Sync APIs. @tag-name=gloo-sheidkamp

api/gloo/gloo/external/envoy/config/core/v3/address.proto

@@ -73,7 +73,7 @@ message SocketAddress {
   string resolver_name = 5;
 
   // When binding to an IPv6 address above, this enables `IPv4 compatibility
-  // <https://tools.ietf.org/html/rfc3493#page-11>`_. Binding to ``::`` will
+  // <https://datatracker.ietf.org/doc/html/rfc3493#page-11>`_. Binding to ``::`` will
   // allow both IPv4 and IPv6 connections, with peer IPv4 addresses mapped into
   // IPv6 space as ``::FFFF:<IPv4-address>``.
   bool ipv4_compat = 6;
@@ -133,7 +133,7 @@ message Address {
 }
 
 // CidrRange specifies an IP Address and a prefix length to construct
-// the subnet mask for a `CIDR <https://tools.ietf.org/html/rfc4632>`_ range.
+// the subnet mask for a `CIDR <https://datatracker.ietf.org/doc/html/rfc4632>`_ range.
 message CidrRange {
   option (solo.io.udpa.annotations.versioning).previous_message_type = "solo.io.envoy.api.v2.core.CidrRange";
 

api/gloo/gloo/external/envoy/config/core/v3/grpc_service.proto

@@ -137,7 +137,7 @@ message GrpcService {
 
       // Security token service configuration that allows Google gRPC to
       // fetch security token from an OAuth 2.0 authorization server.
-      // See https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16 and
+      // See https://datatracker.ietf.org/doc/html/draft-ietf-oauth-token-exchange-16 and
       // https://github.com/grpc/grpc/pull/19587.
       // [#next-free-field: 10]
       message StsService {
@@ -209,7 +209,7 @@ message GrpcService {
         MetadataCredentialsFromPlugin from_plugin = 6;
 
         // Custom security token service which implements OAuth 2.0 token exchange.
-        // https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16
+        // https://datatracker.ietf.org/doc/html/draft-ietf-oauth-token-exchange-16
         // See https://github.com/grpc/grpc/pull/19587.
         StsService sts_service = 7;
       }

api/gloo/gloo/external/envoy/extensions/filters/http/jwt_authn/v3/config.proto

@@ -26,8 +26,8 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 
 // Please see following for JWT authentication flow:
 //
-// * `JSON Web Token (JWT) <https://tools.ietf.org/html/rfc7519>`_
-// * `The OAuth 2.0 Authorization Framework <https://tools.ietf.org/html/rfc6749>`_
+// * `JSON Web Token (JWT) <https://datatracker.ietf.org/doc/html/rfc7519>`_
+// * `The OAuth 2.0 Authorization Framework <https://datatracker.ietf.org/doc/html/rfc6749>`_
 // * `OpenID Connect <http://openid.net/connect>`_
 //
 // A JwtProvider message specifies how a JSON Web Token (JWT) can be verified. It specifies:
@@ -59,7 +59,7 @@ message JwtProvider {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.filter.http.jwt_authn.v2alpha.JwtProvider";
 
-  // Specify the `principal <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_ that issued
+  // Specify the `principal <https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.1>`_ that issued
   // the JWT, usually a URL or an email address.
   //
   // It is optional. If specified, it has to match the *iss* field in JWT.
@@ -81,7 +81,7 @@ message JwtProvider {
   //
   string issuer = 1;
 
-  // The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
+  // The list of JWT `audiences <https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3>`_ are
   // allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
   // will not check audiences in the token.
   //
@@ -95,7 +95,7 @@ message JwtProvider {
   //
   repeated string audiences = 2;
 
-  // `JSON Web Key Set (JWKS) <https://tools.ietf.org/html/rfc7517#appendix-A>`_ is needed to
+  // `JSON Web Key Set (JWKS) <https://datatracker.ietf.org/doc/html/rfc7517#appendix-A>`_ is needed to
   // validate signature of a JWT. This field specifies where to fetch JWKS.
   oneof jwks_source_specifier {
     option (validate.required) = true;
@@ -146,11 +146,11 @@ message JwtProvider {
   // If no explicit location is specified, the following default locations are tried in order:
   //
   // 1. The Authorization header using the `Bearer schema
-  // <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::
+  // <https://datatracker.ietf.org/doc/html/rfc6750#section-2.1>`_. Example::
   //
   //    Authorization: Bearer <token>.
   //
-  // 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.
+  // 2. `access_token <https://datatracker.ietf.org/doc/html/rfc6750#section-2.3>`_ query parameter.
   //
   // Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
   // its provider specified or from the default locations.

api/gloo/gloo/external/xds/core/v3/cidr.proto

@@ -15,7 +15,7 @@ option go_package = "github.com/cncf/xds/go/xds/core/v3";
 option (xds.annotations.v3.file_status).work_in_progress = true;
 
 // CidrRange specifies an IP Address and a prefix length to construct
-// the subnet mask for a `CIDR <https://tools.ietf.org/html/rfc4632>`_ range.
+// the subnet mask for a `CIDR <https://datatracker.ietf.org/doc/html/rfc4632>`_ range.
 message CidrRange {
   // IPv4 or IPv6 address, e.g. ``192.0.0.0`` or ``2001:db8::``.
   string address_prefix = 1 [(validate.rules).string = {min_len: 1}];

api/gloo/gloo/external/xds/core/v3/resource_locator.proto

@@ -85,7 +85,7 @@ message ResourceLocator {
   // require percent encoding in a directive value are [',', '#', '[', ']',
   // '%']. These are the RFC3986 fragment reserved characters with the addition
   // of the xDS scheme specific ','. See
-  // https://tools.ietf.org/html/rfc3986#page-49 for further details on URI ABNF
+  // https://datatracker.ietf.org/doc/html/rfc3986#page-49 for further details on URI ABNF
   // and reserved characters.
   message Directive {
     oneof directive {

api/gloo/gloo/v1/options/protocol/protocol.proto

@@ -126,7 +126,7 @@ message Http2ProtocolOptions {
   // This overrides any HCM :ref:`stream_error_on_invalid_http_messaging
   // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.stream_error_on_invalid_http_message>`
   //
-  // See `RFC7540, sec. 8.1 <https://tools.ietf.org/html/rfc7540#section-8.1>`_ for details.
+  // See `RFC7540, sec. 8.1 <https://datatracker.ietf.org/doc/html/rfc7540#section-8.1>`_ for details.
   google.protobuf.BoolValue override_stream_error_on_invalid_http_message = 14;
 }
 

api/gloo/gloo/v1/upstream.proto

@@ -128,7 +128,7 @@ message UpstreamSpec {
     // This overrides any HCM :ref:`stream_error_on_invalid_http_messaging
     // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.stream_error_on_invalid_http_message>`
     //
-    // See `RFC7540, sec. 8.1 <https://tools.ietf.org/html/rfc7540#section-8.1>`_ for details.
+    // See `RFC7540, sec. 8.1 <https://datatracker.ietf.org/doc/html/rfc7540#section-8.1>`_ for details.
     google.protobuf.BoolValue override_stream_error_on_invalid_http_message = 26;
 
     // Tells envoy that the upstream is an HTTP proxy (e.g., another proxy in a DMZ) that supports HTTP Connect.