-
Notifications
You must be signed in to change notification settings - Fork 116
/
contract.proto
397 lines (311 loc) · 9.4 KB
/
contract.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
syntax = 'proto3';
option go_package = "control-plane/pkg/contract";
option java_package = "dev.knative.eventing.kafka.broker.contract";
option java_outer_classname = "DataPlaneContract";
// We don't use the google.protobuf.Empty type because
// configuring the include directory is a mess for the contributors and for the build scripts.
// Hence, more than dealing with contributors that can't get their dev environment
// working with the project, we prefer to have this additional single line of code.
// Protobuf include nightmare? No thanks!
message Empty {}
message Exact {
map<string, string> attributes = 1;
}
message Prefix {
map<string, string> attributes = 1;
}
message Suffix {
map<string, string> attributes = 1;
}
message All {
repeated DialectedFilter filters = 1;
}
message Any {
repeated DialectedFilter filters = 1;
}
message Not {
DialectedFilter filter = 1;
}
message CESQL {
string expression = 1;
}
message DialectedFilter {
oneof filter {
Exact exact = 1;
Prefix prefix = 2;
Suffix suffix = 3;
All all = 4;
Any any = 5;
Not not = 6;
CESQL cesql = 7;
}
}
message Filter {
// attributes filters events by exact match on event context attributes.
// Each key in the map is compared with the equivalent key in the event
// context. An event passes the filter if all values are equal to the
// specified values.
//
// Nested context attributes are not supported as keys. Only string values are supported.
map<string, string> attributes = 1;
}
message TokenMatcher {
oneof matcher {
Exact exact = 1;
Prefix prefix = 2;
}
}
message EventPolicy {
// Token matchers of this EventPolicy
repeated TokenMatcher tokenMatchers = 1;
// Filters for this EventPolicy
repeated DialectedFilter filters = 2;
}
// BackoffPolicyType is the type for backoff policies
enum BackoffPolicy {
// Exponential backoff policy
Exponential = 0;
// Linear backoff policy
Linear = 1;
}
message EgressConfig {
// Dead letter is where the event is sent when something goes wrong
string deadLetter = 1;
// Dead Letter CA Cert is the CA Cert used for HTTPS communication through dead letter
string deadLetterCACerts = 6;
// Dead Letter Audience is the OIDC audience of the dead letter
string deadLetterAudience = 7;
// format is the format used to deliver the event. Can be one of "json" or "binary"
string format = 8;
// retry is the minimum number of retries the sender should attempt when
// sending an event before moving it to the dead letter sink.
//
// Setting retry to 0 means don't retry.
uint32 retry = 2;
// backoffPolicy is the retry backoff policy (linear, exponential).
BackoffPolicy backoffPolicy = 3;
// backoffDelay is the delay before retrying in milliseconds.
uint64 backoffDelay = 4;
// timeout is the single request timeout (not the overall retry timeout)
uint64 timeout = 5;
}
// Check dev.knative.eventing.kafka.broker.dispatcher.consumer.DeliveryOrder for more details
enum DeliveryOrder {
UNORDERED = 0;
ORDERED = 1;
}
enum KeyType {
String = 0;
Integer = 1;
Double = 2;
ByteArray = 3;
}
message Egress {
// consumer group name
string consumerGroup = 1;
// destination is the sink where events are sent.
string destination = 2;
// destination CA Cert is the CA Cert used for HTTPS communication through destination
string destinationCACerts = 15;
// OIDC audience of the destination
string destinationAudience = 17;
oneof replyStrategy {
// Send the response to an url
string replyUrl = 3;
// Send the response to a Kafka topic
Empty replyToOriginalTopic = 4;
// Discard response.
Empty discardReply = 9;
}
// replyUrl CA Cert is the CA Cert used for HTTPS communication through replyUrl
string replyUrlCACerts = 16;
// OIDC audience of the replyUrl
string replyUrlAudience = 18;
// A filter for performing exact match against Cloud Events attributes
Filter filter = 5;
// Id of the egress
// It's the same as the Kubernetes resource uid
string uid = 6;
// Egress configuration.
// It overrides Resource's EgressConfig.
EgressConfig egressConfig = 7;
// Delivery guarantee to use
// Empty defaults to unordered
DeliveryOrder deliveryOrder = 8;
// Kafka record key type.
KeyType keyType = 10;
// Resource reference.
//
// This reference is used to reference the associated resource for data plane
// activities such as:
// - tagging metrics
Reference reference = 11;
// CNCF CloudEvents SubscriptionsAPI compliant filters
repeated DialectedFilter dialectedFilter = 12;
// Number of virtual replicas.
int32 vReplicas = 13;
// Egress feature flags.
EgressFeatureFlags featureFlags = 14;
// Name of the service account to use for OIDC authentication.
string oidcServiceAccountName = 19;
}
message EgressFeatureFlags {
// Enable rateLimiter
bool enableRateLimiter = 1;
// Enable newMetrics
bool enableOrderedExecutorMetrics = 2;
}
// CloudEvent content mode
enum ContentMode {
BINARY = 0;
STRUCTURED = 1;
}
// Ingress is the definition for HTTP ingress that is receiving the events
// into the Knative Kafka component.
//
// path and host fields are used for identifying the targets. They are exclusive.
// When a request comes with "/some-path", hostname will not be checked.
// When a request comes with "/", only hostname matching will be done.
// It is allowed to specify both path and host in ingress contract
// to support both modes.
message Ingress {
// Optional content mode to use when pushing messages to Kafka
ContentMode contentMode = 1;
// path to listen for incoming events.
string path = 2;
// host header to match
string host = 3;
// OIDC audience of this ingress
string audience = 5;
// Ready and applying EventPolicies for this ingress
repeated EventPolicy eventPolicies = 6;
}
// Kubernetes resource reference.
message Reference {
// Object id.
string uuid = 1;
// Object namespace.
string namespace = 2;
// Object name.
string name = 3;
// Object ResourceVersion.
string version = 4;
// Object kind.
string kind = 5;
// Object GroupVersion.
string groupVersion = 6;
}
enum SecretField {
SASL_MECHANISM = 0;
CA_CRT = 1;
USER_CRT = 2;
USER_KEY = 3;
USER = 4;
PASSWORD = 5;
}
message SecretReference {
// Secret reference.
Reference reference = 1;
// Multiple key-field references.
repeated KeyFieldReference keyFieldReferences = 2;
}
message KeyFieldReference {
// Key in the secret.
string secretKey = 2;
// Field name.
SecretField field = 3;
}
enum Protocol {
PLAINTEXT = 0;
SASL_PLAINTEXT = 1;
SSL = 2;
SASL_SSL = 3;
}
message MultiSecretReference {
// Protocol.
Protocol protocol = 1;
// Secret references.
repeated SecretReference references = 2;
}
// CloudEvent overrides.
message CloudEventOverrides {
map<string, string> extensions = 1;
}
message FeatureFlags {
bool enableEventTypeAutocreate = 1;
}
message Resource {
// Id of the resource
// It's the same as the Kubernetes resource uid
string uid = 1;
// Topics name
// Note: If there is an ingress configured, then this field must have exactly 1 element otherwise,
// if the resource does just dispatch from Kafka, then this topic list can contain multiple elements
repeated string topics = 2;
// A comma separated list of host/port pairs to use for establishing the initial connection to the Kafka cluster.
// Note: we're using a comma separated list simply because that's how java kafka client likes it.
string bootstrapServers = 3;
// Optional ingress for this topic
Ingress ingress = 4;
// Optional configuration of egress valid for the whole resource
EgressConfig egressConfig = 5;
// Optional egresses for this topic
repeated Egress egresses = 6;
oneof Auth {
// No auth configured.
Empty absentAuth = 7;
// Secret reference.
//
// Secret format:
//
// protocol: (PLAINTEXT | SASL_PLAINTEXT | SSL | SASL_SSL)
// sasl.mechanism: (SCRAM-SHA-256 | SCRAM-SHA-512)
// ca.crt: <CA PEM certificate>
// user.crt: <User PEM certificate>
// user.key: <User PEM key>
// user: <SASL username>
// password: <SASL password>
//
// Validation:
// - protocol=PLAINTEXT
// - protocol=SSL
// - required:
// - ca.crt
// - user.crt
// - user.key
// - protocol=SASL_PLAINTEXT
// - required:
// - sasl.mechanism
// - user
// - password
// - protocol=SASL_SSL
// - required:
// - sasl.mechanism
// - ca.crt
// - user.crt
// - user.key
// - user
// - password
Reference authSecret = 8;
// Multiple secrets reference.
MultiSecretReference multiAuthSecret = 9;
}
CloudEventOverrides cloudEventOverrides = 10;
// Resource reference.
//
// This reference is used to reference the associated resource for data plane
// activities such as:
// - setting the `source` attribute of a KafkaSource event (when it's not a CloudEvent)
// - tagging metrics
Reference reference = 11;
// Feature flags for the resource
FeatureFlags featureFlags = 12;
}
message Contract {
// Count each contract update.
// Make sure each data plane pod has the same contract generation number.
uint64 generation = 1;
repeated Resource resources = 2;
// PEM encoded CA trust bundles for HTTP client.
repeated string trustBundles = 3;
}