff --git a/api/envoy/config/filter/fault/v2/BUILD b/api/envoy/config/filter/fault/v2/BUILD
@@ -6,6 +6,7 @@ licenses(["notice"])  # Apache 2
 
 api_proto_package(
     deps = [
+        "//envoy/annotations:pkg",
         "//envoy/type:pkg",
         "@com_github_cncf_udpa//udpa/annotations:pkg",
     ],

diff --git a/api/envoy/config/filter/fault/v2/fault.proto b/api/envoy/config/filter/fault/v2/fault.proto
@@ -6,6 +6,7 @@ import "envoy/type/percent.proto";
 
 import "google/protobuf/duration.proto";
 
+import "envoy/annotations/deprecation.proto";
 import "udpa/annotations/migrate.proto";
 import "validate/validate.proto";
 
@@ -35,7 +36,7 @@ message FaultDelay {
   reserved 2;
 
   // Unused and deprecated. Will be removed in the next release.
-  FaultDelayType type = 1 [deprecated = true];
+  FaultDelayType type = 1 [deprecated = true, (envoy.annotations.disallowed_by_default) = true];
 
   oneof fault_delay_secifier {
     option (validate.required) = true;

diff --git a/api/envoy/config/filter/http/ext_authz/v2/BUILD b/api/envoy/config/filter/http/ext_authz/v2/BUILD
@@ -6,6 +6,7 @@ licenses(["notice"])  # Apache 2
 
 api_proto_package(
     deps = [
+        "//envoy/annotations:pkg",
         "//envoy/api/v2/core:pkg",
         "//envoy/type:pkg",
         "//envoy/type/matcher:pkg",

diff --git a/api/envoy/config/filter/http/ext_authz/v2/ext_authz.proto b/api/envoy/config/filter/http/ext_authz/v2/ext_authz.proto
@@ -8,6 +8,7 @@ import "envoy/api/v2/core/http_uri.proto";
 import "envoy/type/http_status.proto";
 import "envoy/type/matcher/string.proto";
 
+import "envoy/annotations/deprecation.proto";
 import "udpa/annotations/migrate.proto";
 import "validate/validate.proto";
 
@@ -50,7 +51,7 @@ message ExtAuthz {
   // useful when transitioning from alpha to release versions assuming that both definitions are
   // semantically compatible. Deprecation note: This field is deprecated and should only be used for
   // version upgrade. See release notes for more details.
-  bool use_alpha = 4 [deprecated = true];
+  bool use_alpha = 4 [deprecated = true, (envoy.annotations.disallowed_by_default) = true];
 
   // Enables filter to buffer the client request body and send it within the authorization request.
   // A ``x-envoy-auth-partial-body: false|true`` metadata header will be added to the authorization

diff --git a/api/envoy/config/filter/network/redis_proxy/v2/BUILD b/api/envoy/config/filter/network/redis_proxy/v2/BUILD
@@ -6,6 +6,7 @@ licenses(["notice"])  # Apache 2
 
 api_proto_package(
     deps = [
+        "//envoy/annotations:pkg",
         "//envoy/api/v2/core:pkg",
         "@com_github_cncf_udpa//udpa/annotations:pkg",
     ],

diff --git a/api/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto b/api/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto
@@ -7,6 +7,7 @@ import "envoy/api/v2/core/base.proto";
 import "google/protobuf/duration.proto";
 import "google/protobuf/wrappers.proto";
 
+import "envoy/annotations/deprecation.proto";
 import "udpa/annotations/migrate.proto";
 import "validate/validate.proto";
 
@@ -162,7 +163,8 @@ message RedisProxy {
     //   This field is deprecated. Use a :ref:`catch_all
     //   route<envoy_api_field_config.filter.network.redis_proxy.v2.RedisProxy.PrefixRoutes.catch_all_route>`
     //   instead.
-    string catch_all_cluster = 3 [deprecated = true];
+    string catch_all_cluster = 3
+        [deprecated = true, (envoy.annotations.disallowed_by_default) = true];
 
     // Optional catch-all route to forward commands that doesn't match any of the routes. The
     // catch-all route becomes required when no routes are specified.
@@ -181,7 +183,7 @@ message RedisProxy {
   //   This field is deprecated. Use a :ref:`catch_all
   //   route<envoy_api_field_config.filter.network.redis_proxy.v2.RedisProxy.PrefixRoutes.catch_all_route>`
   //   instead.
-  string cluster = 2 [deprecated = true];
+  string cluster = 2 [deprecated = true, (envoy.annotations.disallowed_by_default) = true];
 
   // Network settings for the connection pool to the upstream clusters.
   ConnPoolSettings settings = 3 [(validate.rules).message = {required: true}];

diff --git a/api/envoy/config/route/v3alpha/BUILD b/api/envoy/config/route/v3alpha/BUILD
@@ -6,6 +6,7 @@ licenses(["notice"])  # Apache 2
 
 api_proto_package(
     deps = [
+        "//envoy/annotations:pkg",
         "//envoy/api/v2:pkg",
         "//envoy/api/v2/route:pkg",
         "//envoy/config/core/v3alpha:pkg",

diff --git a/api/envoy/config/route/v3alpha/route_components.proto b/api/envoy/config/route/v3alpha/route_components.proto
@@ -16,6 +16,7 @@ import "google/protobuf/wrappers.proto";
 
 import "udpa/annotations/versioning.proto";
 
+import "envoy/annotations/deprecation.proto";
 import "validate/validate.proto";
 
 option java_package = "io.envoyproxy.envoy.config.route.v3alpha";

diff --git a/api/envoy/extensions/filters/common/fault/v3alpha/BUILD b/api/envoy/extensions/filters/common/fault/v3alpha/BUILD
@@ -6,6 +6,7 @@ licenses(["notice"])  # Apache 2
 
 api_proto_package(
     deps = [
+        "//envoy/annotations:pkg",
         "//envoy/config/filter/fault/v2:pkg",
         "//envoy/type/v3alpha:pkg",
         "@com_github_cncf_udpa//udpa/annotations:pkg",

diff --git a/api/envoy/extensions/filters/common/fault/v3alpha/fault.proto b/api/envoy/extensions/filters/common/fault/v3alpha/fault.proto
@@ -8,6 +8,7 @@ import "google/protobuf/duration.proto";
 
 import "udpa/annotations/versioning.proto";
 
+import "envoy/annotations/deprecation.proto";
 import "validate/validate.proto";
 
 option java_package = "io.envoyproxy.envoy.extensions.filters.common.fault.v3alpha";

diff --git a/api/envoy/extensions/filters/http/ext_authz/v3alpha/BUILD b/api/envoy/extensions/filters/http/ext_authz/v3alpha/BUILD
@@ -6,6 +6,7 @@ licenses(["notice"])  # Apache 2
 
 api_proto_package(
     deps = [
+        "//envoy/annotations:pkg",
         "//envoy/config/core/v3alpha:pkg",
         "//envoy/config/filter/http/ext_authz/v2:pkg",
         "//envoy/type/matcher/v3alpha:pkg",

diff --git a/api/envoy/extensions/filters/http/ext_authz/v3alpha/ext_authz.proto b/api/envoy/extensions/filters/http/ext_authz/v3alpha/ext_authz.proto
@@ -10,6 +10,7 @@ import "envoy/type/v3alpha/http_status.proto";
 
 import "udpa/annotations/versioning.proto";
 
+import "envoy/annotations/deprecation.proto";
 import "validate/validate.proto";
 
 option java_package = "io.envoyproxy.envoy.extensions.filters.http.ext_authz.v3alpha";

diff --git a/api/envoy/extensions/filters/network/redis_proxy/v3alpha/BUILD b/api/envoy/extensions/filters/network/redis_proxy/v3alpha/BUILD
@@ -6,6 +6,7 @@ licenses(["notice"])  # Apache 2
 
 api_proto_package(
     deps = [
+        "//envoy/annotations:pkg",
         "//envoy/config/core/v3alpha:pkg",
         "//envoy/config/filter/network/redis_proxy/v2:pkg",
         "@com_github_cncf_udpa//udpa/annotations:pkg",

diff --git a/api/envoy/extensions/filters/network/redis_proxy/v3alpha/redis_proxy.proto b/api/envoy/extensions/filters/network/redis_proxy/v3alpha/redis_proxy.proto
@@ -9,6 +9,7 @@ import "google/protobuf/wrappers.proto";
 
 import "udpa/annotations/versioning.proto";
 
+import "envoy/annotations/deprecation.proto";
 import "validate/validate.proto";
 
 option java_package = "io.envoyproxy.envoy.extensions.filters.network.redis_proxy.v3alpha";

diff --git a/docs/root/configuration/operations/runtime.rst b/docs/root/configuration/operations/runtime.rst
@@ -225,6 +225,8 @@ Lines starting with ``#`` as the first character are treated as comments.
 Comments can be used to provide context on an existing value. Comments are also useful in an
 otherwise empty file to keep a placeholder for deployment in a time of need.
 
+.. _config_runtime_deprecation:
+
 Using runtime overrides for deprecated features
 -----------------------------------------------
 
@@ -238,13 +240,12 @@ increments the :ref:`deprecated_feature_use <runtime_stats>` runtime stat.
 Users are encouraged to go to :ref:`deprecated <deprecated>` to see how to
 migrate to the new code path and make sure it is suitable for their use case.
 
-In the second phase the message and filename will be added to
-:repo:`runtime_features.cc <source/common/runtime/runtime_features.cc>`
-and use of that configuration field will cause the config to be rejected by default. 
-This fail-by-default mode can be overridden in runtime configuration by setting
-envoy.deprecated_features.filename.proto:fieldname or envoy.deprecated_features.filename.proto:enum_value
+In the second phase the field will be tagged as disallowed_by_default
+and use of that configuration field will cause the config to be rejected by default.
+This disallowed mode can be overridden in runtime configuration by setting
+envoy.deprecated_features:full_fieldname or envoy.deprecated_features:full_enum_value
 to true. For example, for a deprecated field
-``Foo.Bar.Eep`` in ``baz.proto`` set ``envoy.deprecated_features.baz.proto:Eep`` to
+``Foo.Bar.Eep`` set ``envoy.deprecated_features:Foo.bar.Eep`` to
 ``true``. Use of this override is **strongly discouraged**.
 Fatal-by-default configuration indicates that the removal of the old code paths is imminent. It is
 far better for both Envoy users and for Envoy contributors if any bugs or feature gaps with the new

diff --git a/generated_api_shadow/envoy/admin/v2alpha/BUILD b/generated_api_shadow/envoy/admin/v2alpha/BUILD