syntax = "proto3";

package envoy.service.accesslog.v2;

import "envoy/api/v2/core/base.proto";
import "envoy/data/accesslog/v2/accesslog.proto";

import "udpa/annotations/status.proto";
import "validate/validate.proto";

option java_package = "io.envoyproxy.envoy.service.accesslog.v2";
option java_outer_classname = "AlsProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/service/accesslog/v2;accesslogv2";
option (udpa.annotations.file_status).package_version_status = FROZEN;

// [#protodoc-title: gRPC Access Log Service (ALS)]

// Service for streaming access logs from Envoy to an access log server.
service AccessLogService {
  // Envoy will connect and send StreamAccessLogsMessage messages forever. It does not expect any
  // response to be sent as nothing would be done in the case of failure. The server should
  // disconnect if it expects Envoy to reconnect. In the future we may decide to add a different
  // API for "critical" access logs in which Envoy will buffer access logs for some period of time
  // until it gets an ACK so it could then retry. This API is designed for high throughput with the
  // expectation that it might be lossy.
  rpc StreamAccessLogs(stream StreamAccessLogsMessage) returns (StreamAccessLogsResponse) {
  }
}

// Empty response for the StreamAccessLogs API. Will never be sent. See below.
message StreamAccessLogsResponse {
}

// Stream message for the StreamAccessLogs API. Envoy will open a stream to the server and stream
// access logs without ever expecting a response.
message StreamAccessLogsMessage {
  message Identifier {
    // The node sending the access log messages over the stream.
    api.v2.core.Node node = 1 [(validate.rules).message = {required: true}];

    // The friendly name of the log configured in :ref:`CommonGrpcAccessLogConfig
    // <envoy_api_msg_config.accesslog.v2.CommonGrpcAccessLogConfig>`.
    string log_name = 2 [(validate.rules).string = {min_bytes: 1}];
  }

  // Wrapper for batches of HTTP access log entries.
  message HTTPAccessLogEntries {
    repeated data.accesslog.v2.HTTPAccessLogEntry log_entry = 1
        [(validate.rules).repeated = {min_items: 1}];
  }

  // Wrapper for batches of TCP access log entries.
  message TCPAccessLogEntries {
    repeated data.accesslog.v2.TCPAccessLogEntry log_entry = 1
        [(validate.rules).repeated = {min_items: 1}];
  }

  // Identifier data that will only be sent in the first message on the stream. This is effectively
  // structured metadata and is a performance optimization.
  Identifier identifier = 1;

  // Batches of log entries of a single type. Generally speaking, a given stream should only
  // ever include one type of log entry.
  oneof log_entries {
    option (validate.required) = true;

    HTTPAccessLogEntries http_logs = 2;

    TCPAccessLogEntries tcp_logs = 3;
  }
}