# Copyright 2017 Istio Authors. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ################################################################################ # # # This is the global dictionary used by mixer client and server # for sending mixer attributes. # # The main reason using yaml format is that it allows comments like this. # # Important update rules: # * never remove, only add words at the end of file. # * http headers should be lower case. # * not duplication, all words have to be unique. # # Tools: # 1) It can be converted to json by: # python -c 'import sys, yaml, json; json.dump(yaml.load(sys.stdin), \ # sys.stdout, indent=4)' < global_dictionary.yaml # # 2) Use this to detect uniqueness and print out duplication: # python -c 'import yaml, collections; print [item for item, count in \ # collections.Counter(yaml.load(open("global_dictionary.yaml"))).items() if count > 1]' # # Section 1: Standard Istio attribute vocabulary # https://istio.io/docs/reference/config/mixer/attribute-vocabulary.html - source.ip - source.port - source.name - source.uid - source.namespace - source.labels # source.user is to be deprecated, please refer to the attribute source.principal - source.user # target.* attributes have been renamed to destination.* # They cannot be removed from this append only dictionary. - target.ip - target.port - target.service - target.name - target.uid - target.namespace - target.labels - target.user - request.headers - request.id - request.path - request.host - request.method - request.reason - request.referer - request.scheme - request.size - request.time - request.useragent - response.headers - response.size - response.time - response.duration - response.code # Section 2: HTTP common headers extracted from # https://tools.ietf.org/html/rfc7541#appendix-A - :authority - :method - :path - :scheme - :status - access-control-allow-origin - access-control-allow-methods - access-control-allow-headers - access-control-max-age - access-control-request-method - access-control-request-headers - accept-charset - accept-encoding - accept-language - accept-ranges - accept - access-control-allow - age - allow - authorization - cache-control - content-disposition - content-encoding - content-language - content-length - content-location - content-range - content-type - cookie - date - etag - expect - expires - from - host - if-match - if-modified-since - if-none-match - if-range - if-unmodified-since - keep-alive - last-modified - link - location - max-forwards - proxy-authenticate - proxy-authorization - range - referer - refresh - retry-after - server - set-cookie - strict-transport-sec - transfer-encoding - user-agent - vary - via - www-authenticate # HTTP methods - GET - POST # Common strings - http - envoy - '200' - Keep-Alive - chunked - x-envoy-service-time - x-forwarded-for - x-forwarded-host - x-forwarded-proto - x-http-method-override - x-request-id - x-requested-with # Popular content-type - application/json - application/xml - gzip - text/html - text/html; charset=utf-8 - text/plain - text/plain; charset=utf-8 # common strings - '0' - '1' - true - false - gzip, deflate - max-age=0 - x-envoy-upstream-service-time - x-envoy-internal - x-envoy-expected-rq-timeout-ms - x-ot-span-context - x-b3-traceid - x-b3-sampled - x-b3-spanid - tcp # connection attributes - connection.id - connection.received.bytes - connection.received.bytes_total - connection.sent.bytes - connection.sent.bytes_total - connection.duration # context attributes - context.protocol - context.timestamp - context.time # common integer strings - 0 - 1 - 200 - 302 - 400 - 401 - 403 - 404 - 409 - 429 - 499 - 500 - 501 - 502 - 503 - 504 - destination.ip - destination.port # destination.service is deprecated, please refer to destination.service.host - destination.service - destination.name - destination.uid - destination.namespace - destination.labels # destination.user is deprecated, please refer to destination.principal - destination.user # source.service is deprecated. please do not use moving forward. - source.service # api attributes - api.service - api.version - api.operation - api.protocol # auth attributes - request.auth.principal - request.auth.audiences - request.auth.presenter # api key - request.api_key # check.error_code and error_message - check.error_code - check.error_message - request.total_size - response.total_size # TCP connection event attribute. - connection.event # whether mixer check and quota calls hit cache. - check.cache_hit - quota.cache_hit - source.principal - request.auth.claims - request.auth.raw_claims # whether request is sent over mTLS enabled downstream connection. - connection.mtls - source.metadata - source.owner - source.services - source.workload.uid - source.workload.name - source.workload.namespace - destination.metadata - destination.owner - destination.principal - destination.workload.uid - destination.workload.name - destination.workload.namespace - destination.service.uid - destination.service.name - destination.service.namespace - destination.service.host - destination.container.name - destination.container.image - context.reporter.local - context.reporter.uid # gRPC trailer return status support - response.grpc_status - response.grpc_message - context.reporter.type - context.reporter.kind # SNI, for TLS connections - connection.requested_server_name # url_path and query_params are derived from http path header. # url_path is the path part of a url, with query params being stripped. # query_params is the normalized query part of a url. - request.url_path - request.query_params # context.proxy_error_code = %RESPONSE_FLAGS% in envoy access logs. # Other proxies should return equivalent error messages. - context.proxy_error_code # following are the RESPONSE_FLAGS supported by envoy as of 2018-08-10 # https://www.envoyproxy.io/docs/envoy/latest/configuration/access_log#configuration - UH - UF - UO - NR - LH - UT - LR - UR - UC - DI - FI - RL - "-" - inbound - outbound - context.proxy_version