diff --git a/.changelog/18994.txt b/.changelog/18994.txt index f28381721d54..3f80f3457671 100644 --- a/.changelog/18994.txt +++ b/.changelog/18994.txt @@ -12,12 +12,6 @@ environments. * The v1 and v2 catalog APIs cannot run concurrently. * The Consul UI does not support multi-port services or the v2 catalog API in this release. * HCP Consul does not support multi-port services or the v2 catalog API in this release. -* The v2 API only supports transparent proxy mode where services that have permissions to connect to each other can use - Kube DNS to connect. - -### Known Issues -* When using the v2 API with transparent proxy, Kubernetes pods cannot use L7 liveness, readiness, or startup probes. - [[Catalog resource controllers]](https://github.com/hashicorp/consul/tree/e6b724d06249d3e62cd75afe3ee6042ba1fd5415/internal/catalog/internal/controllers) [[Mesh resource controllers]](https://github.com/hashicorp/consul/tree/e6b724d06249d3e62cd75afe3ee6042ba1fd5415/internal/mesh/internal/controllers) diff --git a/.changelog/19225.txt b/.changelog/19225.txt new file mode 100644 index 000000000000..d4c4d156d454 --- /dev/null +++ b/.changelog/19225.txt @@ -0,0 +1,9 @@ +```release-note:security +Upgrade Go to 1.20.10. +This resolves vulnerability [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) +/ [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)(`net/http`). +``` +```release-note:security +Update `golang.org/x/net` to v0.17.0 to address [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) +/ [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)(`x/net/http2`). +``` diff --git a/.changelog/19268.txt b/.changelog/19268.txt new file mode 100644 index 000000000000..2bb8f489e345 --- /dev/null +++ b/.changelog/19268.txt @@ -0,0 +1,3 @@ +```release-note:bug +Mesh Gateways: Fix a bug where replicated and peered mesh gateways with hostname-based WAN addresses fail to initialize. +``` diff --git a/.changelog/19274.txt b/.changelog/19274.txt new file mode 100644 index 000000000000..81c0b638b958 --- /dev/null +++ b/.changelog/19274.txt @@ -0,0 +1,3 @@ +```release-note:security +connect: update supported envoy versions to 1.24.12, 1.25.11, 1.26.6, 1.27.2 to address [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) +``` diff --git a/.changelog/19285.txt b/.changelog/19285.txt new file mode 100644 index 000000000000..52320702edb3 --- /dev/null +++ b/.changelog/19285.txt @@ -0,0 +1,7 @@ +```release-note:bug +ca: Fix bug with Vault CA provider where token renewal goroutines could leak if CA failed to initialize. +``` + +```release-note:bug +ca: Fix bug with Vault CA provider where renewing a retracted token would cause retries in a tight loop, degrading performance. +``` diff --git a/.changelog/19314.txt b/.changelog/19314.txt new file mode 100644 index 000000000000..c5f1346f3bfe --- /dev/null +++ b/.changelog/19314.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +raft: upgrade raft-wal library version to 0.4.1. +``` diff --git a/.changelog/19339.txt b/.changelog/19339.txt new file mode 100644 index 000000000000..884fb4a3bd16 --- /dev/null +++ b/.changelog/19339.txt @@ -0,0 +1,4 @@ +```release-note:bug +connect: Fix bug where uncleanly closed xDS connections would influence connection balancing for too long and prevent envoy instances from starting. Two new configuration fields +`performance.grpc_keepalive_timeout` and `performance.grpc_keepalive_interval` now exist to allow for configuration on how often these dead connections will be cleaned up. +``` diff --git a/.changelog/19342.txt b/.changelog/19342.txt new file mode 100644 index 000000000000..ac8559fd482d --- /dev/null +++ b/.changelog/19342.txt @@ -0,0 +1,3 @@ +```release-note:improvement +Replaces UI Side Nav with Helios Design System Side Nav. Adds dc/partition/namespace searching in Side Nav. +``` diff --git a/.changelog/19389.txt b/.changelog/19389.txt new file mode 100644 index 000000000000..1fe521b85381 --- /dev/null +++ b/.changelog/19389.txt @@ -0,0 +1,3 @@ +```release-note:improvement +cli: stop simultaneous usage of -templated-policy and -templated-policy-file when creating a role or token. +``` \ No newline at end of file diff --git a/.changelog/19414.txt b/.changelog/19414.txt new file mode 100644 index 000000000000..416d8e559bc1 --- /dev/null +++ b/.changelog/19414.txt @@ -0,0 +1,4 @@ +```release-note:security +Upgrade `google.golang.org/grpc` to 1.56.3. +This resolves vulnerability [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). +``` diff --git a/.changelog/19503.txt b/.changelog/19503.txt new file mode 100644 index 000000000000..cb89cfbec1e2 --- /dev/null +++ b/.changelog/19503.txt @@ -0,0 +1,3 @@ +```release-note:bug +wan-federation: Fix a bug where servers wan-federated through mesh-gateways could crash due to overlapping LAN IP addresses. +``` diff --git a/.changelog/19549.txt b/.changelog/19549.txt new file mode 100644 index 000000000000..752dc3f8728e --- /dev/null +++ b/.changelog/19549.txt @@ -0,0 +1,3 @@ +```release-note:bug +ui: clear peer on home logo link +``` diff --git a/.changelog/19586.txt b/.changelog/19586.txt new file mode 100644 index 000000000000..2c58b38b5578 --- /dev/null +++ b/.changelog/19586.txt @@ -0,0 +1,3 @@ +```release-note:bug +ui: fix being able to view peered services from non-default namnespaces +``` diff --git a/.changelog/19594.txt b/.changelog/19594.txt new file mode 100644 index 000000000000..9348b98bf504 --- /dev/null +++ b/.changelog/19594.txt @@ -0,0 +1,3 @@ +```release-note:improvement +ui: move nspace and partitions requests into their selector menus +``` diff --git a/.changelog/_7406.txt b/.changelog/_7406.txt new file mode 100644 index 000000000000..b020a3a0e601 --- /dev/null +++ b/.changelog/_7406.txt @@ -0,0 +1,3 @@ +```release-note:bug +server: **(Enterprise Only)** Fixed an issue where snake case keys were rejected when configuring the control-plane-request-limit config entry +``` \ No newline at end of file diff --git a/.github/scripts/set_test_package_matrix.sh b/.github/scripts/set_test_package_matrix.sh index da8b6d563c37..3f8a389297f4 100755 --- a/.github/scripts/set_test_package_matrix.sh +++ b/.github/scripts/set_test_package_matrix.sh @@ -6,6 +6,6 @@ set -euo pipefail export RUNNER_COUNT=$1 # set matrix var to list of unique packages containing tests -matrix="$(go list -json="ImportPath,TestGoFiles" ./... | jq --compact-output '. | select(.TestGoFiles != null) | .ImportPath' | jq --slurp --compact-output '.' | jq --argjson runnercount $RUNNER_COUNT -cM '[_nwise(length / $runnercount | floor)]'))" +matrix="$(go list -json="ImportPath,TestGoFiles" ./... | jq --compact-output '. | select(.TestGoFiles != null) | .ImportPath' | shuf | jq --slurp --compact-output '.' | jq --argjson runnercount $RUNNER_COUNT -cM '[_nwise(length / $runnercount | floor)]'))" echo "matrix=${matrix}" >> "${GITHUB_OUTPUT}" diff --git a/.github/scripts/verify_envoy_version.sh b/.github/scripts/verify_envoy_version.sh index f9067eaa37f7..4bcbea4cabee 100755 --- a/.github/scripts/verify_envoy_version.sh +++ b/.github/scripts/verify_envoy_version.sh @@ -4,7 +4,7 @@ set -euo pipefail -current_branch=$GITHUB_REF +current_branch=$GITHUB_REF_NAME GITHUB_DEFAULT_BRANCH='main' if [ -z "$GITHUB_TOKEN" ]; then @@ -13,10 +13,15 @@ if [ -z "$GITHUB_TOKEN" ]; then fi if [ -z "$current_branch" ]; then - echo "GITHUB_REF must be set" + echo "GITHUB_REF_NAME must be set" exit 1 fi +if [[ "$SKIP_VERIFY_ENVOY_VERSION" = "true" ]]; then + echo -e "*************** VERIFY ENVOY VERSION IS DISABLED. To enable, update environment variable in Github settings *****************" + exit 0 +fi + # Get Consul and Envoy version SCRIPT_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" pushd $SCRIPT_DIR/../.. # repository root @@ -76,7 +81,6 @@ released_envoy_version=$(get_latest_envoy_version) major_released_envoy_version="${released_envoy_version[@]:1:4}" validate_envoy_version_main(){ - echo "verify "main" GitHub branch has latest envoy version" # Get envoy version for current branch ENVOY_VERSIONS=$(sanitize_consul_envoy_version | awk '{print $2}' | tr ',' ' ') envoy_version_main_branch=$(get_major_version ${ENVOY_VERSIONS}) @@ -118,8 +122,8 @@ echo checking out branch: "${current_branch}" git checkout "${current_branch}" echo -echo "Branch ${current_branch} =>Consul version: ${CONSUL_VERSION}; Envoy Version: ${ENVOY_VERSIONS}" -echo "Branch ${GITHUB_DEFAULT_BRANCH} =>Consul version: ${CONSUL_VERSION_DEFAULT_BRANCH}; Envoy Version: ${ENVOY_VERSIONS_DEFAULT_BRANCH}" +echo "Branch ${current_branch} => Consul version: ${CONSUL_VERSION}; Envoy Version: ${ENVOY_VERSIONS}" +echo "Branch ${GITHUB_DEFAULT_BRANCH} => Consul version: ${CONSUL_VERSION_DEFAULT_BRANCH}; Envoy Version: ${ENVOY_VERSIONS_DEFAULT_BRANCH}" ## Get major Consul and Envoy versions on release and default branch MAJOR_CONSUL_VERSION=$(get_major_version ${CONSUL_VERSION}) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a6bade292ea6..cc2e2437a050 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -28,6 +28,8 @@ jobs: shared-ldflags: ${{ steps.shared-ldflags.outputs.shared-ldflags }} steps: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + # action-set-product-version implicitly sets fields like 'product-version' using version/VERSION + # https://github.com/hashicorp/actions-set-product-version - name: set product version id: set-product-version uses: hashicorp/actions-set-product-version@v1 @@ -35,7 +37,6 @@ jobs: id: get-product-version run: | CONSUL_DATE=$(build-support/scripts/build-date.sh) - ## TODO: This assumes `make version` outputs 1.1.1+ent-prerel echo "product-date=${CONSUL_DATE}" >> "$GITHUB_OUTPUT" - name: Set shared -ldflags @@ -85,15 +86,15 @@ jobs: strategy: matrix: include: - - {go: "1.20.8", goos: "linux", goarch: "386"} - - {go: "1.20.8", goos: "linux", goarch: "amd64"} - - {go: "1.20.8", goos: "linux", goarch: "arm"} - - {go: "1.20.8", goos: "linux", goarch: "arm64"} - - {go: "1.20.8", goos: "freebsd", goarch: "386"} - - {go: "1.20.8", goos: "freebsd", goarch: "amd64"} - - {go: "1.20.8", goos: "windows", goarch: "386"} - - {go: "1.20.8", goos: "windows", goarch: "amd64"} - - {go: "1.20.8", goos: "solaris", goarch: "amd64"} + - {go: "1.20.10", goos: "linux", goarch: "386"} + - {go: "1.20.10", goos: "linux", goarch: "amd64"} + - {go: "1.20.10", goos: "linux", goarch: "arm"} + - {go: "1.20.10", goos: "linux", goarch: "arm64"} + - {go: "1.20.10", goos: "freebsd", goarch: "386"} + - {go: "1.20.10", goos: "freebsd", goarch: "amd64"} + - {go: "1.20.10", goos: "windows", goarch: "386"} + - {go: "1.20.10", goos: "windows", goarch: "amd64"} + - {go: "1.20.10", goos: "solaris", goarch: "amd64"} fail-fast: true name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build @@ -103,7 +104,7 @@ jobs: - name: Setup with node and yarn uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0 with: - node-version: '14' + node-version: '18' cache: 'yarn' cache-dependency-path: 'ui/yarn.lock' @@ -182,7 +183,7 @@ jobs: strategy: matrix: include: - - {go: "1.20.8", goos: "linux", goarch: "s390x"} + - {go: "1.20.10", goos: "linux", goarch: "s390x"} fail-fast: true name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build @@ -192,7 +193,7 @@ jobs: - name: Setup with node and yarn uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0 with: - node-version: '14' + node-version: '18' cache: 'yarn' cache-dependency-path: 'ui/yarn.lock' @@ -233,7 +234,7 @@ jobs: matrix: goos: [ darwin ] goarch: [ "amd64", "arm64" ] - go: [ "1.20.8" ] + go: [ "1.20.10" ] fail-fast: true name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build @@ -243,7 +244,7 @@ jobs: - name: Setup with node and yarn uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0 with: - node-version: '14' + node-version: '18' cache: 'yarn' cache-dependency-path: 'ui/yarn.lock' @@ -299,8 +300,10 @@ jobs: # This naming convention will be used ONLY for per-commit dev images - name: Set docker dev tag run: | - version="${{ env.version }}" - echo "dev_tag=${version%.*}-dev" >> $GITHUB_ENV + echo "full_dev_tag=${{ env.version }}" + echo "full_dev_tag=${{ env.version }}" >> $GITHUB_ENV + echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" + echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" >> $GITHUB_ENV - name: Docker Build (Action) uses: hashicorp/actions-docker-build@v1 @@ -312,8 +315,10 @@ jobs: docker.io/hashicorp/${{env.repo}}:${{env.version}} public.ecr.aws/hashicorp/${{env.repo}}:${{env.version}} dev_tags: | - docker.io/hashicorppreview/${{ env.repo }}:${{ env.dev_tag }} - docker.io/hashicorppreview/${{ env.repo }}:${{ env.dev_tag }}-${{ github.sha }} + docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }} + docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }}-${{ github.sha }} + docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }} + docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }}-${{ github.sha }} smoke_test: .github/scripts/verify_docker.sh v${{ env.version }} build-docker-ubi-redhat: @@ -353,8 +358,10 @@ jobs: # This naming convention will be used ONLY for per-commit dev images - name: Set docker dev tag run: | - version="${{ env.version }}" - echo "dev_tag=${version%.*}-dev" >> $GITHUB_ENV + echo "full_dev_tag=${{ env.version }}" + echo "full_dev_tag=${{ env.version }}" >> $GITHUB_ENV + echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" + echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" >> $GITHUB_ENV - uses: hashicorp/actions-docker-build@v1 with: @@ -365,8 +372,10 @@ jobs: docker.io/hashicorp/${{env.repo}}:${{env.version}}-ubi public.ecr.aws/hashicorp/${{env.repo}}:${{env.version}}-ubi dev_tags: | - docker.io/hashicorppreview/${{ env.repo }}:${{ env.dev_tag }}-ubi - docker.io/hashicorppreview/${{ env.repo }}:${{ env.dev_tag }}-ubi-${{ github.sha }} + docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }}-ubi + docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }}-ubi-${{ github.sha }} + docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }}-ubi + docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }}-ubi-${{ github.sha }} smoke_test: .github/scripts/verify_docker.sh v${{ env.version }} verify-linux: diff --git a/.github/workflows/frontend.yml b/.github/workflows/frontend.yml index aede8a48e1b2..550fddd5d15f 100644 --- a/.github/workflows/frontend.yml +++ b/.github/workflows/frontend.yml @@ -37,10 +37,10 @@ jobs: - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0 with: - node-version: '16' + node-version: '18' - name: Install Yarn - run: npm install -g yarn + run: corepack enable # Install dependencies. - name: install yarn packages @@ -57,10 +57,10 @@ jobs: - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0 with: - node-version: '16' + node-version: '18' - name: Install Yarn - run: npm install -g yarn + run: corepack enable # Install dependencies. - name: install yarn packages @@ -86,10 +86,10 @@ jobs: - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0 with: - node-version: '16' + node-version: '18' - name: Install Yarn - run: npm install -g yarn + run: corepack enable - name: Install Chrome uses: browser-actions/setup-chrome@c485fa3bab6be59dce18dbc18ef6ab7cbc8ff5f1 # v1.2.0 diff --git a/.github/workflows/nightly-test-integrations-1.15.x.yml b/.github/workflows/nightly-test-integrations-1.15.x.yml index 80597f64e2fa..c570a541abd1 100644 --- a/.github/workflows/nightly-test-integrations-1.15.x.yml +++ b/.github/workflows/nightly-test-integrations-1.15.x.yml @@ -68,7 +68,7 @@ jobs: # this is further going to multiplied in envoy-integration tests by the # other dimensions in the matrix. Currently TOTAL_RUNNERS would be # multiplied by 8 based on these values: - # envoy-version: ["1.22.11", "1.23.12", "1.24.10", "1.25.9"] + # envoy-version: ["1.22.11", "1.23.12", "1.24.12", "1.25.11"] # xds-target: ["server", "client"] TOTAL_RUNNERS: 4 JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]' @@ -102,7 +102,7 @@ jobs: strategy: fail-fast: false matrix: - envoy-version: ["1.22.11", "1.23.12", "1.24.10", "1.25.9"] + envoy-version: ["1.22.11", "1.23.12", "1.24.12", "1.25.11"] xds-target: ["server", "client"] test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }} env: diff --git a/.github/workflows/nightly-test-integrations-1.16.x.yml b/.github/workflows/nightly-test-integrations-1.16.x.yml index c4f16d9be618..d9a771c3fe13 100644 --- a/.github/workflows/nightly-test-integrations-1.16.x.yml +++ b/.github/workflows/nightly-test-integrations-1.16.x.yml @@ -68,7 +68,7 @@ jobs: # this is further going to multiplied in envoy-integration tests by the # other dimensions in the matrix. Currently TOTAL_RUNNERS would be # multiplied by 8 based on these values: - # envoy-version: ["1.24.10", "1.25.9", "1.26.4", "1.27.0"] + # envoy-version: ["1.23.12", "1.24.12", "1.25.11", "1.26.6"] # xds-target: ["server", "client"] TOTAL_RUNNERS: 4 JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]' @@ -102,7 +102,7 @@ jobs: strategy: fail-fast: false matrix: - envoy-version: ["1.23.12", "1.24.10", "1.25.9", "1.26.4"] + envoy-version: ["1.23.12", "1.24.12", "1.25.11", "1.26.6"] xds-target: ["server", "client"] test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }} env: diff --git a/.github/workflows/nightly-test-integrations.yml b/.github/workflows/nightly-test-integrations.yml index 5e30df72229e..a350ca1e7db2 100644 --- a/.github/workflows/nightly-test-integrations.yml +++ b/.github/workflows/nightly-test-integrations.yml @@ -65,7 +65,7 @@ jobs: # this is further going to multiplied in envoy-integration tests by the # other dimensions in the matrix. Currently TOTAL_RUNNERS would be # multiplied by 8 based on these values: - # envoy-version: ["1.24.10", "1.25.9", "1.26.4", "1.27.0"] + # envoy-version: ["1.24.12", "1.25.11", "1.26.6", "1.27.2"] # xds-target: ["server", "client"] TOTAL_RUNNERS: 4 JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]' @@ -99,7 +99,7 @@ jobs: strategy: fail-fast: false matrix: - envoy-version: ["1.24.10", "1.25.9", "1.26.4", "1.27.0"] + envoy-version: ["1.24.12", "1.25.11", "1.26.6", "1.27.2"] xds-target: ["server", "client"] test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }} env: @@ -193,7 +193,7 @@ jobs: strategy: fail-fast: false matrix: - consul-version: [ "1.15", "1.16"] + consul-version: [ "1.15", "1.16", "1.17"] env: CONSUL_LATEST_VERSION: ${{ matrix.consul-version }} ENVOY_VERSION: "1.24.6" diff --git a/.github/workflows/nightly-test-main.yaml b/.github/workflows/nightly-test-main.yaml index 2846f5b71c39..a089121cc8c6 100644 --- a/.github/workflows/nightly-test-main.yaml +++ b/.github/workflows/nightly-test-main.yaml @@ -24,7 +24,7 @@ jobs: # Not necessary to use yarn, but enables caching - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0 with: - node-version: 14 + node-version: 18 cache: 'yarn' cache-dependency-path: ./ui/yarn.lock @@ -56,7 +56,7 @@ jobs: # Not necessary to use yarn, but enables caching - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0 with: - node-version: 14 + node-version: 18 cache: 'yarn' cache-dependency-path: ./ui/yarn.lock @@ -95,7 +95,7 @@ jobs: # Not necessary to use yarn, but enables caching - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0 with: - node-version: 14 + node-version: 18 cache: 'yarn' cache-dependency-path: ./ui/yarn.lock @@ -128,7 +128,7 @@ jobs: # Not necessary to use yarn, but enables caching - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0 with: - node-version: 14 + node-version: 18 cache: 'yarn' cache-dependency-path: ./ui/yarn.lock @@ -167,7 +167,7 @@ jobs: # Not necessary to use yarn, but enables caching - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0 with: - node-version: 14 + node-version: 18 cache: 'yarn' cache-dependency-path: ./ui/yarn.lock @@ -198,7 +198,7 @@ jobs: # Not necessary to use yarn, but enables caching - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0 with: - node-version: 14 + node-version: 18 cache: 'yarn' cache-dependency-path: ./ui/yarn.lock diff --git a/.github/workflows/reusable-unit-split.yml b/.github/workflows/reusable-unit-split.yml index 29c341998dd6..3d959d168bed 100644 --- a/.github/workflows/reusable-unit-split.yml +++ b/.github/workflows/reusable-unit-split.yml @@ -130,7 +130,8 @@ jobs: --packages="$PACKAGE_NAMES" \ --junitfile ${{env.TEST_RESULTS}}/gotestsum-report.xml -- \ -tags="${{env.GOTAGS}}" \ - -cover -coverprofile=coverage.txt + -cover -coverprofile=coverage.txt \ + -timeout=30m # NOTE: ENT specific step as we store secrets in Vault. - name: Authenticate to Vault diff --git a/.github/workflows/reusable-unit.yml b/.github/workflows/reusable-unit.yml index 42943954475d..3b50bfa7e388 100644 --- a/.github/workflows/reusable-unit.yml +++ b/.github/workflows/reusable-unit.yml @@ -109,7 +109,8 @@ jobs: --junitfile ${{env.TEST_RESULTS}}/gotestsum-report.xml -- \ -tags="${{env.GOTAGS}}" \ ${GO_TEST_FLAGS-} \ - -cover -coverprofile=coverage.txt + -cover -coverprofile=coverage.txt \ + -timeout=30m # NOTE: ENT specific step as we store secrets in Vault. - name: Authenticate to Vault diff --git a/.github/workflows/test-integrations-windows.yml b/.github/workflows/test-integrations-windows.yml index 8ece1ef6c9b7..16f7b26fdc67 100644 --- a/.github/workflows/test-integrations-windows.yml +++ b/.github/workflows/test-integrations-windows.yml @@ -54,7 +54,7 @@ jobs: strategy: fail-fast: false matrix: - envoy-version: [ "1.27.0" ] + envoy-version: [ "1.27.2" ] xds-target: [ "server", "client" ] env: ENVOY_VERSION: ${{ matrix.envoy-version }} diff --git a/.github/workflows/test-integrations.yml b/.github/workflows/test-integrations.yml index 28dcf701fdf1..86b8741af715 100644 --- a/.github/workflows/test-integrations.yml +++ b/.github/workflows/test-integrations.yml @@ -80,7 +80,8 @@ jobs: contents: read strategy: matrix: - nomad-version: ['v1.6.1', 'v1.5.8', 'v1.4.12'] + nomad-version: ['v1.6.2', 'v1.5.9', 'v1.4.13'] + steps: - name: Checkout Nomad uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 @@ -159,7 +160,7 @@ jobs: contents: read strategy: matrix: - vault-version: ["1.14.1", "1.13.5", "1.12.9", "1.11.12"] + vault-version: ["1.15.0", "1.14.4", "1.13.8", "1.12.11"] env: VAULT_BINARY_VERSION: ${{ matrix.vault-version }} steps: @@ -259,8 +260,8 @@ jobs: env: # this is further going to multiplied in envoy-integration tests by the # other dimensions in the matrix. Currently TOTAL_RUNNERS would be - # multiplied by 8 based on these values: - # envoy-version: ["1.24.10", "1.25.9", "1.26.4", "1.27.0"] + # multiplied by 2 based on these values: + # envoy-version: ["1.27.2"] # xds-target: ["server", "client"] TOTAL_RUNNERS: 4 JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]' @@ -294,7 +295,7 @@ jobs: strategy: fail-fast: false matrix: - envoy-version: ["1.27.0"] + envoy-version: ["1.27.2"] xds-target: ["server", "client"] test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }} env: @@ -487,6 +488,88 @@ jobs: DD_ENV: ci run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml + integration-test-with-deployer: + runs-on: ${{ fromJSON(needs.setup.outputs.compute-large ) }} + needs: + - setup + permissions: + id-token: write # NOTE: this permission is explicitly required for Vault auth. + contents: read + strategy: + fail-fast: false + env: + DEPLOYER_CONSUL_DATAPLANE_IMAGE: "docker.mirror.hashicorp.services/hashicorppreview/consul-dataplane:1.3-dev" + steps: + - name: Checkout code + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. + - name: Setup Git + if: ${{ endsWith(github.repository, '-enterprise') }} + run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" + - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 + with: + go-version-file: 'go.mod' + - run: go env + - name: Build image + run: make test-deployer-setup + - name: Integration Tests + run: | + mkdir -p "${{ env.TEST_RESULTS_DIR }}" + export NOLOGBUFFER=1 + cd ./test-integ + go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ + --raw-command \ + --format=standard-verbose \ + --debug \ + -- \ + go test \ + -tags "${{ env.GOTAGS }}" \ + -timeout=20m \ + -parallel=2 \ + -json \ + `go list -tags "${{ env.GOTAGS }}" ./... | grep -v peering_commontopo` \ + --target-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \ + --target-version local \ + --latest-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \ + --latest-version latest + env: + # this is needed because of incompatibility between RYUK container and GHA + GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml + GOTESTSUM_FORMAT: standard-verbose + COMPOSE_INTERACTIVE_NO_CLI: 1 + # tput complains if this isn't set to something. + TERM: ansi + # NOTE: ENT specific step as we store secrets in Vault. + - name: Authenticate to Vault + if: ${{ endsWith(github.repository, '-enterprise') }} + id: vault-auth + run: vault-auth + + # NOTE: ENT specific step as we store secrets in Vault. + - name: Fetch Secrets + if: ${{ endsWith(github.repository, '-enterprise') }} + id: secrets + uses: hashicorp/vault-action@v2.5.0 + with: + url: ${{ steps.vault-auth.outputs.addr }} + caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} + token: ${{ steps.vault-auth.outputs.token }} + secrets: | + kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY; + + - name: prepare datadog-ci + if: ${{ !endsWith(github.repository, '-enterprise') }} + run: | + curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci" + chmod +x /usr/local/bin/datadog-ci + + - name: upload coverage + # do not run on forks + if: github.event.pull_request.head.repo.full_name == github.repository + env: + DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}" + DD_ENV: ci + run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml test-integrations-success: needs: @@ -498,6 +581,7 @@ jobs: - generate-envoy-job-matrices - envoy-integration-test - compatibility-integration-test + - integration-test-with-deployer runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} if: always() && needs.conditional-skip.outputs.skip-ci != 'true' steps: diff --git a/.github/workflows/verify-envoy-version.yml b/.github/workflows/verify-envoy-version.yml index 9e8b7e7e89b3..003888eddf6e 100644 --- a/.github/workflows/verify-envoy-version.yml +++ b/.github/workflows/verify-envoy-version.yml @@ -14,6 +14,9 @@ on: - main - release/** +env: + SKIP_VERIFY_ENVOY_VERSION: ${{ vars.SKIP_VERIFY_ENVOY_VERSION }} + jobs: verify-envoy-version: runs-on: ubuntu-latest diff --git a/CHANGELOG.md b/CHANGELOG.md index f72f27cb912d..8bbe1143e7f7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,166 @@ +## 1.17.0 (October 31, 2023) + +BREAKING CHANGES: + +* api: RaftLeaderTransfer now requires an id string. An empty string can be specified to keep the old behavior. [[GH-17107](https://github.com/hashicorp/consul/issues/17107)] +* audit-logging: **(Enterprise only)** allowing timestamp based filename only on rotation. initially the filename will be just file.json [[GH-18668](https://github.com/hashicorp/consul/issues/18668)] + +SECURITY: + +* Update `golang.org/x/net` to v0.17.0 to address [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) +/ [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)(`x/net/http2`). [[GH-19225](https://github.com/hashicorp/consul/issues/19225)] +* Upgrade Go to 1.20.10. +This resolves vulnerability [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) +/ [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)(`net/http`). [[GH-19225](https://github.com/hashicorp/consul/issues/19225)] +* Upgrade `google.golang.org/grpc` to 1.56.3. +This resolves vulnerability [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). [[GH-19414](https://github.com/hashicorp/consul/issues/19414)] +* connect: update supported envoy versions to 1.24.12, 1.25.11, 1.26.6, 1.27.2 to address [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) [[GH-19275](https://github.com/hashicorp/consul/issues/19275)] + +FEATURE PREVIEW: **Catalog v2** + +This release provides the ability to preview Consul's v2 Catalog and Resource API if enabled. The new model supports +multi-port application deployments with only a single Envoy proxy. Note that the v1 and v2 catalogs are not cross +compatible, and not all Consul features are available within this v2 feature preview. See the [v2 Catalog and Resource +API documentation](https://developer.hashicorp.com/consul/docs/architecture/v2) for more information. The v2 Catalog and +Resources API should be considered a feature preview within this release and should not be used in production +environments. + +Limitations +* The v2 catalog API feature preview does not support connections with client agents. As a result, it is only available for Kubernetes deployments, which use [Consul dataplanes](consul/docs/connect/dataplane) instead of client agents. +* The v1 and v2 catalog APIs cannot run concurrently. +* The Consul UI does not support multi-port services or the v2 catalog API in this release. +* HCP Consul does not support multi-port services or the v2 catalog API in this release. + +Significant Pull Requests +* [[Catalog resource controllers]](https://github.com/hashicorp/consul/tree/e6b724d06249d3e62cd75afe3ee6042ba1fd5415/internal/catalog/internal/controllers) +* [[Mesh resource controllers]](https://github.com/hashicorp/consul/tree/e6b724d06249d3e62cd75afe3ee6042ba1fd5415/internal/mesh/internal/controllers) +* [[Auth resource controllers]](https://github.com/hashicorp/consul/tree/e6b724d06249d3e62cd75afe3ee6042ba1fd5415/internal/auth/internal) +* [[V2 Protobufs]](https://github.com/hashicorp/consul/tree/e6b724d06249d3e62cd75afe3ee6042ba1fd5415/proto-public) + +FEATURES: + +* Support custom watches on the Consul Controller framework. [[GH-18439](https://github.com/hashicorp/consul/issues/18439)] +* Windows: support consul connect envoy command on Windows [[GH-17694](https://github.com/hashicorp/consul/issues/17694)] +* acl: Add BindRule support for templated policies. Add new BindType: templated-policy and BindVar field for templated policy variables. [[GH-18719](https://github.com/hashicorp/consul/issues/18719)] +* acl: Add new `acl.tokens.dns` config field which specifies the token used implicitly during dns checks. [[GH-17936](https://github.com/hashicorp/consul/issues/17936)] +* acl: Added ACL Templated policies to simplify getting the right ACL token. [[GH-18708](https://github.com/hashicorp/consul/issues/18708)] +* acl: Adds a new ACL rule for workload identities [[GH-18769](https://github.com/hashicorp/consul/issues/18769)] +* acl: Adds workload identity templated policy [[GH-19077](https://github.com/hashicorp/consul/issues/19077)] +* api-gateway: Add support for response header modifiers on http-route configuration entry [[GH-18646](https://github.com/hashicorp/consul/issues/18646)] +* api-gateway: add retry and timeout filters [[GH-18324](https://github.com/hashicorp/consul/issues/18324)] +* cli: Add `bind-var` flag to `consul acl binding-rule` for templated policy variables. [[GH-18719](https://github.com/hashicorp/consul/issues/18719)] +* cli: Add `consul acl templated-policy` commands to read, list and preview templated policies. [[GH-18816](https://github.com/hashicorp/consul/issues/18816)] +* config-entry(api-gateway): (Enterprise only) Add GatewayPolicy to APIGateway Config Entry listeners +* config-entry(api-gateway): (Enterprise only) Add JWTFilter to HTTPRoute Filters +* dataplane: Allow getting bootstrap parameters when using V2 APIs [[GH-18504](https://github.com/hashicorp/consul/issues/18504)] +* gateway: **(Enterprise only)** Add JWT authentication and authorization to APIGateway Listeners and HTTPRoutes. +* mesh: **(Enterprise only)** Adds rate limiting config to service-defaults [[GH-18583](https://github.com/hashicorp/consul/issues/18583)] +* xds: Add a built-in Envoy extension that appends OpenTelemetry Access Logging (otel-access-logging) to the HTTP Connection Manager filter. [[GH-18336](https://github.com/hashicorp/consul/issues/18336)] +* xds: Add support for patching outbound listeners to the built-in Envoy External Authorization extension. [[GH-18336](https://github.com/hashicorp/consul/issues/18336)] + +IMPROVEMENTS: + +* raft: upgrade raft-wal library version to 0.4.1. [[GH-19314](https://github.com/hashicorp/consul/issues/19314)] +* xds: Use downstream protocol when connecting to local app [[GH-18573](https://github.com/hashicorp/consul/issues/18573)] +* Windows: Integration tests for Consul Windows VMs [[GH-18007](https://github.com/hashicorp/consul/issues/18007)] +* acl: Use templated policy to generate synthetic policies for tokens/roles with node and/or service identities [[GH-18813](https://github.com/hashicorp/consul/issues/18813)] +* api: added `CheckRegisterOpts` to Agent API [[GH-18943](https://github.com/hashicorp/consul/issues/18943)] +* api: added `Token` field to `ServiceRegisterOpts` type in Agent API [[GH-18983](https://github.com/hashicorp/consul/issues/18983)] +* ca: Vault CA provider config no longer requires root_pki_path for secondary datacenters [[GH-17831](https://github.com/hashicorp/consul/issues/17831)] +* cli: Added `-templated-policy`, `-templated-policy-file`, `-replace-templated-policy`, `-append-templated-policy`, `-replace-templated-policy-file`, `-append-templated-policy-file` and `-var` flags for creating or updating tokens/roles. [[GH-18708](https://github.com/hashicorp/consul/issues/18708)] +* config: Add new `tls.defaults.verify_server_hostname` configuration option. This specifies the default value for any interfaces that support the `verify_server_hostname` option. [[GH-17155](https://github.com/hashicorp/consul/issues/17155)] +* connect: update supported envoy versions to 1.24.10, 1.25.9, 1.26.4, 1.27.0 [[GH-18300](https://github.com/hashicorp/consul/issues/18300)] +* ui: Use Community verbiage [[GH-18560](https://github.com/hashicorp/consul/issues/18560)] + +BUG FIXES: + +* api: add custom marshal/unmarshal for ServiceResolverConfigEntry.RequestTimeout so config entries that set this field can be read using the API. [[GH-19031](https://github.com/hashicorp/consul/issues/19031)] +* ca: ensure Vault CA provider respects Vault Enterprise namespace configuration. [[GH-19095](https://github.com/hashicorp/consul/issues/19095)] +* catalog api: fixes a bug with catalog api where filter query parameter was not working correctly for the `/v1/catalog/services` endpoint [[GH-18322](https://github.com/hashicorp/consul/issues/18322)] +* connect: **(Enterprise only)** Fix bug where incorrect service-defaults entries were fetched to determine an upstream's protocol whenever the upstream did not explicitly define the namespace / partition. When this bug occurs, upstreams would use the protocol from a service-default entry in the default namespace / partition, rather than their own namespace / partition. +* connect: Fix bug where uncleanly closed xDS connections would influence connection balancing for too long and prevent envoy instances from starting. Two new configuration fields +`performance.grpc_keepalive_timeout` and `performance.grpc_keepalive_interval` now exist to allow for configuration on how often these dead connections will be cleaned up. [[GH-19339](https://github.com/hashicorp/consul/issues/19339)] +* dev-mode: Fix dev mode has new line in responses. Now new line is added only when url has pretty query parameter. [[GH-18367](https://github.com/hashicorp/consul/issues/18367)] +* dns: **(Enterprise only)** Fix bug where sameness group queries did not correctly inherit the agent's partition. +* docs: fix list of telemetry metrics [[GH-17593](https://github.com/hashicorp/consul/issues/17593)] +* gateways: Fix a bug where a service in a peered datacenter could not access an external node service through a terminating gateway [[GH-18959](https://github.com/hashicorp/consul/issues/18959)] +* server: **(Enterprise Only)** Fixed an issue where snake case keys were rejected when configuring the control-plane-request-limit config entry +* telemetry: emit consul version metric on a regular interval. [[GH-6876](https://github.com/hashicorp/consul/issues/6876)] +* tlsutil: Default setting of ServerName field in outgoing TLS configuration for checks now handled by crypto/tls. [[GH-17481](https://github.com/hashicorp/consul/issues/17481)] + +## 1.17.0-rc1 (October 11, 2023) + +BREAKING CHANGES: + +* api: RaftLeaderTransfer now requires an id string. An empty string can be specified to keep the old behavior. [[GH-17107](https://github.com/hashicorp/consul/issues/17107)] +* audit-logging: **(Enterprise only)** allowing timestamp based filename only on rotation. initially the filename will be just file.json [[GH-18668](https://github.com/hashicorp/consul/issues/18668)] + +FEATURE PREVIEW: **Catalog v2** + +This release provides the ability to preview Consul's v2 Catalog and Resource API if enabled. The new model supports +multi-port application deployments with only a single Envoy proxy. Note that the v1 and v2 catalogs are not cross +compatible, and not all Consul features are available within this v2 feature preview. See the [v2 Catalog and Resource +API documentation](https://developer.hashicorp.com/consul/docs/architecture/v2) for more information. The v2 Catalog and +Resources API should be considered a feature preview within this release and should not be used in production +environments. + +Limitations +* The v2 catalog API feature preview does not support connections with client agents. As a result, it is only available for Kubernetes deployments, which use [Consul dataplanes](consul/docs/connect/dataplane) instead of client agents. +* The v1 and v2 catalog APIs cannot run concurrently. +* The Consul UI does not support multi-port services or the v2 catalog API in this release. +* HCP Consul does not support multi-port services or the v2 catalog API in this release. +* The v2 API only supports transparent proxy mode where services that have permissions to connect to each other can use + Kube DNS to connect. + +Known Issues +* When using the v2 API with transparent proxy, Kubernetes pods cannot use L7 liveness, readiness, or startup probes. + +Significant Pull Requests +* [[Catalog resource controllers]](https://github.com/hashicorp/consul/tree/e6b724d06249d3e62cd75afe3ee6042ba1fd5415/internal/catalog/internal/controllers) +* [[Mesh resource controllers]](https://github.com/hashicorp/consul/tree/e6b724d06249d3e62cd75afe3ee6042ba1fd5415/internal/mesh/internal/controllers) +* [[Auth resource controllers]](https://github.com/hashicorp/consul/tree/e6b724d06249d3e62cd75afe3ee6042ba1fd5415/internal/auth/internal) +* [[V2 Protobufs]](https://github.com/hashicorp/consul/tree/e6b724d06249d3e62cd75afe3ee6042ba1fd5415/proto-public) + +FEATURES: + +* Support custom watches on the Consul Controller framework. [[GH-18439](https://github.com/hashicorp/consul/issues/18439)] +* Windows: support consul connect envoy command on Windows [[GH-17694](https://github.com/hashicorp/consul/issues/17694)] +* acl: Add BindRule support for templated policies. Add new BindType: templated-policy and BindVar field for templated policy variables. [[GH-18719](https://github.com/hashicorp/consul/issues/18719)] +* acl: Add new `acl.tokens.dns` config field which specifies the token used implicitly during dns checks. [[GH-17936](https://github.com/hashicorp/consul/issues/17936)] +* acl: Added ACL Templated policies to simplify getting the right ACL token. [[GH-18708](https://github.com/hashicorp/consul/issues/18708)] +* acl: Adds a new ACL rule for workload identities [[GH-18769](https://github.com/hashicorp/consul/issues/18769)] +* api-gateway: Add support for response header modifiers on http-route configuration entry [[GH-18646](https://github.com/hashicorp/consul/issues/18646)] +* api-gateway: add retry and timeout filters [[GH-18324](https://github.com/hashicorp/consul/issues/18324)] +* cli: Add `bind-var` flag to `consul acl binding-rule` for templated policy variables. [[GH-18719](https://github.com/hashicorp/consul/issues/18719)] +* cli: Add `consul acl templated-policy` commands to read, list and preview templated policies. [[GH-18816](https://github.com/hashicorp/consul/issues/18816)] +* config-entry(api-gateway): (Enterprise only) Add GatewayPolicy to APIGateway Config Entry listeners +* config-entry(api-gateway): (Enterprise only) Add JWTFilter to HTTPRoute Filters +* dataplane: Allow getting bootstrap parameters when using V2 APIs [[GH-18504](https://github.com/hashicorp/consul/issues/18504)] +* gateway: **(Enterprise only)** Add JWT authentication and authorization to APIGateway Listeners and HTTPRoutes. +* mesh: **(Enterprise only)** Adds rate limiting config to service-defaults [[GH-18583](https://github.com/hashicorp/consul/issues/18583)] +* xds: Add a built-in Envoy extension that appends OpenTelemetry Access Logging (otel-access-logging) to the HTTP Connection Manager filter. [[GH-18336](https://github.com/hashicorp/consul/issues/18336)] +* xds: Add support for patching outbound listeners to the built-in Envoy External Authorization extension. [[GH-18336](https://github.com/hashicorp/consul/issues/18336)] + +IMPROVEMENTS: + +* xds: Use downstream protocol when connecting to local app [[GH-18573](https://github.com/hashicorp/consul/issues/18573)] +* Windows: Integration tests for Consul Windows VMs [[GH-18007](https://github.com/hashicorp/consul/issues/18007)] +* acl: Use templated policy to generate synthetic policies for tokens/roles with node and/or service identities [[GH-18813](https://github.com/hashicorp/consul/issues/18813)] +* api: added `CheckRegisterOpts` to Agent API [[GH-18943](https://github.com/hashicorp/consul/issues/18943)] +* api: added `Token` field to `ServiceRegisterOpts` type in Agent API [[GH-18983](https://github.com/hashicorp/consul/issues/18983)] +* ca: Vault CA provider config no longer requires root_pki_path for secondary datacenters [[GH-17831](https://github.com/hashicorp/consul/issues/17831)] +* cli: Added `-templated-policy`, `-templated-policy-file`, `-replace-templated-policy`, `-append-templated-policy`, `-replace-templated-policy-file`, `-append-templated-policy-file` and `-var` flags for creating or updating tokens/roles. [[GH-18708](https://github.com/hashicorp/consul/issues/18708)] +* config: Add new `tls.defaults.verify_server_hostname` configuration option. This specifies the default value for any interfaces that support the `verify_server_hostname` option. [[GH-17155](https://github.com/hashicorp/consul/issues/17155)] +* connect: update supported envoy versions to 1.24.10, 1.25.9, 1.26.4, 1.27.0 [[GH-18300](https://github.com/hashicorp/consul/issues/18300)] +* ui: Use Community verbiage [[GH-18560](https://github.com/hashicorp/consul/issues/18560)] + +BUG FIXES: + +* api: add custom marshal/unmarshal for ServiceResolverConfigEntry.RequestTimeout so config entries that set this field can be read using the API. [[GH-19031](https://github.com/hashicorp/consul/issues/19031)] +* dev-mode: Fix dev mode has new line in responses. Now new line is added only when url has pretty query parameter. [[GH-18367](https://github.com/hashicorp/consul/issues/18367)] +* telemetry: emit consul version metric on a regular interval. [[GH-6876](https://github.com/hashicorp/consul/issues/6876)] +* tlsutil: Default setting of ServerName field in outgoing TLS configuration for checks now handled by crypto/tls. [[GH-17481](https://github.com/hashicorp/consul/issues/17481)] + ## 1.16.2 (September 19, 2023) SECURITY: diff --git a/Makefile b/Makefile index 4ee07faef500..8697bff79b47 100644 --- a/Makefile +++ b/Makefile @@ -15,7 +15,7 @@ MOCKERY_VERSION='v2.20.0' BUF_VERSION='v1.26.0' PROTOC_GEN_GO_GRPC_VERSION="v1.2.0" -MOG_VERSION='v0.4.0' +MOG_VERSION='v0.4.1' PROTOC_GO_INJECT_TAG_VERSION='v1.3.0' PROTOC_GEN_GO_BINARY_VERSION="v0.1.0" DEEP_COPY_VERSION='bc3f5aa5735d8a54961580a3a24422c308c831c2' @@ -67,6 +67,7 @@ BUILD_CONTAINER_NAME?=consul-builder CONSUL_IMAGE_VERSION?=latest ENVOY_VERSION?='1.25.4' CONSUL_DATAPLANE_IMAGE := $(or $(CONSUL_DATAPLANE_IMAGE),"docker.io/hashicorppreview/consul-dataplane:1.3-dev-ubi") +DEPLOYER_CONSUL_DATAPLANE_IMAGE := $(or $(DEPLOYER_CONSUL_DATAPLANE_IMAGE), "docker.io/hashicorppreview/consul-dataplane:1.3-dev") CONSUL_VERSION?=$(shell cat version/VERSION) @@ -339,20 +340,67 @@ other-consul: ## Checking for other consul instances # NOTE: Always uses amd64 images, even when running on M1 macs, to match CI/CD environment. # You can also specify the envoy version (example: 1.27.0) setting the environment variable: ENVOY_VERSION=1.27.0 .PHONY: test-envoy-integ -test-envoy-integ: $(ENVOY_INTEG_DEPS) ## Run integration tests. +test-envoy-integ: $(ENVOY_INTEG_DEPS) ## Run envoy integration tests. @go test -v -timeout=30m -tags integration $(GO_TEST_FLAGS) ./test/integration/connect/envoy # NOTE: Use DOCKER_BUILDKIT=0, if docker build fails to resolve consul:local base image .PHONY: test-compat-integ-setup -test-compat-integ-setup: dev-docker - @docker tag consul-dev:latest $(CONSUL_COMPAT_TEST_IMAGE):local - @docker run --rm -t $(CONSUL_COMPAT_TEST_IMAGE):local consul version +test-compat-integ-setup: test-deployer-setup @# 'consul-envoy:target-version' is needed by compatibility integ test @docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=$(CONSUL_COMPAT_TEST_IMAGE):local --build-arg ENVOY_VERSION=${ENVOY_VERSION} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets @docker build -t consul-dataplane:local --build-arg CONSUL_IMAGE=$(CONSUL_COMPAT_TEST_IMAGE):local --build-arg CONSUL_DATAPLANE_IMAGE=${CONSUL_DATAPLANE_IMAGE} -f ./test/integration/consul-container/assets/Dockerfile-consul-dataplane ./test/integration/consul-container/assets +# NOTE: Use DOCKER_BUILDKIT=0, if docker build fails to resolve consul:local base image +.PHONY: test-deployer-setup +test-deployer-setup: dev-docker + @docker tag consul-dev:latest $(CONSUL_COMPAT_TEST_IMAGE):local + @docker run --rm -t $(CONSUL_COMPAT_TEST_IMAGE):local consul version + +.PHONY: test-deployer +test-deployer: test-deployer-setup ## Run deployer-based integration tests (skipping peering_commontopo). + @cd ./test-integ && \ + NOLOGBUFFER=1 \ + TEST_LOG_LEVEL=debug \ + DEPLOYER_CONSUL_DATAPLANE_IMAGE=$(DEPLOYER_CONSUL_DATAPLANE_IMAGE) \ + gotestsum \ + --raw-command \ + --format=standard-verbose \ + --debug \ + -- \ + go test \ + -tags "$(GOTAGS)" \ + -timeout=20m \ + -json \ + $(shell sh -c "cd test-integ ; go list -tags \"$(GOTAGS)\" ./... | grep -v peering_commontopo") \ + --target-image $(CONSUL_COMPAT_TEST_IMAGE) \ + --target-version local \ + --latest-image $(CONSUL_COMPAT_TEST_IMAGE) \ + --latest-version latest + +.PHONY: test-deployer-peering +test-deployer-peering: test-deployer-setup ## Run deployer-based integration tests (just peering_commontopo). + @cd ./test-integ/peering_commontopo && \ + NOLOGBUFFER=1 \ + TEST_LOG_LEVEL=debug \ + DEPLOYER_CONSUL_DATAPLANE_IMAGE=$(DEPLOYER_CONSUL_DATAPLANE_IMAGE) \ + gotestsum \ + --raw-command \ + --format=standard-verbose \ + --debug \ + -- \ + go test \ + -tags "$(GOTAGS)" \ + -timeout=20m \ + -json \ + . \ + --target-image $(CONSUL_COMPAT_TEST_IMAGE) \ + --target-version local \ + --latest-image $(CONSUL_COMPAT_TEST_IMAGE) \ + --latest-version latest + + .PHONY: test-compat-integ -test-compat-integ: test-compat-integ-setup ## Test compat integ +test-compat-integ: test-compat-integ-setup ## Run consul-container based integration tests. ifeq ("$(GOTESTSUM_PATH)","") @cd ./test/integration/consul-container && \ go test \ @@ -438,6 +486,9 @@ codegen: codegen-tools ## Deep copy @$(SHELL) $(CURDIR)/agent/consul/state/deep-copy.sh @$(SHELL) $(CURDIR)/agent/config/deep-copy.sh copywrite headers + # Special case for MPL headers in /api and /sdk + cd api && $(CURDIR)/build-support/scripts/copywrite-exceptions.sh + cd sdk && $(CURDIR)/build-support/scripts/copywrite-exceptions.sh print-% : ; @echo $($*) ## utility to echo a makefile variable (i.e. 'make print-GOPATH') diff --git a/NOTICE.md b/NOTICE.md deleted file mode 100644 index fe34b5e57155..000000000000 --- a/NOTICE.md +++ /dev/null @@ -1,3 +0,0 @@ -Copyright © 2014-2018 HashiCorp, Inc. - -This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this project, you can obtain one at http://mozilla.org/MPL/2.0/. diff --git a/acl/MockAuthorizer.go b/acl/MockAuthorizer.go index 46e6c243a634..9941f81e3f05 100644 --- a/acl/MockAuthorizer.go +++ b/acl/MockAuthorizer.go @@ -224,6 +224,11 @@ func (m *MockAuthorizer) ServiceReadAll(ctx *AuthorizerContext) EnforcementDecis return ret.Get(0).(EnforcementDecision) } +func (m *MockAuthorizer) ServiceReadPrefix(prefix string, ctx *AuthorizerContext) EnforcementDecision { + ret := m.Called(ctx) + return ret.Get(0).(EnforcementDecision) +} + // ServiceWrite checks for permission to create or update a given // service func (m *MockAuthorizer) ServiceWrite(segment string, ctx *AuthorizerContext) EnforcementDecision { diff --git a/acl/acl_test.go b/acl/acl_test.go index 17547b4959d1..28542024e956 100644 --- a/acl/acl_test.go +++ b/acl/acl_test.go @@ -300,6 +300,14 @@ func checkDenyServiceReadAll(t *testing.T, authz Authorizer, _ string, entCtx *A require.Equal(t, Deny, authz.ServiceReadAll(entCtx)) } +func checkAllowServiceReadPrefix(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) { + require.Equal(t, Allow, authz.ServiceReadPrefix(prefix, entCtx)) +} + +func checkDenyServiceReadPrefix(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) { + require.Equal(t, Deny, authz.ServiceReadPrefix(prefix, entCtx)) +} + func checkDenyServiceWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) { require.Equal(t, Deny, authz.ServiceWrite(prefix, entCtx)) } @@ -456,6 +464,10 @@ func checkDefaultServiceReadAll(t *testing.T, authz Authorizer, _ string, entCtx require.Equal(t, Default, authz.ServiceReadAll(entCtx)) } +func checkDefaultServiceReadPrefix(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) { + require.Equal(t, Default, authz.ServiceReadPrefix(prefix, entCtx)) +} + func checkDefaultServiceWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) { require.Equal(t, Default, authz.ServiceWrite(prefix, entCtx)) } diff --git a/acl/authorizer.go b/acl/authorizer.go index 9abd09b02f79..9e5bacc25e86 100644 --- a/acl/authorizer.go +++ b/acl/authorizer.go @@ -171,6 +171,9 @@ type Authorizer interface { // ServiceReadAll checks for permission to read all services ServiceReadAll(*AuthorizerContext) EnforcementDecision + // ServiceReadPrefix checks for permission to read services within the given prefix. + ServiceReadPrefix(string, *AuthorizerContext) EnforcementDecision + // ServiceWrite checks for permission to create or update a given // service ServiceWrite(string, *AuthorizerContext) EnforcementDecision @@ -507,6 +510,14 @@ func (a AllowAuthorizer) ServiceReadAllAllowed(ctx *AuthorizerContext) error { return nil } +// ServiceReadPrefixAllowed checks for permission to read services within the given prefix +func (a AllowAuthorizer) ServiceReadPrefixAllowed(prefix string, ctx *AuthorizerContext) error { + if a.Authorizer.ServiceReadPrefix(prefix, ctx) != Allow { + return PermissionDeniedByACL(a, ctx, ResourceService, AccessRead, prefix) // read + } + return nil +} + // ServiceWriteAllowed checks for permission to create or update a given // service func (a AllowAuthorizer) ServiceWriteAllowed(name string, ctx *AuthorizerContext) error { diff --git a/acl/chained_authorizer.go b/acl/chained_authorizer.go index e35b62ad2fbb..76e973d2e9ed 100644 --- a/acl/chained_authorizer.go +++ b/acl/chained_authorizer.go @@ -275,6 +275,12 @@ func (c *ChainedAuthorizer) ServiceReadAll(entCtx *AuthorizerContext) Enforcemen }) } +func (c *ChainedAuthorizer) ServiceReadPrefix(prefix string, entCtx *AuthorizerContext) EnforcementDecision { + return c.executeChain(func(authz Authorizer) EnforcementDecision { + return authz.ServiceReadPrefix(prefix, entCtx) + }) +} + // ServiceWrite checks for permission to create or update a given // service func (c *ChainedAuthorizer) ServiceWrite(name string, entCtx *AuthorizerContext) EnforcementDecision { diff --git a/acl/chained_authorizer_test.go b/acl/chained_authorizer_test.go index 6c6152dded13..01d33a029204 100644 --- a/acl/chained_authorizer_test.go +++ b/acl/chained_authorizer_test.go @@ -107,6 +107,9 @@ func (authz testAuthorizer) ServiceRead(string, *AuthorizerContext) EnforcementD func (authz testAuthorizer) ServiceReadAll(*AuthorizerContext) EnforcementDecision { return EnforcementDecision(authz) } +func (authz testAuthorizer) ServiceReadPrefix(string, *AuthorizerContext) EnforcementDecision { + return EnforcementDecision(authz) +} func (authz testAuthorizer) ServiceWrite(string, *AuthorizerContext) EnforcementDecision { return EnforcementDecision(authz) } diff --git a/acl/policy_authorizer.go b/acl/policy_authorizer.go index 802b49a8d98f..11d19609efde 100644 --- a/acl/policy_authorizer.go +++ b/acl/policy_authorizer.go @@ -712,7 +712,7 @@ func (p *policyAuthorizer) KeyWritePrefix(prefix string, _ *AuthorizerContext) E // that do NOT grant AccessWrite. // // Conditions for Default: - // * There is no prefix match rule that would appy to the given prefix. + // * There is no prefix match rule that would apply to the given prefix. // AND // * There are no rules (exact or prefix match) within/under the given prefix // that would NOT grant AccessWrite. @@ -916,6 +916,62 @@ func (p *policyAuthorizer) ServiceReadAll(_ *AuthorizerContext) EnforcementDecis return p.allAllowed(p.serviceRules, AccessRead) } +// ServiceReadPrefix determines whether service read is allowed within the given prefix. +// +// Access is allowed iff all the following are true: +// - There's a read policy for the longest prefix that's shorter or equal to the provided prefix. +// - There's no deny policy for any prefix that's longer than the given prefix. +// - There's no deny policy for any exact match that's within the given prefix. +func (p *policyAuthorizer) ServiceReadPrefix(prefix string, _ *AuthorizerContext) EnforcementDecision { + access := Default + + // 1. Walk the prefix tree from root to the given prefix. Find the longest prefix matching ours, + // and use that policy to determine our access as that is the most specific prefix, and it + // should take precedence. + p.serviceRules.WalkPath(prefix, func(path string, leaf interface{}) bool { + rule := leaf.(*policyAuthorizerRadixLeaf) + + if rule.prefix != nil { + switch rule.prefix.access { + case AccessRead, AccessWrite: + access = Allow + default: + access = Deny + } + } + + // Don't stop iteration because we want to visit all nodes down to our leaf to find the more specific match + // as it should take precedence. + return false + }) + + // 2. Check rules "below" the given prefix. Access is allowed if there's no deny policy + // for any prefix longer than ours or for any exact match that's within the prefix. + p.serviceRules.WalkPrefix(prefix, func(path string, leaf interface{}) bool { + rule := leaf.(*policyAuthorizerRadixLeaf) + + if rule.prefix != nil && (rule.prefix.access != AccessRead && rule.prefix.access != AccessWrite) { + // If any prefix longer than the provided prefix has "deny" policy, then access is denied. + access = Deny + + // We don't need to look at the rest of the tree in this case, so terminate early. + return true + } + + if rule.exact != nil && (rule.exact.access != AccessRead && rule.exact.access != AccessWrite) { + // If any exact match policy has an explicit deny, then access is denied. + access = Deny + + // We don't need to look at the rest of the tree in this case, so terminate early. + return true + } + + return false + }) + + return access +} + // ServiceWrite checks if writing (registering) a service is allowed func (p *policyAuthorizer) ServiceWrite(name string, _ *AuthorizerContext) EnforcementDecision { if rule, ok := getPolicy(name, p.serviceRules); ok { diff --git a/acl/policy_authorizer_test.go b/acl/policy_authorizer_test.go index 06e5ee2bb25e..96272d8b12f4 100644 --- a/acl/policy_authorizer_test.go +++ b/acl/policy_authorizer_test.go @@ -64,6 +64,8 @@ func TestPolicyAuthorizer(t *testing.T) { {name: "DefaultPreparedQueryRead", prefix: "foo", check: checkDefaultPreparedQueryRead}, {name: "DefaultPreparedQueryWrite", prefix: "foo", check: checkDefaultPreparedQueryWrite}, {name: "DefaultServiceRead", prefix: "foo", check: checkDefaultServiceRead}, + {name: "DefaultServiceReadAll", prefix: "foo", check: checkDefaultServiceReadAll}, + {name: "DefaultServiceReadPrefix", prefix: "foo", check: checkDefaultServiceReadPrefix}, {name: "DefaultServiceWrite", prefix: "foo", check: checkDefaultServiceWrite}, {name: "DefaultServiceWriteAny", prefix: "", check: checkDefaultServiceWriteAny}, {name: "DefaultSessionRead", prefix: "foo", check: checkDefaultSessionRead}, @@ -396,6 +398,7 @@ func TestPolicyAuthorizer(t *testing.T) { {name: "ServiceReadDenied", prefix: "football", check: checkDenyServiceRead}, {name: "ServiceWriteDenied", prefix: "football", check: checkDenyServiceWrite}, {name: "ServiceWriteAnyAllowed", prefix: "", check: checkAllowServiceWriteAny}, + {name: "ServiceReadWithinPrefixDenied", prefix: "foot", check: checkDenyServiceReadPrefix}, {name: "IdentityReadPrefixAllowed", prefix: "fo", check: checkAllowIdentityRead}, {name: "IdentityWritePrefixDenied", prefix: "fo", check: checkDenyIdentityWrite}, @@ -570,6 +573,214 @@ func TestPolicyAuthorizer(t *testing.T) { {name: "AllDenied", prefix: "*", check: checkDenyIntentionWrite}, }, }, + "Service Read Prefix - read allowed with write policy and exact prefix": { + policy: &Policy{PolicyRules: PolicyRules{ + ServicePrefixes: []*ServiceRule{ + { + Name: "foo", + Policy: PolicyWrite, + }, + }, + }}, + checks: []aclCheck{ + {name: "ServiceReadPrefixAllowed", prefix: "foo", check: checkAllowServiceReadPrefix}, + }, + }, + "Service Read Prefix - read allowed with read policy and exact prefix": { + policy: &Policy{PolicyRules: PolicyRules{ + ServicePrefixes: []*ServiceRule{ + { + Name: "foo", + Policy: PolicyRead, + }, + }, + }}, + checks: []aclCheck{ + {name: "ServiceReadPrefixAllowed", prefix: "foo", check: checkAllowServiceReadPrefix}, + }, + }, + "Service Read Prefix - read denied with deny policy and exact prefix": { + policy: &Policy{PolicyRules: PolicyRules{ + ServicePrefixes: []*ServiceRule{ + { + Name: "foo", + Policy: PolicyDeny, + }, + }, + }}, + checks: []aclCheck{ + {name: "ServiceReadPrefixDenied", prefix: "foo", check: checkDenyServiceReadPrefix}, + }, + }, + "Service Read Prefix - read allowed with write policy and shorter prefix": { + policy: &Policy{PolicyRules: PolicyRules{ + ServicePrefixes: []*ServiceRule{ + { + Name: "foo", + Policy: PolicyWrite, + }, + }, + }}, + checks: []aclCheck{ + {name: "ServiceReadPrefixAllowed", prefix: "foo1", check: checkAllowServiceReadPrefix}, + }, + }, + "Service Read Prefix - read allowed with read policy and shorter prefix": { + policy: &Policy{PolicyRules: PolicyRules{ + ServicePrefixes: []*ServiceRule{ + { + Name: "foo", + Policy: PolicyRead, + }, + }, + }}, + checks: []aclCheck{ + {name: "ServiceReadPrefixAllowed", prefix: "foo1", check: checkAllowServiceReadPrefix}, + }, + }, + "Service Read Prefix - read denied with deny policy and shorter prefix": { + policy: &Policy{PolicyRules: PolicyRules{ + ServicePrefixes: []*ServiceRule{ + { + Name: "foo", + Policy: PolicyDeny, + }, + }, + }}, + checks: []aclCheck{ + {name: "ServiceReadPrefixDenied", prefix: "foo1", check: checkDenyServiceReadPrefix}, + }, + }, + "Service Read Prefix - default with write policy and longer prefix": { + policy: &Policy{PolicyRules: PolicyRules{ + ServicePrefixes: []*ServiceRule{ + { + Name: "foo1", + Policy: PolicyWrite, + }, + }, + }}, + checks: []aclCheck{ + {name: "ServiceReadPrefixDefault", prefix: "foo", check: checkDefaultServiceReadPrefix}, + }, + }, + "Service Read Prefix - default with read policy and longer prefix": { + policy: &Policy{PolicyRules: PolicyRules{ + ServicePrefixes: []*ServiceRule{ + { + Name: "foo1", + Policy: PolicyRead, + }, + }, + }}, + checks: []aclCheck{ + {name: "ServiceReadPrefixDefault", prefix: "foo", check: checkDefaultServiceReadPrefix}, + }, + }, + "Service Read Prefix - deny with deny policy and longer prefix": { + policy: &Policy{PolicyRules: PolicyRules{ + ServicePrefixes: []*ServiceRule{ + { + Name: "foo1", + Policy: PolicyDeny, + }, + }, + }}, + checks: []aclCheck{ + {name: "ServiceReadPrefixDenied", prefix: "foo", check: checkDenyServiceReadPrefix}, + }, + }, + "Service Read Prefix - allow with two shorter prefixes - more specific one allowing read and less specific denying": { + policy: &Policy{PolicyRules: PolicyRules{ + ServicePrefixes: []*ServiceRule{ + { + Name: "fo", + Policy: PolicyDeny, + }, + { + Name: "foo", + Policy: PolicyRead, + }, + }, + }}, + checks: []aclCheck{ + {name: "ServiceReadPrefixAllowed", prefix: "foo", check: checkAllowServiceReadPrefix}, + }, + }, + "Service Read Prefix - deny with two shorter prefixes - more specific one denying and less specific allowing read": { + policy: &Policy{PolicyRules: PolicyRules{ + ServicePrefixes: []*ServiceRule{ + { + Name: "fo", + Policy: PolicyRead, + }, + { + Name: "foo", + Policy: PolicyDeny, + }, + }, + }}, + checks: []aclCheck{ + {name: "ServiceReadPrefixDenied", prefix: "foo", check: checkDenyServiceReadPrefix}, + }, + }, + "Service Read Prefix - deny with exact match denying": { + policy: &Policy{PolicyRules: PolicyRules{ + ServicePrefixes: []*ServiceRule{ + { + Name: "fo", + Policy: PolicyRead, + }, + }, + Services: []*ServiceRule{ + { + Name: "foo-123", + Policy: PolicyDeny, + }, + }, + }}, + checks: []aclCheck{ + {name: "ServiceReadPrefixDenied", prefix: "foo", check: checkDenyServiceReadPrefix}, + }, + }, + "Service Read Prefix - allow with exact match allowing read": { + policy: &Policy{PolicyRules: PolicyRules{ + ServicePrefixes: []*ServiceRule{ + { + Name: "fo", + Policy: PolicyRead, + }, + }, + Services: []*ServiceRule{ + { + Name: "foo-123", + Policy: PolicyRead, + }, + }, + }}, + checks: []aclCheck{ + {name: "ServiceReadPrefixAllowed", prefix: "foo", check: checkAllowServiceReadPrefix}, + }, + }, + "Service Read Prefix - deny with exact match allowing read but prefix match denying": { + policy: &Policy{PolicyRules: PolicyRules{ + ServicePrefixes: []*ServiceRule{ + { + Name: "fo", + Policy: PolicyDeny, + }, + }, + Services: []*ServiceRule{ + { + Name: "foo-123", + Policy: PolicyRead, + }, + }, + }}, + checks: []aclCheck{ + {name: "ServiceReadPrefixDenied", prefix: "foo", check: checkDenyServiceReadPrefix}, + }, + }, } for name, tcase := range cases { diff --git a/acl/static_authorizer.go b/acl/static_authorizer.go index 225aa64e74db..759b378669ad 100644 --- a/acl/static_authorizer.go +++ b/acl/static_authorizer.go @@ -257,6 +257,13 @@ func (s *staticAuthorizer) ServiceReadAll(*AuthorizerContext) EnforcementDecisio return Deny } +func (s *staticAuthorizer) ServiceReadPrefix(string, *AuthorizerContext) EnforcementDecision { + if s.defaultAllow { + return Allow + } + return Deny +} + func (s *staticAuthorizer) ServiceWrite(string, *AuthorizerContext) EnforcementDecision { if s.defaultAllow { return Allow diff --git a/agent/agent.go b/agent/agent.go index 06f538bf9695..dca7bf948739 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -34,6 +34,7 @@ import ( "golang.org/x/net/http2" "golang.org/x/net/http2/h2c" "google.golang.org/grpc" + "google.golang.org/grpc/keepalive" "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/acl/resolver" @@ -655,43 +656,12 @@ func (a *Agent) Start(ctx context.Context) error { return fmt.Errorf("failed to start Consul enterprise component: %v", err) } - // Create proxy config manager now because it is a dependency of creating the proxyWatcher - // which will be passed to consul.NewServer so that it is then passed to the - // controller registration for the XDS controller in v2 mode, and the xds server in v1 and v2 mode. - intentionDefaultAllow, err := a.config.ACLResolverSettings.IsDefaultAllow() - if err != nil { - return fmt.Errorf("unexpected ACL default policy value of %q", a.config.ACLResolverSettings.ACLDefaultPolicy) - } - - go a.baseDeps.ViewStore.Run(&lib.StopChannelContext{StopCh: a.shutdownCh}) - - // Start the proxy config manager. - a.proxyConfig, err = proxycfg.NewManager(proxycfg.ManagerConfig{ - DataSources: a.proxyDataSources(), - Logger: a.logger.Named(logging.ProxyConfig), - Source: &structs.QuerySource{ - Datacenter: a.config.Datacenter, - Segment: a.config.SegmentName, - Node: a.config.NodeName, - NodePartition: a.config.PartitionOrEmpty(), - }, - DNSConfig: proxycfg.DNSConfig{ - Domain: a.config.DNSDomain, - AltDomain: a.config.DNSAltDomain, - }, - TLSConfigurator: a.tlsConfigurator, - IntentionDefaultAllow: intentionDefaultAllow, - UpdateRateLimit: a.config.XDSUpdateRateLimit, - }) - if err != nil { - return err - } - - // proxyWatcher will be used in the creation of the XDS server and also - // in the registration of the xds controller. - proxyWatcher := a.getProxyWatcher() + // proxyTracker will be used in the creation of the XDS server and also + // in the registration of the v2 xds controller + var proxyTracker *proxytracker.ProxyTracker // Setup either the client or the server. + var consulServer *consul.Server if c.ServerMode { serverLogger := a.baseDeps.Logger.NamedIntercept(logging.ConsulServer) @@ -722,18 +692,24 @@ func (a *Agent) Start(ctx context.Context) error { metrics.Default(), a.tlsConfigurator, incomingRPCLimiter, + keepalive.ServerParameters{ + Time: a.config.GRPCKeepaliveInterval, + Timeout: a.config.GRPCKeepaliveTimeout, + }, ) - var pt *proxytracker.ProxyTracker if a.baseDeps.UseV2Resources() { - pt = proxyWatcher.(*proxytracker.ProxyTracker) + proxyTracker = proxytracker.NewProxyTracker(proxytracker.ProxyTrackerConfig{ + Logger: a.logger.Named("proxy-tracker"), + SessionLimiter: a.baseDeps.XDSStreamLimiter, + }) } - server, err := consul.NewServer(consulCfg, a.baseDeps.Deps, a.externalGRPCServer, incomingRPCLimiter, serverLogger, pt) + consulServer, err = consul.NewServer(consulCfg, a.baseDeps.Deps, a.externalGRPCServer, incomingRPCLimiter, serverLogger, proxyTracker) if err != nil { return fmt.Errorf("Failed to start Consul server: %v", err) } - incomingRPCLimiter.Register(server) - a.delegate = server + incomingRPCLimiter.Register(consulServer) + a.delegate = consulServer if a.config.PeeringEnabled && a.config.ConnectEnabled { d := servercert.Deps{ @@ -743,7 +719,7 @@ func (a *Agent) Start(ctx context.Context) error { ACLsEnabled: a.config.ACLsEnabled, }, LeafCertManager: a.leafCertManager, - GetStore: func() servercert.Store { return server.FSM().State() }, + GetStore: func() servercert.Store { return consulServer.FSM().State() }, TLSConfigurator: a.tlsConfigurator, } a.certManager = servercert.NewCertManager(d) @@ -757,6 +733,10 @@ func (a *Agent) Start(ctx context.Context) error { metrics.Default(), a.tlsConfigurator, rpcRate.NullRequestLimitsHandler(), + keepalive.ServerParameters{ + Time: a.config.GRPCKeepaliveInterval, + Timeout: a.config.GRPCKeepaliveTimeout, + }, ) client, err := consul.NewClient(consulCfg, a.baseDeps.Deps) @@ -795,6 +775,35 @@ func (a *Agent) Start(ctx context.Context) error { return err } + intentionDefaultAllow, err := a.config.ACLResolverSettings.IsDefaultAllow() + if err != nil { + return fmt.Errorf("unexpected ACL default policy value of %q", a.config.ACLResolverSettings.ACLDefaultPolicy) + } + + go a.baseDeps.ViewStore.Run(&lib.StopChannelContext{StopCh: a.shutdownCh}) + + // Start the proxy config manager. + a.proxyConfig, err = proxycfg.NewManager(proxycfg.ManagerConfig{ + DataSources: a.proxyDataSources(consulServer), + Logger: a.logger.Named(logging.ProxyConfig), + Source: &structs.QuerySource{ + Datacenter: a.config.Datacenter, + Segment: a.config.SegmentName, + Node: a.config.NodeName, + NodePartition: a.config.PartitionOrEmpty(), + }, + DNSConfig: proxycfg.DNSConfig{ + Domain: a.config.DNSDomain, + AltDomain: a.config.DNSAltDomain, + }, + TLSConfigurator: a.tlsConfigurator, + IntentionDefaultAllow: intentionDefaultAllow, + UpdateRateLimit: a.config.XDSUpdateRateLimit, + }) + if err != nil { + return err + } + go localproxycfg.Sync( &lib.StopChannelContext{StopCh: a.shutdownCh}, localproxycfg.SyncConfig{ @@ -803,6 +812,7 @@ func (a *Agent) Start(ctx context.Context) error { Logger: a.proxyConfig.Logger.Named("agent-state"), Tokens: a.baseDeps.Tokens, NodeName: a.config.NodeName, + NodeLocality: a.config.StructLocality(), ResyncFrequency: a.config.LocalProxyConfigResyncInterval, }, ) @@ -847,7 +857,7 @@ func (a *Agent) Start(ctx context.Context) error { } // Start grpc and grpc_tls servers. - if err := a.listenAndServeGRPC(proxyWatcher); err != nil { + if err := a.listenAndServeGRPC(proxyTracker, consulServer); err != nil { return err } @@ -912,29 +922,13 @@ func (a *Agent) Failed() <-chan struct{} { return a.apiServers.failed } -// getProxyWatcher returns the proper implementation of the ProxyWatcher interface. -// It will return a ProxyTracker if "resource-apis" experiment is active. Otherwise, -// it will return a ConfigSource. -func (a *Agent) getProxyWatcher() xds.ProxyWatcher { - if a.baseDeps.UseV2Resources() { - a.logger.Trace("returning proxyTracker for getProxyWatcher") - return proxytracker.NewProxyTracker(proxytracker.ProxyTrackerConfig{ - Logger: a.logger.Named("proxy-tracker"), - SessionLimiter: a.baseDeps.XDSStreamLimiter, - }) - } else { - a.logger.Trace("returning configSource for getProxyWatcher") - return localproxycfg.NewConfigSource(a.proxyConfig) - } -} - // configureXDSServer configures an XDS server with the proper implementation of // the PRoxyWatcher interface and registers the XDS server with Consul's // external facing GRPC server. -func (a *Agent) configureXDSServer(proxyWatcher xds.ProxyWatcher) { +func (a *Agent) configureXDSServer(proxyWatcher xds.ProxyWatcher, server *consul.Server) { // TODO(agentless): rather than asserting the concrete type of delegate, we // should add a method to the Delegate interface to build a ConfigSource. - if server, ok := a.delegate.(*consul.Server); ok { + if server != nil { switch proxyWatcher.(type) { case *proxytracker.ProxyTracker: go func() { @@ -970,12 +964,18 @@ func (a *Agent) configureXDSServer(proxyWatcher xds.ProxyWatcher) { a.xdsServer.Register(a.externalGRPCServer) } -func (a *Agent) listenAndServeGRPC(proxyWatcher xds.ProxyWatcher) error { +func (a *Agent) listenAndServeGRPC(proxyTracker *proxytracker.ProxyTracker, server *consul.Server) error { if len(a.config.GRPCAddrs) < 1 && len(a.config.GRPCTLSAddrs) < 1 { return nil } + var proxyWatcher xds.ProxyWatcher + if a.baseDeps.UseV2Resources() { + proxyWatcher = proxyTracker + } else { + proxyWatcher = localproxycfg.NewConfigSource(a.proxyConfig) + } - a.configureXDSServer(proxyWatcher) + a.configureXDSServer(proxyWatcher, server) // Attempt to spawn listeners var listeners []net.Listener @@ -3687,6 +3687,13 @@ func (a *Agent) loadServices(conf *config.RuntimeConfig, snap map[structs.CheckI } ns := service.NodeService() + + // We currently do not persist locality inherited from the node service + // (it is inherited at runtime). See agent/proxycfg-sources/local/sync.go. + // To support locality-aware service discovery in the future, persisting + // this data may be necessary. This does not impact agent-less deployments + // because locality is explicitly set on service registration there. + chkTypes, err := service.CheckTypes() if err != nil { return fmt.Errorf("Failed to validate checks for service %q: %v", service.Name, err) @@ -4570,7 +4577,7 @@ func (a *Agent) listenerPortLocked(svcID structs.ServiceID, checkID structs.Chec return port, nil } -func (a *Agent) proxyDataSources() proxycfg.DataSources { +func (a *Agent) proxyDataSources(server *consul.Server) proxycfg.DataSources { sources := proxycfg.DataSources{ CARoots: proxycfgglue.CacheCARoots(a.cache), CompiledDiscoveryChain: proxycfgglue.CacheCompiledDiscoveryChain(a.cache), @@ -4597,7 +4604,7 @@ func (a *Agent) proxyDataSources() proxycfg.DataSources { ExportedPeeredServices: proxycfgglue.CacheExportedPeeredServices(a.cache), } - if server, ok := a.delegate.(*consul.Server); ok { + if server != nil { deps := proxycfgglue.ServerDataSourceDeps{ Datacenter: a.config.Datacenter, EventPublisher: a.baseDeps.EventPublisher, diff --git a/agent/agent_endpoint.go b/agent/agent_endpoint.go index dd32bc684350..1048a2e65623 100644 --- a/agent/agent_endpoint.go +++ b/agent/agent_endpoint.go @@ -1166,6 +1166,13 @@ func (s *HTTPHandlers) AgentRegisterService(resp http.ResponseWriter, req *http. // Get the node service. ns := args.NodeService() + + // We currently do not persist locality inherited from the node service + // (it is inherited at runtime). See agent/proxycfg-sources/local/sync.go. + // To support locality-aware service discovery in the future, persisting + // this data may be necessary. This does not impact agent-less deployments + // because locality is explicitly set on service registration there. + if ns.Weights != nil { if err := structs.ValidateWeights(ns.Weights); err != nil { return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: fmt.Sprintf("Invalid Weights: %v", err)} diff --git a/agent/agent_endpoint_test.go b/agent/agent_endpoint_test.go index 1a021d7b8e4c..ab9a44ff9877 100644 --- a/agent/agent_endpoint_test.go +++ b/agent/agent_endpoint_test.go @@ -90,6 +90,18 @@ func TestAgentEndpointsFailInV2(t *testing.T) { }) } + t.Run("agent-self-with-params", func(t *testing.T) { + req, err := http.NewRequest("GET", "/v1/agent/self?dc=dc1", nil) + require.NoError(t, err) + + resp := httptest.NewRecorder() + a.srv.h.ServeHTTP(resp, req) + require.Equal(t, http.StatusOK, resp.Code) + + _, err = io.ReadAll(resp.Body) + require.NoError(t, err) + }) + checkRequest("PUT", "/v1/agent/maintenance") checkRequest("GET", "/v1/agent/services") checkRequest("GET", "/v1/agent/service/web") diff --git a/agent/agent_test.go b/agent/agent_test.go index 455a8bbb3e66..0b17190dd611 100644 --- a/agent/agent_test.go +++ b/agent/agent_test.go @@ -23,19 +23,12 @@ import ( "os" "path" "path/filepath" - "reflect" "strconv" "strings" "sync" "testing" "time" - "github.com/hashicorp/consul/agent/grpc-external/limiter" - "github.com/hashicorp/consul/agent/proxycfg" - "github.com/hashicorp/consul/agent/proxycfg-sources/local" - "github.com/hashicorp/consul/agent/xds" - proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker" - "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" "github.com/google/tcpproxy" @@ -6442,73 +6435,6 @@ func TestAgent_checkServerLastSeen(t *testing.T) { }) } -func TestAgent_getProxyWatcher(t *testing.T) { - type testcase struct { - description string - getExperiments func() []string - expectedType xds.ProxyWatcher - } - testscases := []testcase{ - { - description: "config source is returned when api-resources experiment is not configured", - expectedType: &local.ConfigSource{}, - getExperiments: func() []string { - return []string{} - }, - }, - { - description: "proxy tracker is returned when api-resources experiment is configured", - expectedType: &proxytracker.ProxyTracker{}, - getExperiments: func() []string { - return []string{consul.CatalogResourceExperimentName} - }, - }, - } - for _, tc := range testscases { - caConfig := tlsutil.Config{} - tlsConf, err := tlsutil.NewConfigurator(caConfig, hclog.New(nil)) - require.NoError(t, err) - - bd := BaseDeps{ - Deps: consul.Deps{ - Logger: hclog.NewInterceptLogger(nil), - Tokens: new(token.Store), - TLSConfigurator: tlsConf, - GRPCConnPool: &fakeGRPCConnPool{}, - Registry: resource.NewRegistry(), - }, - RuntimeConfig: &config.RuntimeConfig{ - HTTPAddrs: []net.Addr{ - &net.TCPAddr{IP: net.ParseIP("127.0.0.1"), Port: freeport.GetOne(t)}, - }, - }, - Cache: cache.New(cache.Options{}), - NetRPC: &LazyNetRPC{}, - } - - bd.XDSStreamLimiter = limiter.NewSessionLimiter() - bd.LeafCertManager = leafcert.NewManager(leafcert.Deps{ - CertSigner: leafcert.NewNetRPCCertSigner(bd.NetRPC), - RootsReader: leafcert.NewCachedRootsReader(bd.Cache, "dc1"), - Config: leafcert.Config{}, - }) - - cfg := config.RuntimeConfig{ - BuildDate: time.Date(2000, 1, 1, 0, 0, 1, 0, time.UTC), - } - bd, err = initEnterpriseBaseDeps(bd, &cfg) - require.NoError(t, err) - - bd.Experiments = tc.getExperiments() - - agent, err := New(bd) - require.NoError(t, err) - agent.proxyConfig, err = proxycfg.NewManager(proxycfg.ManagerConfig{Logger: bd.Logger, Source: &structs.QuerySource{}}) - require.NoError(t, err) - require.IsTypef(t, tc.expectedType, agent.getProxyWatcher(), fmt.Sprintf("Expected proxyWatcher to be of type %s", reflect.TypeOf(tc.expectedType))) - } - -} func getExpectedCaPoolByFile(t *testing.T) *x509.CertPool { pool := x509.NewCertPool() data, err := os.ReadFile("../test/ca/root.cer") diff --git a/agent/config/builder.go b/agent/config/builder.go index c7fdcb7dd7c9..852337d08cfb 100644 --- a/agent/config/builder.go +++ b/agent/config/builder.go @@ -1019,6 +1019,8 @@ func (b *builder) build() (rt RuntimeConfig, err error) { GRPCPort: grpcPort, GRPCTLSAddrs: grpcTlsAddrs, GRPCTLSPort: grpcTlsPort, + GRPCKeepaliveInterval: b.durationValWithDefaultMin("performance.grpc_keepalive_interval", c.Performance.GRPCKeepaliveInterval, 30*time.Second, time.Second), + GRPCKeepaliveTimeout: b.durationValWithDefaultMin("performance.grpc_keepalive_timeout", c.Performance.GRPCKeepaliveTimeout, 20*time.Second, time.Second), HTTPMaxConnsPerClient: intVal(c.Limits.HTTPMaxConnsPerClient), HTTPSHandshakeTimeout: b.durationVal("limits.https_handshake_timeout", c.Limits.HTTPSHandshakeTimeout), KVMaxValueSize: uint64Val(c.Limits.KVMaxValueSize), @@ -1730,10 +1732,21 @@ func (b *builder) serviceVal(v *ServiceDefinition) *structs.ServiceDefinition { Checks: checks, Proxy: b.serviceProxyVal(v.Proxy), Connect: b.serviceConnectVal(v.Connect), + Locality: b.serviceLocalityVal(v.Locality), EnterpriseMeta: v.EnterpriseMeta.ToStructs(), } } +func (b *builder) serviceLocalityVal(l *Locality) *structs.Locality { + if l == nil { + return nil + } + return &structs.Locality{ + Region: stringVal(l.Region), + Zone: stringVal(l.Zone), + } +} + func (b *builder) serviceKindVal(v *string) structs.ServiceKind { if v == nil { return structs.ServiceKindTypical diff --git a/agent/config/config.go b/agent/config/config.go index 816f7ae85f17..d620b8c2f4e4 100644 --- a/agent/config/config.go +++ b/agent/config/config.go @@ -404,6 +404,7 @@ type ServiceDefinition struct { EnableTagOverride *bool `mapstructure:"enable_tag_override"` Proxy *ServiceProxy `mapstructure:"proxy"` Connect *ServiceConnect `mapstructure:"connect"` + Locality *Locality `mapstructure:"locality"` EnterpriseMeta `mapstructure:",squash"` } @@ -673,9 +674,11 @@ type HTTPConfig struct { } type Performance struct { - LeaveDrainTime *string `mapstructure:"leave_drain_time"` - RaftMultiplier *int `mapstructure:"raft_multiplier"` // todo(fs): validate as uint - RPCHoldTimeout *string `mapstructure:"rpc_hold_timeout"` + LeaveDrainTime *string `mapstructure:"leave_drain_time"` + RaftMultiplier *int `mapstructure:"raft_multiplier"` // todo(fs): validate as uint + RPCHoldTimeout *string `mapstructure:"rpc_hold_timeout"` + GRPCKeepaliveInterval *string `mapstructure:"grpc_keepalive_interval"` + GRPCKeepaliveTimeout *string `mapstructure:"grpc_keepalive_timeout"` } type Telemetry struct { diff --git a/agent/config/default.go b/agent/config/default.go index cb71d4eedefd..f07a8bdf46dc 100644 --- a/agent/config/default.go +++ b/agent/config/default.go @@ -118,6 +118,8 @@ func DefaultSource() Source { leave_drain_time = "5s" raft_multiplier = ` + strconv.Itoa(int(consul.DefaultRaftMultiplier)) + ` rpc_hold_timeout = "7s" + grpc_keepalive_interval = "30s" + grpc_keepalive_timeout = "20s" } ports = { dns = 8600 diff --git a/agent/config/runtime.go b/agent/config/runtime.go index 18278b08b1ac..954aa7198e25 100644 --- a/agent/config/runtime.go +++ b/agent/config/runtime.go @@ -717,6 +717,19 @@ type RuntimeConfig struct { // hcl: client_addr = string addresses { grpc_tls = string } ports { grpc_tls = int } GRPCTLSAddrs []net.Addr + // GRPCKeepaliveInterval determines how frequently an HTTP2 keepalive will be broadcast + // whenever a GRPC connection is idle. This helps detect xds connections that have died. + // + // Since the xds load balancing between servers relies on knowing how many connections + // are active, this configuration ensures that they are routinely detected / cleaned up + // on an interval. + GRPCKeepaliveInterval time.Duration + + // GRPCKeepaliveTimeout specifies how long a GRPC client has to reply to the keepalive + // messages spawned from GRPCKeepaliveInterval. If a client does not reply in this amount of + // time, the connection will be closed by the server. + GRPCKeepaliveTimeout time.Duration + // HTTPAddrs contains the list of TCP addresses and UNIX sockets the HTTP // server will bind to. If the HTTP endpoint is disabled (ports.http <= 0) // the list is empty. diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go index e7772c94a955..7158b014d15d 100644 --- a/agent/config/runtime_test.go +++ b/agent/config/runtime_test.go @@ -6560,6 +6560,8 @@ func TestLoad_FullConfig(t *testing.T) { GRPCAddrs: []net.Addr{tcpAddr("32.31.61.91:4881")}, GRPCTLSPort: 5201, GRPCTLSAddrs: []net.Addr{tcpAddr("23.14.88.19:5201")}, + GRPCKeepaliveInterval: 33 * time.Second, + GRPCKeepaliveTimeout: 22 * time.Second, HTTPAddrs: []net.Addr{tcpAddr("83.39.91.39:7999")}, HTTPBlockEndpoints: []string{"RBvAFcGD", "fWOWFznh"}, AllowWriteHTTPFrom: []*net.IPNet{cidr("127.0.0.0/8"), cidr("22.33.44.55/32"), cidr("0.0.0.0/0")}, @@ -6574,6 +6576,10 @@ func TestLoad_FullConfig(t *testing.T) { KVMaxValueSize: 1234567800, LeaveDrainTime: 8265 * time.Second, LeaveOnTerm: true, + Locality: &Locality{ + Region: strPtr("us-east-2"), + Zone: strPtr("us-east-2b"), + }, Logging: logging.Config{ LogLevel: "k1zo9Spt", LogJSON: true, @@ -6676,6 +6682,10 @@ func TestLoad_FullConfig(t *testing.T) { }, }, }, + Locality: &structs.Locality{ + Region: "us-east-1", + Zone: "us-east-1a", + }, }, { ID: "MRHVMZuD", @@ -6834,6 +6844,10 @@ func TestLoad_FullConfig(t *testing.T) { Connect: &structs.ServiceConnect{ Native: true, }, + Locality: &structs.Locality{ + Region: "us-west-1", + Zone: "us-west-1a", + }, Checks: structs.CheckTypes{ &structs.CheckType{ CheckID: "Zv99e9Ka", diff --git a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden index b82baea53514..56397ad94d0f 100644 --- a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden +++ b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden @@ -210,6 +210,8 @@ "GRPCPort": 0, "GRPCTLSAddrs": [], "GRPCTLSPort": 0, + "GRPCKeepaliveInterval": "0s", + "GRPCKeepaliveTimeout": "0s", "GossipLANGossipInterval": "0s", "GossipLANGossipNodes": 0, "GossipLANProbeInterval": "0s", diff --git a/agent/config/testdata/full-config.hcl b/agent/config/testdata/full-config.hcl index 1c1fb0158aa5..4c734265fd41 100644 --- a/agent/config/testdata/full-config.hcl +++ b/agent/config/testdata/full-config.hcl @@ -317,6 +317,10 @@ limits { write_rate = 101.0 } } +locality = { + region = "us-east-2" + zone = "us-east-2b" +} log_level = "k1zo9Spt" log_json = true max_query_time = "18237s" @@ -335,6 +339,8 @@ performance { leave_drain_time = "8265s" raft_multiplier = 5 rpc_hold_timeout = "15707s" + grpc_keepalive_interval = "33s" + grpc_keepalive_timeout = "22s" } pid_file = "43xN80Km" ports { @@ -508,6 +514,10 @@ service = { connect { native = true } + locality = { + region = "us-west-1" + zone = "us-west-1a" + } } services = [ { @@ -548,6 +558,10 @@ services = [ connect { sidecar_service {} } + locality = { + region = "us-east-1" + zone = "us-east-1a" + } }, { id = "MRHVMZuD" diff --git a/agent/config/testdata/full-config.json b/agent/config/testdata/full-config.json index cd407d3e5dae..30ede7dd18f1 100644 --- a/agent/config/testdata/full-config.json +++ b/agent/config/testdata/full-config.json @@ -366,6 +366,10 @@ "write_rate": 101.0 } }, + "locality": { + "region": "us-east-2", + "zone": "us-east-2b" + }, "log_level": "k1zo9Spt", "log_json": true, "max_query_time": "18237s", @@ -383,7 +387,9 @@ "performance": { "leave_drain_time": "8265s", "raft_multiplier": 5, - "rpc_hold_timeout": "15707s" + "rpc_hold_timeout": "15707s", + "grpc_keepalive_interval": "33s", + "grpc_keepalive_timeout": "22s" }, "pid_file": "43xN80Km", "ports": { @@ -596,6 +602,10 @@ ], "connect": { "native": true + }, + "locality": { + "region": "us-west-1", + "zone": "us-west-1a" } }, "services": [ @@ -647,6 +657,10 @@ }, "connect": { "sidecar_service": {} + }, + "locality": { + "region": "us-east-1", + "zone": "us-east-1a" } }, { diff --git a/agent/connect/ca/provider_vault.go b/agent/connect/ca/provider_vault.go index 60627b5314a2..692b9a568c23 100644 --- a/agent/connect/ca/provider_vault.go +++ b/agent/connect/ca/provider_vault.go @@ -22,6 +22,7 @@ import ( "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/lib" "github.com/hashicorp/consul/lib/decode" + "github.com/hashicorp/consul/lib/retry" ) const ( @@ -177,11 +178,17 @@ func (v *VaultProvider) Configure(cfg ProviderConfig) error { v.stopWatcher() } v.stopWatcher = cancel + // NOTE: Any codepaths after v.renewToken(...) which return an error + // _must_ call v.stopWatcher() to prevent the renewal goroutine from + // leaking when the CA initialization fails and gets retried later. go v.renewToken(ctx, lifetimeWatcher) } // Update the intermediate (managed) PKI mount and role if err := v.setupIntermediatePKIPath(); err != nil { + if v.stopWatcher != nil { + v.stopWatcher() + } return err } @@ -223,6 +230,16 @@ func (v *VaultProvider) renewToken(ctx context.Context, watcher *vaultapi.Lifeti go watcher.Start() defer watcher.Stop() + // These values are chosen to start the exponential backoff + // immediately. Since the Vault client implements its own + // retries, this retry is mostly to avoid resource contention + // and log spam. + retrier := retry.Waiter{ + MinFailures: 1, + MinWait: 1 * time.Second, + Jitter: retry.NewJitter(20), + } + for { select { case <-ctx.Done(): @@ -231,7 +248,16 @@ func (v *VaultProvider) renewToken(ctx context.Context, watcher *vaultapi.Lifeti case err := <-watcher.DoneCh(): // Watcher has stopped if err != nil { - v.logger.Error("Error renewing token for Vault provider", "error", err) + v.logger.Error("Error renewing token for Vault provider", "error", err, "retries", retrier.Failures()) + } + + // Although the vault watcher has its own retry logic, we have encountered + // issues when passing an invalid Vault token which would send an error to + // watcher.DoneCh() immediately, causing us to start the watcher over and + // over again in a very tight loop. + if err := retrier.Wait(ctx); err != nil { + // only possible error is when context is cancelled + return } // If the watcher has exited and auth method is enabled, @@ -265,6 +291,7 @@ func (v *VaultProvider) renewToken(ctx context.Context, watcher *vaultapi.Lifeti go watcher.Start() case <-watcher.RenewCh(): + retrier.Reset() v.logger.Info("Successfully renewed token for Vault provider") } } diff --git a/agent/connect/ca/provider_vault_test.go b/agent/connect/ca/provider_vault_test.go index ece7659d04aa..edd094f5502a 100644 --- a/agent/connect/ca/provider_vault_test.go +++ b/agent/connect/ca/provider_vault_test.go @@ -8,6 +8,7 @@ import ( "encoding/json" "fmt" "io" + "runtime/pprof" "strconv" "strings" "sync/atomic" @@ -237,8 +238,69 @@ func TestVaultCAProvider_Configure(t *testing.T) { testcase.expectedValue(t, provider) }) } +} + +// This test must not run in parallel +func TestVaultCAProvider_ConfigureFailureGoroutineLeakCheck(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + SkipIfVaultNotPresent(t) + + testVault := NewTestVaultServer(t) + + attr := &VaultTokenAttributes{ + RootPath: "pki-root", + IntermediatePath: "pki-intermediate", + ConsulManaged: true, + } + token := CreateVaultTokenWithAttrs(t, testVault.client, attr) + + provider := NewVaultProvider(hclog.New(&hclog.LoggerOptions{Name: "ca.vault"})) + + t.Run("error on Configure does not leak renewal routine", func(t *testing.T) { + config := map[string]any{ + "RootPKIPath": "pki-root/", + "IntermediatePKIPath": "badbadbad/", + } + cfg := vaultProviderConfig(t, testVault.Addr, token, config) + + err := provider.Configure(cfg) + require.Error(t, err) + + retry.RunWith(retry.TwoSeconds(), t, func(r *retry.R) { + profile := pprof.Lookup("goroutine") + sb := strings.Builder{} + require.NoError(r, profile.WriteTo(&sb, 2)) + require.NotContains(r, sb.String(), + "created by github.com/hashicorp/consul/agent/connect/ca.(*VaultProvider).Configure", + "found renewal goroutine leak") + // If this test is failing because you added a new goroutine to + // (*VaultProvider).Configure AND that goroutine should persist + // even if Configure errored, then you should change the checked + // string to (*VaultProvider).renewToken. + }) + }) - return + t.Run("successful Configure starts renewal routine", func(t *testing.T) { + config := map[string]any{ + "RootPKIPath": "pki-root/", + "IntermediatePKIPath": "pki-intermediate/", + } + cfg := vaultProviderConfig(t, testVault.Addr, token, config) + + require.NoError(t, provider.Configure(cfg)) + + retry.RunWith(retry.TwoSeconds(), t, func(r *retry.R) { + profile := pprof.Lookup("goroutine") + sb := strings.Builder{} + require.NoError(r, profile.WriteTo(&sb, 2)) + t.Log(sb.String()) + require.Contains(r, sb.String(), + "created by github.com/hashicorp/consul/agent/connect/ca.(*VaultProvider).Configure", + "expected renewal goroutine, got none") + }) + }) } func TestVaultCAProvider_SecondaryActiveIntermediate(t *testing.T) { diff --git a/agent/consul/discoverychain/gateway_httproute.go b/agent/consul/discoverychain/gateway_httproute.go index 3a4acf48e413..c4816e027449 100644 --- a/agent/consul/discoverychain/gateway_httproute.go +++ b/agent/consul/discoverychain/gateway_httproute.go @@ -177,12 +177,9 @@ func httpRouteToDiscoveryChain(route structs.HTTPRouteConfigEntry) (*structs.Ser } if rule.Filters.RetryFilter != nil { - if rule.Filters.RetryFilter.NumRetries != nil { - destination.NumRetries = *rule.Filters.RetryFilter.NumRetries - } - if rule.Filters.RetryFilter.RetryOnConnectFailure != nil { - destination.RetryOnConnectFailure = *rule.Filters.RetryFilter.RetryOnConnectFailure - } + + destination.NumRetries = rule.Filters.RetryFilter.NumRetries + destination.RetryOnConnectFailure = rule.Filters.RetryFilter.RetryOnConnectFailure if len(rule.Filters.RetryFilter.RetryOn) > 0 { destination.RetryOn = rule.Filters.RetryFilter.RetryOn diff --git a/agent/consul/gateways/controller_gateways.go b/agent/consul/gateways/controller_gateways.go index 24e1dd4c275a..ae82bdddc449 100644 --- a/agent/consul/gateways/controller_gateways.go +++ b/agent/consul/gateways/controller_gateways.go @@ -686,14 +686,16 @@ func (g *gatewayMeta) updateRouteBinding(route structs.BoundRoute) (bool, []stru errors[ref] = err } + isValidJWT := true if httpRoute, ok := route.(*structs.HTTPRouteConfigEntry); ok { var jwtErrors map[structs.ResourceReference]error - didBind, jwtErrors = g.validateJWTForRoute(httpRoute) + isValidJWT, jwtErrors = g.validateJWTForRoute(httpRoute) for ref, err := range jwtErrors { errors[ref] = err } } - if didBind { + + if didBind && isValidJWT { refDidBind = true listenerBound[listener.Name] = true } diff --git a/agent/consul/server_test.go b/agent/consul/server_test.go index e8058a468a3f..0ae028cbf2f2 100644 --- a/agent/consul/server_test.go +++ b/agent/consul/server_test.go @@ -26,6 +26,7 @@ import ( "github.com/stretchr/testify/require" "golang.org/x/time/rate" "google.golang.org/grpc" + "google.golang.org/grpc/keepalive" "github.com/hashicorp/consul-net-rpc/net/rpc" @@ -335,7 +336,7 @@ func newServerWithDeps(t *testing.T, c *Config, deps Deps) (*Server, error) { oldNotify() } } - grpcServer := external.NewServer(deps.Logger.Named("grpc.external"), nil, deps.TLSConfigurator, rpcRate.NullRequestLimitsHandler()) + grpcServer := external.NewServer(deps.Logger.Named("grpc.external"), nil, deps.TLSConfigurator, rpcRate.NullRequestLimitsHandler(), keepalive.ServerParameters{}) srv, err := NewServer(c, deps, grpcServer, nil, deps.Logger, nil) if err != nil { return nil, err diff --git a/agent/grpc-external/server.go b/agent/grpc-external/server.go index 6090a8f31a15..30af8f2e6e1a 100644 --- a/agent/grpc-external/server.go +++ b/agent/grpc-external/server.go @@ -27,7 +27,13 @@ var ( // NewServer constructs a gRPC server for the external gRPC port, to which // handlers can be registered. -func NewServer(logger agentmiddleware.Logger, metricsObj *metrics.Metrics, tls *tlsutil.Configurator, limiter rate.RequestLimitsHandler) *grpc.Server { +func NewServer( + logger agentmiddleware.Logger, + metricsObj *metrics.Metrics, + tls *tlsutil.Configurator, + limiter rate.RequestLimitsHandler, + keepaliveParams keepalive.ServerParameters, +) *grpc.Server { if metricsObj == nil { metricsObj = metrics.Default() } @@ -56,6 +62,7 @@ func NewServer(logger agentmiddleware.Logger, metricsObj *metrics.Metrics, tls * grpc.StatsHandler(agentmiddleware.NewStatsHandler(metricsObj, metricsLabels)), middleware.WithUnaryServerChain(unaryInterceptors...), middleware.WithStreamServerChain(streamInterceptors...), + grpc.KeepaliveParams(keepaliveParams), grpc.KeepaliveEnforcementPolicy(keepalive.EnforcementPolicy{ // This must be less than the keealive.ClientParameters Time setting, otherwise // the server will disconnect the client for sending too many keepalive pings. diff --git a/agent/grpc-external/services/resource/read.go b/agent/grpc-external/services/resource/read.go index 351a50385655..b6cec3725456 100644 --- a/agent/grpc-external/services/resource/read.go +++ b/agent/grpc-external/services/resource/read.go @@ -50,7 +50,7 @@ func (s *Server) Read(ctx context.Context, req *pbresource.ReadRequest) (*pbreso authzNeedsData := false err = reg.ACLs.Read(authz, authzContext, req.Id, nil) switch { - case errors.Is(err, resource.ErrNeedData): + case errors.Is(err, resource.ErrNeedResource): authzNeedsData = true err = nil case acl.IsErrPermissionDenied(err): diff --git a/agent/grpc-external/stats_test.go b/agent/grpc-external/stats_test.go index 798c900148ba..3bd5c777cd16 100644 --- a/agent/grpc-external/stats_test.go +++ b/agent/grpc-external/stats_test.go @@ -14,6 +14,7 @@ import ( "github.com/stretchr/testify/require" "golang.org/x/sync/errgroup" "google.golang.org/grpc" + "google.golang.org/grpc/keepalive" "github.com/hashicorp/go-hclog" @@ -27,7 +28,7 @@ import ( func TestServer_EmitsStats(t *testing.T) { sink, metricsObj := testutil.NewFakeSink(t) - srv := NewServer(hclog.Default(), metricsObj, nil, rate.NullRequestLimitsHandler()) + srv := NewServer(hclog.Default(), metricsObj, nil, rate.NullRequestLimitsHandler(), keepalive.ServerParameters{}) testservice.RegisterSimpleServer(srv, &testservice.Simple{}) diff --git a/agent/http.go b/agent/http.go index e95d36c914f8..aed7c920cdf9 100644 --- a/agent/http.go +++ b/agent/http.go @@ -396,7 +396,7 @@ func (s *HTTPHandlers) wrap(handler endpoint, methods []string) http.HandlerFunc rejectCatalogV1Endpoint := false if s.agent.baseDeps.UseV2Resources() { - rejectCatalogV1Endpoint = isV1CatalogRequest(logURL) + rejectCatalogV1Endpoint = isV1CatalogRequest(req.URL.Path) } if s.denylist.Block(req.URL.Path) { diff --git a/agent/metrics_test.go b/agent/metrics_test.go index f7e15ca40e3b..44d561e01793 100644 --- a/agent/metrics_test.go +++ b/agent/metrics_test.go @@ -12,19 +12,27 @@ import ( "os" "path/filepath" "strings" + "sync/atomic" "testing" - "time" "github.com/stretchr/testify/require" "github.com/hashicorp/consul/agent/rpc/middleware" - "github.com/hashicorp/consul/lib/retry" "github.com/hashicorp/consul/sdk/testutil" + "github.com/hashicorp/consul/sdk/testutil/retry" testretry "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/testrpc" "github.com/hashicorp/consul/tlsutil" ) +var metricsPrefixCounter atomic.Uint64 + +// getUniqueMetricsPrefix generates a unique ID for each test to use as a metrics prefix. +// This is needed because go-metrics is effectively a global variable. +func getUniqueMetricsPrefix() string { + return fmt.Sprint("metrics_", metricsPrefixCounter.Add(1)) +} + func skipIfShortTesting(t *testing.T) { if testing.Short() { t.Skip("too slow for testing.Short") @@ -181,7 +189,7 @@ func TestAgent_OneTwelveRPCMetrics(t *testing.T) { // This test cannot use t.Parallel() since we modify global state, ie the global metrics instance t.Run("Check that 1.12 rpc metrics are not emitted by default.", func(t *testing.T) { - metricsPrefix := "new_rpc_metrics" + metricsPrefix := getUniqueMetricsPrefix() hcl := fmt.Sprintf(` telemetry = { prometheus_retention_time = "5s" @@ -204,7 +212,7 @@ func TestAgent_OneTwelveRPCMetrics(t *testing.T) { }) t.Run("Check that 1.12 rpc metrics are emitted when specified by operator.", func(t *testing.T) { - metricsPrefix := "new_rpc_metrics_2" + metricsPrefix := getUniqueMetricsPrefix() allowRPCMetricRule := metricsPrefix + "." + strings.Join(middleware.OneTwelveRPCSummary[0].Name, ".") hcl := fmt.Sprintf(` telemetry = { @@ -243,44 +251,62 @@ func TestHTTPHandlers_AgentMetrics_LeaderShipMetrics(t *testing.T) { // This test cannot use t.Parallel() since we modify global state, ie the global metrics instance t.Run("check that metric isLeader is set properly on server", func(t *testing.T) { - hcl := ` + metricsPrefix1 := getUniqueMetricsPrefix() + metricsPrefix2 := getUniqueMetricsPrefix() + + hcl1 := fmt.Sprintf(` + server = true telemetry = { - prometheus_retention_time = "5s", - metrics_prefix = "agent_is_leader" + prometheus_retention_time = "25s", + disable_hostname = true + metrics_prefix = "%s" } - ` + `, metricsPrefix1) - a := StartTestAgent(t, TestAgent{HCL: hcl}) - defer a.Shutdown() + hcl2 := fmt.Sprintf(` + server = true + telemetry = { + prometheus_retention_time = "25s", + disable_hostname = true + metrics_prefix = "%s" + } + `, metricsPrefix2) - retryWithBackoff := func(expectedStr string) error { - waiter := &retry.Waiter{ - MaxWait: 1 * time.Minute, - } - ctx := context.Background() - for { - if waiter.Failures() > 7 { - return fmt.Errorf("reach max failure: %d", waiter.Failures()) - } - respRec := httptest.NewRecorder() - recordPromMetrics(t, a, respRec) + overrides := ` + bootstrap = false + bootstrap_expect = 2 + ` + + s1 := StartTestAgent(t, TestAgent{Name: "s1", HCL: hcl1, Overrides: overrides}) + s2 := StartTestAgent(t, TestAgent{Name: "s2", HCL: hcl2, Overrides: overrides}) + defer s1.Shutdown() + defer s2.Shutdown() - out := respRec.Body.String() - if strings.Contains(out, expectedStr) { - return nil - } - waiter.Wait(ctx) - } - } // agent hasn't become a leader - err := retryWithBackoff("isLeader 0") - require.NoError(t, err, "non-leader server should have isLeader 0") + retry.RunWith(retry.ThirtySeconds(), t, func(r *testretry.R) { + respRec := httptest.NewRecorder() + recordPromMetrics(r, s1, respRec) + found := strings.Contains(respRec.Body.String(), metricsPrefix1+"_server_isLeader 0") + require.True(r, found, "non-leader server should have isLeader 0") + }) - testrpc.WaitForLeader(t, a.RPC, "dc1") + _, err := s2.JoinLAN([]string{s1.Config.SerfBindAddrLAN.String()}, nil) + require.NoError(t, err) + testrpc.WaitForLeader(t, s1.RPC, "dc1") + testrpc.WaitForLeader(t, s2.RPC, "dc1") // Verify agent's isLeader metrics is 1 - err = retryWithBackoff("isLeader 1") - require.NoError(t, err, "leader should have isLeader 1") + retry.RunWith(retry.ThirtySeconds(), t, func(r *testretry.R) { + respRec1 := httptest.NewRecorder() + recordPromMetrics(r, s1, respRec1) + found1 := strings.Contains(respRec1.Body.String(), metricsPrefix1+"_server_isLeader 1") + + respRec2 := httptest.NewRecorder() + recordPromMetrics(r, s2, respRec2) + found2 := strings.Contains(respRec2.Body.String(), metricsPrefix2+"_server_isLeader 1") + + require.True(r, found1 || found2, "leader server should have isLeader 1") + }) }) } @@ -291,15 +317,16 @@ func TestHTTPHandlers_AgentMetrics_ConsulAutopilot_Prometheus(t *testing.T) { // This test cannot use t.Parallel() since we modify global state, ie the global metrics instance t.Run("Check consul_autopilot_* are not emitted metrics on clients", func(t *testing.T) { - hcl := ` + metricsPrefix := getUniqueMetricsPrefix() + hcl := fmt.Sprintf(` telemetry = { prometheus_retention_time = "5s" disable_hostname = true - metrics_prefix = "agent_1" + metrics_prefix = "%s" } bootstrap = false server = false - ` + `, metricsPrefix) a := StartTestAgent(t, TestAgent{HCL: hcl}) defer a.Shutdown() @@ -307,21 +334,22 @@ func TestHTTPHandlers_AgentMetrics_ConsulAutopilot_Prometheus(t *testing.T) { respRec := httptest.NewRecorder() recordPromMetrics(t, a, respRec) - assertMetricNotExists(t, respRec, "agent_1_autopilot_healthy") - assertMetricNotExists(t, respRec, "agent_1_autopilot_failure_tolerance") + assertMetricNotExists(t, respRec, metricsPrefix+"_autopilot_healthy") + assertMetricNotExists(t, respRec, metricsPrefix+"_autopilot_failure_tolerance") }) t.Run("Check consul_autopilot_healthy metric value on startup", func(t *testing.T) { + metricsPrefix := getUniqueMetricsPrefix() + hcl := fmt.Sprintf(` // don't bootstrap agent so as not to // become a leader - hcl := ` telemetry = { prometheus_retention_time = "5s", disable_hostname = true - metrics_prefix = "agent_2" + metrics_prefix = "%s" } bootstrap = false - ` + `, metricsPrefix) a := StartTestAgent(t, TestAgent{HCL: hcl}) defer a.Shutdown() @@ -329,8 +357,8 @@ func TestHTTPHandlers_AgentMetrics_ConsulAutopilot_Prometheus(t *testing.T) { respRec := httptest.NewRecorder() recordPromMetrics(t, a, respRec) - assertMetricExistsWithValue(t, respRec, "agent_2_autopilot_healthy", "1") - assertMetricExistsWithValue(t, respRec, "agent_2_autopilot_failure_tolerance", "0") + assertMetricExistsWithValue(t, respRec, metricsPrefix+"_autopilot_healthy", "1") + assertMetricExistsWithValue(t, respRec, metricsPrefix+"_autopilot_failure_tolerance", "0") }) } @@ -366,16 +394,17 @@ func TestHTTPHandlers_AgentMetrics_TLSCertExpiry_Prometheus(t *testing.T) { err = os.WriteFile(keyPath, []byte(key), 0600) require.NoError(t, err) + metricsPrefix := getUniqueMetricsPrefix() hcl := fmt.Sprintf(` telemetry = { prometheus_retention_time = "5s", disable_hostname = true - metrics_prefix = "agent_3" + metrics_prefix = "%s" } ca_file = "%s" cert_file = "%s" key_file = "%s" - `, caPath, certPath, keyPath) + `, metricsPrefix, caPath, certPath, keyPath) a := StartTestAgent(t, TestAgent{HCL: hcl}) defer a.Shutdown() @@ -383,7 +412,7 @@ func TestHTTPHandlers_AgentMetrics_TLSCertExpiry_Prometheus(t *testing.T) { respRec := httptest.NewRecorder() recordPromMetrics(t, a, respRec) - require.Contains(t, respRec.Body.String(), "agent_3_agent_tls_cert_expiry 1.7") + require.Contains(t, respRec.Body.String(), metricsPrefix+"_agent_tls_cert_expiry 1.7") } func TestHTTPHandlers_AgentMetrics_CACertExpiry_Prometheus(t *testing.T) { @@ -391,17 +420,18 @@ func TestHTTPHandlers_AgentMetrics_CACertExpiry_Prometheus(t *testing.T) { // This test cannot use t.Parallel() since we modify global state, ie the global metrics instance t.Run("non-leader emits NaN", func(t *testing.T) { - hcl := ` + metricsPrefix := getUniqueMetricsPrefix() + hcl := fmt.Sprintf(` telemetry = { prometheus_retention_time = "5s", disable_hostname = true - metrics_prefix = "agent_4" + metrics_prefix = "%s" } connect { enabled = true } bootstrap = false - ` + `, metricsPrefix) a := StartTestAgent(t, TestAgent{HCL: hcl}) defer a.Shutdown() @@ -409,21 +439,22 @@ func TestHTTPHandlers_AgentMetrics_CACertExpiry_Prometheus(t *testing.T) { respRec := httptest.NewRecorder() recordPromMetrics(t, a, respRec) - require.Contains(t, respRec.Body.String(), "agent_4_mesh_active_root_ca_expiry NaN") - require.Contains(t, respRec.Body.String(), "agent_4_mesh_active_signing_ca_expiry NaN") + require.Contains(t, respRec.Body.String(), metricsPrefix+"_mesh_active_root_ca_expiry NaN") + require.Contains(t, respRec.Body.String(), metricsPrefix+"_mesh_active_signing_ca_expiry NaN") }) t.Run("leader emits a value", func(t *testing.T) { - hcl := ` + metricsPrefix := getUniqueMetricsPrefix() + hcl := fmt.Sprintf(` telemetry = { prometheus_retention_time = "5s", disable_hostname = true - metrics_prefix = "agent_5" + metrics_prefix = "%s" } connect { enabled = true } - ` + `, metricsPrefix) a := StartTestAgent(t, TestAgent{HCL: hcl}) defer a.Shutdown() @@ -433,8 +464,8 @@ func TestHTTPHandlers_AgentMetrics_CACertExpiry_Prometheus(t *testing.T) { recordPromMetrics(t, a, respRec) out := respRec.Body.String() - require.Contains(t, out, "agent_5_mesh_active_root_ca_expiry 3.15") - require.Contains(t, out, "agent_5_mesh_active_signing_ca_expiry 3.15") + require.Contains(t, out, metricsPrefix+"_mesh_active_root_ca_expiry 3.15") + require.Contains(t, out, metricsPrefix+"_mesh_active_signing_ca_expiry 3.15") }) } @@ -444,18 +475,19 @@ func TestHTTPHandlers_AgentMetrics_WAL_Prometheus(t *testing.T) { // This test cannot use t.Parallel() since we modify global state, ie the global metrics instance t.Run("client agent emits nothing", func(t *testing.T) { - hcl := ` + metricsPrefix := getUniqueMetricsPrefix() + hcl := fmt.Sprintf(` server = false telemetry = { prometheus_retention_time = "5s", disable_hostname = true - metrics_prefix = "agent_4" + metrics_prefix = "%s" } raft_logstore { backend = "wal" } bootstrap = false - ` + `, metricsPrefix) a := StartTestAgent(t, TestAgent{HCL: hcl}) defer a.Shutdown() @@ -463,17 +495,18 @@ func TestHTTPHandlers_AgentMetrics_WAL_Prometheus(t *testing.T) { respRec := httptest.NewRecorder() recordPromMetrics(t, a, respRec) - require.NotContains(t, respRec.Body.String(), "agent_4_raft_wal") + require.NotContains(t, respRec.Body.String(), metricsPrefix+"_raft_wal") }) t.Run("server with WAL enabled emits WAL metrics", func(t *testing.T) { - hcl := ` + metricsPrefix := getUniqueMetricsPrefix() + hcl := fmt.Sprintf(` server = true bootstrap = true telemetry = { prometheus_retention_time = "5s", disable_hostname = true - metrics_prefix = "agent_5" + metrics_prefix = "%s" } connect { enabled = true @@ -481,7 +514,7 @@ func TestHTTPHandlers_AgentMetrics_WAL_Prometheus(t *testing.T) { raft_logstore { backend = "wal" } - ` + `, metricsPrefix) a := StartTestAgent(t, TestAgent{HCL: hcl}) defer a.Shutdown() @@ -492,29 +525,30 @@ func TestHTTPHandlers_AgentMetrics_WAL_Prometheus(t *testing.T) { recordPromMetrics(r, a, respRec) out := respRec.Body.String() - require.Contains(r, out, "agent_5_raft_wal_head_truncations") - require.Contains(r, out, "agent_5_raft_wal_last_segment_age_seconds") - require.Contains(r, out, "agent_5_raft_wal_log_appends") - require.Contains(r, out, "agent_5_raft_wal_log_entries_read") - require.Contains(r, out, "agent_5_raft_wal_log_entries_written") - require.Contains(r, out, "agent_5_raft_wal_log_entry_bytes_read") - require.Contains(r, out, "agent_5_raft_wal_log_entry_bytes_written") - require.Contains(r, out, "agent_5_raft_wal_segment_rotations") - require.Contains(r, out, "agent_5_raft_wal_stable_gets") - require.Contains(r, out, "agent_5_raft_wal_stable_sets") - require.Contains(r, out, "agent_5_raft_wal_tail_truncations") + require.Contains(r, out, metricsPrefix+"_raft_wal_head_truncations") + require.Contains(r, out, metricsPrefix+"_raft_wal_last_segment_age_seconds") + require.Contains(r, out, metricsPrefix+"_raft_wal_log_appends") + require.Contains(r, out, metricsPrefix+"_raft_wal_log_entries_read") + require.Contains(r, out, metricsPrefix+"_raft_wal_log_entries_written") + require.Contains(r, out, metricsPrefix+"_raft_wal_log_entry_bytes_read") + require.Contains(r, out, metricsPrefix+"_raft_wal_log_entry_bytes_written") + require.Contains(r, out, metricsPrefix+"_raft_wal_segment_rotations") + require.Contains(r, out, metricsPrefix+"_raft_wal_stable_gets") + require.Contains(r, out, metricsPrefix+"_raft_wal_stable_sets") + require.Contains(r, out, metricsPrefix+"_raft_wal_tail_truncations") }) }) t.Run("server without WAL enabled emits no WAL metrics", func(t *testing.T) { - hcl := ` + metricsPrefix := getUniqueMetricsPrefix() + hcl := fmt.Sprintf(` server = true bootstrap = true telemetry = { prometheus_retention_time = "5s", disable_hostname = true - metrics_prefix = "agent_6" + metrics_prefix = "%s" } connect { enabled = true @@ -522,7 +556,7 @@ func TestHTTPHandlers_AgentMetrics_WAL_Prometheus(t *testing.T) { raft_logstore { backend = "boltdb" } - ` + `, metricsPrefix) a := StartTestAgent(t, TestAgent{HCL: hcl}) defer a.Shutdown() @@ -531,7 +565,7 @@ func TestHTTPHandlers_AgentMetrics_WAL_Prometheus(t *testing.T) { respRec := httptest.NewRecorder() recordPromMetrics(t, a, respRec) - require.NotContains(t, respRec.Body.String(), "agent_6_raft_wal") + require.NotContains(t, respRec.Body.String(), metricsPrefix+"_raft_wal") }) } @@ -541,12 +575,13 @@ func TestHTTPHandlers_AgentMetrics_LogVerifier_Prometheus(t *testing.T) { // This test cannot use t.Parallel() since we modify global state, ie the global metrics instance t.Run("client agent emits nothing", func(t *testing.T) { - hcl := ` + metricsPrefix := getUniqueMetricsPrefix() + hcl := fmt.Sprintf(` server = false telemetry = { prometheus_retention_time = "5s", disable_hostname = true - metrics_prefix = "agent_4" + metrics_prefix = "%s" } raft_logstore { verification { @@ -555,7 +590,7 @@ func TestHTTPHandlers_AgentMetrics_LogVerifier_Prometheus(t *testing.T) { } } bootstrap = false - ` + `, metricsPrefix) a := StartTestAgent(t, TestAgent{HCL: hcl}) defer a.Shutdown() @@ -563,17 +598,18 @@ func TestHTTPHandlers_AgentMetrics_LogVerifier_Prometheus(t *testing.T) { respRec := httptest.NewRecorder() recordPromMetrics(t, a, respRec) - require.NotContains(t, respRec.Body.String(), "agent_4_raft_logstore_verifier") + require.NotContains(t, respRec.Body.String(), metricsPrefix+"_raft_logstore_verifier") }) t.Run("server with verifier enabled emits all metrics", func(t *testing.T) { - hcl := ` + metricsPrefix := getUniqueMetricsPrefix() + hcl := fmt.Sprintf(` server = true bootstrap = true telemetry = { prometheus_retention_time = "5s", disable_hostname = true - metrics_prefix = "agent_5" + metrics_prefix = "%s" } connect { enabled = true @@ -584,7 +620,7 @@ func TestHTTPHandlers_AgentMetrics_LogVerifier_Prometheus(t *testing.T) { interval = "1s" } } - ` + `, metricsPrefix) a := StartTestAgent(t, TestAgent{HCL: hcl}) defer a.Shutdown() @@ -595,22 +631,23 @@ func TestHTTPHandlers_AgentMetrics_LogVerifier_Prometheus(t *testing.T) { recordPromMetrics(r, a, respRec) out := respRec.Body.String() - require.Contains(r, out, "agent_5_raft_logstore_verifier_checkpoints_written") - require.Contains(r, out, "agent_5_raft_logstore_verifier_dropped_reports") - require.Contains(r, out, "agent_5_raft_logstore_verifier_ranges_verified") - require.Contains(r, out, "agent_5_raft_logstore_verifier_read_checksum_failures") - require.Contains(r, out, "agent_5_raft_logstore_verifier_write_checksum_failures") + require.Contains(r, out, metricsPrefix+"_raft_logstore_verifier_checkpoints_written") + require.Contains(r, out, metricsPrefix+"_raft_logstore_verifier_dropped_reports") + require.Contains(r, out, metricsPrefix+"_raft_logstore_verifier_ranges_verified") + require.Contains(r, out, metricsPrefix+"_raft_logstore_verifier_read_checksum_failures") + require.Contains(r, out, metricsPrefix+"_raft_logstore_verifier_write_checksum_failures") }) }) t.Run("server with verifier disabled emits no extra metrics", func(t *testing.T) { - hcl := ` + metricsPrefix := getUniqueMetricsPrefix() + hcl := fmt.Sprintf(` server = true bootstrap = true telemetry = { prometheus_retention_time = "5s", disable_hostname = true - metrics_prefix = "agent_6" + metrics_prefix = "%s" } connect { enabled = true @@ -620,7 +657,7 @@ func TestHTTPHandlers_AgentMetrics_LogVerifier_Prometheus(t *testing.T) { enabled = false } } - ` + `, metricsPrefix) a := StartTestAgent(t, TestAgent{HCL: hcl}) defer a.Shutdown() @@ -629,7 +666,7 @@ func TestHTTPHandlers_AgentMetrics_LogVerifier_Prometheus(t *testing.T) { respRec := httptest.NewRecorder() recordPromMetrics(t, a, respRec) - require.NotContains(t, respRec.Body.String(), "agent_6_raft_logstore_verifier") + require.NotContains(t, respRec.Body.String(), metricsPrefix+"_raft_logstore_verifier") }) } diff --git a/agent/pool/pool.go b/agent/pool/pool.go index 899cefe2e974..d793dcd4a1de 100644 --- a/agent/pool/pool.go +++ b/agent/pool/pool.go @@ -49,6 +49,7 @@ type Conn struct { refCount int32 shouldClose int32 + dc string nodeName string addr net.Addr session muxSession @@ -234,7 +235,7 @@ func (p *ConnPool) acquire(dc string, nodeName string, addr net.Addr) (*Conn, er addrStr := addr.String() - poolKey := nodeName + ":" + addrStr + poolKey := makePoolKey(dc, nodeName, addrStr) // Check to see if there's a pooled connection available. This is up // here since it should the vastly more common case than the rest @@ -493,6 +494,7 @@ func (p *ConnPool) getNewConn(dc string, nodeName string, addr net.Addr) (*Conn, // Wrap the connection c := &Conn{ refCount: 1, + dc: dc, nodeName: nodeName, addr: addr, session: session, @@ -514,7 +516,7 @@ func (p *ConnPool) clearConn(conn *Conn) { // Clear from the cache addrStr := conn.addr.String() - poolKey := conn.nodeName + ":" + addrStr + poolKey := makePoolKey(conn.dc, conn.nodeName, addrStr) p.Lock() if c, ok := p.pool[poolKey]; ok && c == conn { delete(p.pool, poolKey) @@ -716,3 +718,8 @@ func (p *ConnPool) reap() { p.Unlock() } } + +// makePoolKey generates a unique key for grouping connections together into a pool. +func makePoolKey(dc, nodeName, addrStr string) string { + return dc + ":" + nodeName + ":" + addrStr +} diff --git a/agent/proxycfg-sources/local/sync.go b/agent/proxycfg-sources/local/sync.go index b5583db43a3d..54d95e6594f2 100644 --- a/agent/proxycfg-sources/local/sync.go +++ b/agent/proxycfg-sources/local/sync.go @@ -5,9 +5,10 @@ package local import ( "context" - proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot" "time" + proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot" + "github.com/hashicorp/go-hclog" "github.com/hashicorp/consul/agent/local" @@ -35,6 +36,9 @@ type SyncConfig struct { // NodeName is the name of the local agent node. NodeName string + // NodeLocality + NodeLocality *structs.Locality + // Logger will be used to write log messages. Logger hclog.Logger @@ -110,6 +114,14 @@ func sync(cfg SyncConfig) { Token: "", } + // We inherit the node's locality at runtime (not persisted). + // The service locality takes precedence if it was set directly during + // registration. + svc = svc.DeepCopy() + if svc.Locality == nil { + svc.Locality = cfg.NodeLocality + } + // TODO(banks): need to work out when to default some stuff. For example // Proxy.LocalServicePort is practically necessary for any sidecar and can // default to the port of the sidecar service, but only if it's already diff --git a/agent/proxycfg-sources/local/sync_test.go b/agent/proxycfg-sources/local/sync_test.go index 5aa030db4cfc..b20787140df5 100644 --- a/agent/proxycfg-sources/local/sync_test.go +++ b/agent/proxycfg-sources/local/sync_test.go @@ -72,8 +72,12 @@ func TestSync(t *testing.T) { go Sync(ctx, SyncConfig{ Manager: cfgMgr, State: state, - Tokens: tokens, - Logger: hclog.NewNullLogger(), + NodeLocality: &structs.Locality{ + Region: "some-region", + Zone: "some-zone", + }, + Tokens: tokens, + Logger: hclog.NewNullLogger(), }) // Expect the service in the local state to be registered. @@ -107,6 +111,13 @@ func TestSync(t *testing.T) { select { case reg := <-registerCh: require.Equal(t, serviceID, reg.service.ID) + require.Equal(t, + &structs.Locality{ + Region: "some-region", + Zone: "some-zone", + }, + reg.service.Locality, + ) require.Equal(t, userToken, reg.token) case <-time.After(100 * time.Millisecond): t.Fatal("timeout waiting for service to be registered") diff --git a/agent/rpc/peering/service_test.go b/agent/rpc/peering/service_test.go index 8fde278c8b7f..b2b207515720 100644 --- a/agent/rpc/peering/service_test.go +++ b/agent/rpc/peering/service_test.go @@ -23,6 +23,7 @@ import ( "github.com/stretchr/testify/require" gogrpc "google.golang.org/grpc" "google.golang.org/grpc/codes" + "google.golang.org/grpc/keepalive" "google.golang.org/grpc/metadata" grpcstatus "google.golang.org/grpc/status" "google.golang.org/protobuf/proto" @@ -1818,7 +1819,7 @@ func newTestServer(t *testing.T, cb func(conf *consul.Config)) testingServer { conf.ACLResolverSettings.EnterpriseMeta = *conf.AgentEnterpriseMeta() deps := newDefaultDeps(t, conf) - externalGRPCServer := external.NewServer(deps.Logger, nil, deps.TLSConfigurator, rate.NullRequestLimitsHandler()) + externalGRPCServer := external.NewServer(deps.Logger, nil, deps.TLSConfigurator, rate.NullRequestLimitsHandler(), keepalive.ServerParameters{}) server, err := consul.NewServer(conf, deps, externalGRPCServer, nil, deps.Logger, nil) require.NoError(t, err) diff --git a/agent/snapshot_endpoint_test.go b/agent/snapshot_endpoint_test.go index a534fe025113..31d731a26ef0 100644 --- a/agent/snapshot_endpoint_test.go +++ b/agent/snapshot_endpoint_test.go @@ -74,6 +74,7 @@ func TestSnapshot_Options(t *testing.T) { t.Run(method, func(t *testing.T) { a := NewTestAgent(t, TestACLConfig()) defer a.Shutdown() + testrpc.WaitForLeader(t, a.RPC, "dc1") body := bytes.NewBuffer(nil) req, _ := http.NewRequest(method, "/v1/snapshot", body) @@ -88,6 +89,7 @@ func TestSnapshot_Options(t *testing.T) { t.Run(method, func(t *testing.T) { a := NewTestAgent(t, TestACLConfig()) defer a.Shutdown() + testrpc.WaitForLeader(t, a.RPC, "dc1") body := bytes.NewBuffer(nil) req, _ := http.NewRequest(method, "/v1/snapshot?dc=nope", body) @@ -101,6 +103,7 @@ func TestSnapshot_Options(t *testing.T) { t.Run(method, func(t *testing.T) { a := NewTestAgent(t, TestACLConfig()) defer a.Shutdown() + testrpc.WaitForLeader(t, a.RPC, "dc1") body := bytes.NewBuffer(nil) req, _ := http.NewRequest(method, "/v1/snapshot?stale", body) diff --git a/agent/structs/config_entry.go b/agent/structs/config_entry.go index a844a9de8545..544820f4d607 100644 --- a/agent/structs/config_entry.go +++ b/agent/structs/config_entry.go @@ -418,6 +418,7 @@ type InstanceLevelRateLimits struct { RequestsMaxBurst int `alias:"requests_max_burst"` // Routes is a list of rate limits applied to specific routes. + // For a given request, the first matching route will be applied, if any. // Overrides any top-level configuration. Routes []InstanceLevelRouteRateLimits } diff --git a/agent/structs/config_entry_routes.go b/agent/structs/config_entry_routes.go index 7f764c93c725..741404769e5d 100644 --- a/agent/structs/config_entry_routes.go +++ b/agent/structs/config_entry_routes.go @@ -475,10 +475,10 @@ type URLRewrite struct { } type RetryFilter struct { - NumRetries *uint32 + NumRetries uint32 RetryOn []string RetryOnStatusCodes []uint32 - RetryOnConnectFailure *bool + RetryOnConnectFailure bool } type TimeoutFilter struct { diff --git a/agent/structs/structs.deepcopy.go b/agent/structs/structs.deepcopy.go index 8a2b95f2964a..017b0c943ca6 100644 --- a/agent/structs/structs.deepcopy.go +++ b/agent/structs/structs.deepcopy.go @@ -400,10 +400,6 @@ func (o *HTTPRouteConfigEntry) DeepCopy() *HTTPRouteConfigEntry { if o.Rules[i2].Filters.RetryFilter != nil { cp.Rules[i2].Filters.RetryFilter = new(RetryFilter) *cp.Rules[i2].Filters.RetryFilter = *o.Rules[i2].Filters.RetryFilter - if o.Rules[i2].Filters.RetryFilter.NumRetries != nil { - cp.Rules[i2].Filters.RetryFilter.NumRetries = new(uint32) - *cp.Rules[i2].Filters.RetryFilter.NumRetries = *o.Rules[i2].Filters.RetryFilter.NumRetries - } if o.Rules[i2].Filters.RetryFilter.RetryOn != nil { cp.Rules[i2].Filters.RetryFilter.RetryOn = make([]string, len(o.Rules[i2].Filters.RetryFilter.RetryOn)) copy(cp.Rules[i2].Filters.RetryFilter.RetryOn, o.Rules[i2].Filters.RetryFilter.RetryOn) @@ -412,10 +408,6 @@ func (o *HTTPRouteConfigEntry) DeepCopy() *HTTPRouteConfigEntry { cp.Rules[i2].Filters.RetryFilter.RetryOnStatusCodes = make([]uint32, len(o.Rules[i2].Filters.RetryFilter.RetryOnStatusCodes)) copy(cp.Rules[i2].Filters.RetryFilter.RetryOnStatusCodes, o.Rules[i2].Filters.RetryFilter.RetryOnStatusCodes) } - if o.Rules[i2].Filters.RetryFilter.RetryOnConnectFailure != nil { - cp.Rules[i2].Filters.RetryFilter.RetryOnConnectFailure = new(bool) - *cp.Rules[i2].Filters.RetryFilter.RetryOnConnectFailure = *o.Rules[i2].Filters.RetryFilter.RetryOnConnectFailure - } } if o.Rules[i2].Filters.TimeoutFilter != nil { cp.Rules[i2].Filters.TimeoutFilter = new(TimeoutFilter) @@ -493,10 +485,6 @@ func (o *HTTPRouteConfigEntry) DeepCopy() *HTTPRouteConfigEntry { if o.Rules[i2].Services[i4].Filters.RetryFilter != nil { cp.Rules[i2].Services[i4].Filters.RetryFilter = new(RetryFilter) *cp.Rules[i2].Services[i4].Filters.RetryFilter = *o.Rules[i2].Services[i4].Filters.RetryFilter - if o.Rules[i2].Services[i4].Filters.RetryFilter.NumRetries != nil { - cp.Rules[i2].Services[i4].Filters.RetryFilter.NumRetries = new(uint32) - *cp.Rules[i2].Services[i4].Filters.RetryFilter.NumRetries = *o.Rules[i2].Services[i4].Filters.RetryFilter.NumRetries - } if o.Rules[i2].Services[i4].Filters.RetryFilter.RetryOn != nil { cp.Rules[i2].Services[i4].Filters.RetryFilter.RetryOn = make([]string, len(o.Rules[i2].Services[i4].Filters.RetryFilter.RetryOn)) copy(cp.Rules[i2].Services[i4].Filters.RetryFilter.RetryOn, o.Rules[i2].Services[i4].Filters.RetryFilter.RetryOn) @@ -505,10 +493,6 @@ func (o *HTTPRouteConfigEntry) DeepCopy() *HTTPRouteConfigEntry { cp.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnStatusCodes = make([]uint32, len(o.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnStatusCodes)) copy(cp.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnStatusCodes, o.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnStatusCodes) } - if o.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnConnectFailure != nil { - cp.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnConnectFailure = new(bool) - *cp.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnConnectFailure = *o.Rules[i2].Services[i4].Filters.RetryFilter.RetryOnConnectFailure - } } if o.Rules[i2].Services[i4].Filters.TimeoutFilter != nil { cp.Rules[i2].Services[i4].Filters.TimeoutFilter = new(TimeoutFilter) diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go index 3f0ba0d7f31b..b74fe371b28d 100644 --- a/agent/xds/clusters.go +++ b/agent/xds/clusters.go @@ -641,10 +641,13 @@ func (s *ResourceGenerator) makePeerServerClusters(cfgSnap *proxycfg.ConfigSnaps var cluster *envoy_cluster_v3.Cluster if servers.UseCDS { + // we use strict DNS here since multiple gateways with hostnames + // would result in an invalid cluster due to logical DNS requiring + // only a single host cluster = s.makeExternalHostnameCluster(cfgSnap, clusterOpts{ name: name, addresses: servers.Addresses, - }) + }, envoy_cluster_v3.Cluster_STRICT_DNS) } else { cluster = s.makeGatewayCluster(cfgSnap, clusterOpts{ name: name, @@ -842,7 +845,7 @@ func (s *ResourceGenerator) makeDestinationClusters(cfgSnap *proxycfg.ConfigSnap if structs.IsIP(address) { cluster = s.makeExternalIPCluster(cfgSnap, opts) } else { - cluster = s.makeExternalHostnameCluster(cfgSnap, opts) + cluster = s.makeExternalHostnameCluster(cfgSnap, opts, envoy_cluster_v3.Cluster_LOGICAL_DNS) } if err := s.injectGatewayDestinationAddons(cfgSnap, cluster, svcName); err != nil { return nil, err @@ -1865,8 +1868,8 @@ func (s *ResourceGenerator) makeExternalIPCluster(snap *proxycfg.ConfigSnapshot, } // makeExternalHostnameCluster creates an Envoy cluster for hostname endpoints that will be resolved with DNS -// This is used by both terminating gateways for Destinations, and Mesh Gateways for peering control plane traffice -func (s *ResourceGenerator) makeExternalHostnameCluster(snap *proxycfg.ConfigSnapshot, opts clusterOpts) *envoy_cluster_v3.Cluster { +// This is used by both terminating gateways for Destinations, and Mesh Gateways for peering control plane traffic +func (s *ResourceGenerator) makeExternalHostnameCluster(snap *proxycfg.ConfigSnapshot, opts clusterOpts, discoveryType envoy_cluster_v3.Cluster_DiscoveryType) *envoy_cluster_v3.Cluster { cfg, err := config.ParseGatewayConfig(snap.Proxy.Config) if err != nil { // Don't hard fail on a config typo, just warn. The parse func returns @@ -1881,7 +1884,7 @@ func (s *ResourceGenerator) makeExternalHostnameCluster(snap *proxycfg.ConfigSna // Having an empty config enables outlier detection with default config. OutlierDetection: &envoy_cluster_v3.OutlierDetection{}, - ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_LOGICAL_DNS}, + ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: discoveryType}, DnsLookupFamily: envoy_cluster_v3.Cluster_V4_ONLY, } diff --git a/agent/xds/endpoints.go b/agent/xds/endpoints.go index ff486f3228a8..2fb0a4a1df59 100644 --- a/agent/xds/endpoints.go +++ b/agent/xds/endpoints.go @@ -880,13 +880,7 @@ func makeLoadAssignment(logger hclog.Logger, cfgSnap *proxycfg.ConfigSnapshot, c Endpoints: make([]*envoy_endpoint_v3.LocalityLbEndpoints, 0, len(endpointGroups)), } - if len(endpointGroups) > 1 { - cla.Policy = &envoy_endpoint_v3.ClusterLoadAssignment_Policy{ - // We choose such a large value here that the failover math should - // in effect not happen until zero instances are healthy. - OverprovisioningFactor: response.MakeUint32Value(100000), - } - } + setFullFailoverProvisioningFactor := len(endpointGroups) > 1 var priority uint32 @@ -897,6 +891,10 @@ func makeLoadAssignment(logger hclog.Logger, cfgSnap *proxycfg.ConfigSnapshot, c continue } + if len(endpointsByLocality) > 1 { + setFullFailoverProvisioningFactor = true + } + for _, endpoints := range endpointsByLocality { es := make([]*envoy_endpoint_v3.LbEndpoint, 0, len(endpointGroup.Endpoints)) @@ -930,6 +928,14 @@ func makeLoadAssignment(logger hclog.Logger, cfgSnap *proxycfg.ConfigSnapshot, c } } + if setFullFailoverProvisioningFactor { + cla.Policy = &envoy_endpoint_v3.ClusterLoadAssignment_Policy{ + // We choose such a large value here that the failover math should + // in effect not happen until zero instances are healthy. + OverprovisioningFactor: response.MakeUint32Value(100000), + } + } + return cla } diff --git a/agent/xds/listeners_apigateway.go b/agent/xds/listeners_apigateway.go index a4611895e290..771a48297203 100644 --- a/agent/xds/listeners_apigateway.go +++ b/agent/xds/listeners_apigateway.go @@ -152,7 +152,11 @@ func (s *ResourceGenerator) makeAPIGatewayListeners(address string, cfgSnap *pro routes := make([]*structs.HTTPRouteConfigEntry, 0, len(readyListener.routeReferences)) for _, routeRef := range maps.Keys(readyListener.routeReferences) { - route, _ := cfgSnap.APIGateway.HTTPRoutes.Get(routeRef) + route, ok := cfgSnap.APIGateway.HTTPRoutes.Get(routeRef) + if !ok { + return nil, fmt.Errorf("missing route for routeRef %s:%s", routeRef.Kind, routeRef.Name) + } + routes = append(routes, route) } consolidatedRoutes := discoverychain.ConsolidateHTTPRoutes(cfgSnap.APIGateway.GatewayConfig, &readyListener.listenerCfg, routes...) @@ -297,11 +301,9 @@ func getReadyListeners(cfgSnap *proxycfg.ConfigSnapshot) map[string]readyListene continue } - routeKey := l.Name + routeRef.String() - for _, upstream := range routeUpstreamsForListener { // Insert or update readyListener for the listener to include this upstream - r, ok := ready[routeKey] + r, ok := ready[l.Name] if !ok { r = readyListener{ listenerKey: listenerKey, @@ -312,7 +314,7 @@ func getReadyListeners(cfgSnap *proxycfg.ConfigSnapshot) map[string]readyListene } r.routeReferences[routeRef] = struct{}{} r.upstreams = append(r.upstreams, upstream) - ready[routeKey] = r + ready[l.Name] = r } } } diff --git a/agent/xds/proxystateconverter/clusters.go b/agent/xds/proxystateconverter/clusters.go index cb084a4283ca..b8857bee29c5 100644 --- a/agent/xds/proxystateconverter/clusters.go +++ b/agent/xds/proxystateconverter/clusters.go @@ -462,7 +462,7 @@ func (s *Converter) makeAppCluster(cfgSnap *proxycfg.ConfigSnapshot, name, pathP if protocol == "" { protocol = cfg.Protocol } - namedCluster.cluster.Protocol = protocol + namedCluster.cluster.Protocol = protocolMap[protocol] if cfg.MaxInboundConnections > 0 { namedCluster.cluster.GetEndpointGroup().GetStatic().GetConfig(). CircuitBreakers = &pbproxystate.CircuitBreakers{ @@ -646,7 +646,7 @@ func (s *Converter) makeUpstreamClusterForPreparedQuery(upstream structs.Upstrea if c == nil { c = &pbproxystate.Cluster{ - Protocol: cfg.Protocol, + Protocol: protocolMap[cfg.Protocol], Group: &pbproxystate.Cluster_EndpointGroup{ EndpointGroup: &pbproxystate.EndpointGroup{ Group: &pbproxystate.EndpointGroup_Dynamic{ @@ -932,7 +932,7 @@ func (s *Converter) makeUpstreamClustersForDiscoveryChain( } else { cluster := &pbproxystate.Cluster{ AltStatName: mappedTargets.baseClusterName, - Protocol: upstreamConfig.Protocol, + Protocol: protocolMap[upstreamConfig.Protocol], Group: &pbproxystate.Cluster_EndpointGroup{ EndpointGroup: &pbproxystate.EndpointGroup{ Group: &pbproxystate.EndpointGroup_Dynamic{ @@ -952,7 +952,7 @@ func (s *Converter) makeUpstreamClustersForDiscoveryChain( failoverGroup.EndpointGroups = endpointGroups cluster := &pbproxystate.Cluster{ AltStatName: mappedTargets.baseClusterName, - Protocol: upstreamConfig.Protocol, + Protocol: protocolMap[upstreamConfig.Protocol], Group: &pbproxystate.Cluster_FailoverGroup{ FailoverGroup: failoverGroup, }, @@ -1251,3 +1251,13 @@ func makeOutlierDetection(p *structs.PassiveHealthCheck, override *structs.Passi return od } + +// protocolMap converts config entry protocols to proxystate protocol values. +// As documented on config entry protos, the valid values are "tcp", "http", +// "http2" and "grpc". Anything else is treated as tcp. +var protocolMap = map[string]pbproxystate.Protocol{ + "http": pbproxystate.Protocol_PROTOCOL_HTTP, + "http2": pbproxystate.Protocol_PROTOCOL_HTTP2, + "grpc": pbproxystate.Protocol_PROTOCOL_GRPC, + "tcp": pbproxystate.Protocol_PROTOCOL_TCP, +} diff --git a/agent/xds/resources_test.go b/agent/xds/resources_test.go index 69a704386b5d..b47edcbac368 100644 --- a/agent/xds/resources_test.go +++ b/agent/xds/resources_test.go @@ -14,8 +14,6 @@ import ( envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" - "k8s.io/utils/pointer" - "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/consul/discoverychain" "github.com/hashicorp/consul/agent/xds/testcommon" @@ -571,10 +569,10 @@ func getAPIGatewayGoldenTestCases(t *testing.T) []goldenTestCase { }, }, RetryFilter: &structs.RetryFilter{ - NumRetries: pointer.Uint32(3), + NumRetries: 3, RetryOn: []string{"cancelled"}, RetryOnStatusCodes: []uint32{500}, - RetryOnConnectFailure: pointer.Bool(true), + RetryOnConnectFailure: true, }, TimeoutFilter: &structs.TimeoutFilter{ IdleTimeout: time.Second * 30, diff --git a/agent/xds/testdata/clusters/mesh-gateway-with-peer-through-mesh-gateway-enabled.latest.golden b/agent/xds/testdata/clusters/mesh-gateway-with-peer-through-mesh-gateway-enabled.latest.golden index 462e9f406b62..2d1ec4439e70 100644 --- a/agent/xds/testdata/clusters/mesh-gateway-with-peer-through-mesh-gateway-enabled.latest.golden +++ b/agent/xds/testdata/clusters/mesh-gateway-with-peer-through-mesh-gateway-enabled.latest.golden @@ -53,7 +53,7 @@ }, "name": "server.dc3.peering.f622dc37-7238-4485-ab58-0f53864a9ae5", "outlierDetection": {}, - "type": "LOGICAL_DNS" + "type": "STRICT_DNS" } ], "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", diff --git a/agent/xds/testdata/routes/api-gateway-with-multiple-hostnames.latest.golden b/agent/xds/testdata/routes/api-gateway-with-multiple-hostnames.latest.golden index 9e96457f3c3b..b268a5e5ac5e 100644 --- a/agent/xds/testdata/routes/api-gateway-with-multiple-hostnames.latest.golden +++ b/agent/xds/testdata/routes/api-gateway-with-multiple-hostnames.latest.golden @@ -8,52 +8,38 @@ "virtualHosts": [ { "domains": [ - "backend.example.com", - "backend.example.com:8080" + "frontend.example.com", + "frontend.example.com:8080" ], - "name": "api-gateway-http-5a84e719", + "name": "api-gateway-http-54620b06", "routes": [ { "match": { "prefix": "/" }, "route": { - "cluster": "backend.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "cluster": "frontend.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } } ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080", - "validateClusters": true, - "virtualHosts": [ + }, { "domains": [ - "frontend.example.com", - "frontend.example.com:8080" + "backend.example.com", + "backend.example.com:8080" ], - "name": "api-gateway-http-54620b06", + "name": "api-gateway-http-5a84e719", "routes": [ { "match": { "prefix": "/" }, "route": { - "cluster": "frontend.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "cluster": "backend.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } } ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080", - "validateClusters": true, - "virtualHosts": [ + }, { "domains": [ "*.example.com", diff --git a/agent/xdsv2/cluster_resources.go b/agent/xdsv2/cluster_resources.go index 06ff21f51908..d32eeed2ec62 100644 --- a/agent/xdsv2/cluster_resources.go +++ b/agent/xdsv2/cluster_resources.go @@ -81,7 +81,7 @@ func (pr *ProxyResources) makeClusters(name string) ([]proto.Message, error) { return clusters, nil } -func (pr *ProxyResources) makeEnvoyCluster(name string, protocol string, eg *pbproxystate.EndpointGroup) (*envoy_cluster_v3.Cluster, error) { +func (pr *ProxyResources) makeEnvoyCluster(name string, protocol pbproxystate.Protocol, eg *pbproxystate.EndpointGroup) (*envoy_cluster_v3.Cluster, error) { if eg != nil { switch t := eg.Group.(type) { case *pbproxystate.EndpointGroup_Dynamic: @@ -103,7 +103,7 @@ func (pr *ProxyResources) makeEnvoyCluster(name string, protocol string, eg *pbp return nil, fmt.Errorf("no endpoint group") } -func (pr *ProxyResources) makeEnvoyDynamicCluster(name string, protocol string, dynamic *pbproxystate.DynamicEndpointGroup) (*envoy_cluster_v3.Cluster, error) { +func (pr *ProxyResources) makeEnvoyDynamicCluster(name string, protocol pbproxystate.Protocol, dynamic *pbproxystate.DynamicEndpointGroup) (*envoy_cluster_v3.Cluster, error) { cluster := &envoy_cluster_v3.Cluster{ Name: name, ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_EDS}, @@ -153,7 +153,7 @@ func (pr *ProxyResources) makeEnvoyDynamicCluster(name string, protocol string, } -func (pr *ProxyResources) makeEnvoyStaticCluster(name string, protocol string, static *pbproxystate.StaticEndpointGroup) (*envoy_cluster_v3.Cluster, error) { +func (pr *ProxyResources) makeEnvoyStaticCluster(name string, protocol pbproxystate.Protocol, static *pbproxystate.StaticEndpointGroup) (*envoy_cluster_v3.Cluster, error) { cluster := &envoy_cluster_v3.Cluster{ Name: name, ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_STATIC}, @@ -182,11 +182,11 @@ func (pr *ProxyResources) makeEnvoyStaticCluster(name string, protocol string, s return cluster, nil } -func (pr *ProxyResources) makeEnvoyDnsCluster(name string, protocol string, dns *pbproxystate.DNSEndpointGroup) (*envoy_cluster_v3.Cluster, error) { +func (pr *ProxyResources) makeEnvoyDnsCluster(name string, protocol pbproxystate.Protocol, dns *pbproxystate.DNSEndpointGroup) (*envoy_cluster_v3.Cluster, error) { return nil, nil } -func (pr *ProxyResources) makeEnvoyPassthroughCluster(name string, protocol string, passthrough *pbproxystate.PassthroughEndpointGroup) (*envoy_cluster_v3.Cluster, error) { +func (pr *ProxyResources) makeEnvoyPassthroughCluster(name string, protocol pbproxystate.Protocol, passthrough *pbproxystate.PassthroughEndpointGroup) (*envoy_cluster_v3.Cluster, error) { cluster := &envoy_cluster_v3.Cluster{ Name: name, ConnectTimeout: passthrough.Config.ConnectTimeout, @@ -207,7 +207,7 @@ func (pr *ProxyResources) makeEnvoyPassthroughCluster(name string, protocol stri return cluster, nil } -func (pr *ProxyResources) makeEnvoyAggregateCluster(name string, protocol string, fg *pbproxystate.FailoverGroup) ([]*envoy_cluster_v3.Cluster, error) { +func (pr *ProxyResources) makeEnvoyAggregateCluster(name string, protocol pbproxystate.Protocol, fg *pbproxystate.FailoverGroup) ([]*envoy_cluster_v3.Cluster, error) { var clusters []*envoy_cluster_v3.Cluster if fg != nil { var egNames []string @@ -250,8 +250,8 @@ func (pr *ProxyResources) makeEnvoyAggregateCluster(name string, protocol string return clusters, nil } -func addLocalAppHttpProtocolOptions(protocol string, c *envoy_cluster_v3.Cluster) error { - if !(protocol == "http2" || protocol == "grpc") { +func addLocalAppHttpProtocolOptions(protocol pbproxystate.Protocol, c *envoy_cluster_v3.Cluster) error { + if !(protocol == pbproxystate.Protocol_PROTOCOL_HTTP2 || protocol == pbproxystate.Protocol_PROTOCOL_GRPC) { // do not error. returning nil means it won't get set. return nil } @@ -274,8 +274,8 @@ func addLocalAppHttpProtocolOptions(protocol string, c *envoy_cluster_v3.Cluster return nil } -func addHttpProtocolOptions(protocol string, c *envoy_cluster_v3.Cluster) error { - if !(protocol == "http2" || protocol == "grpc") { +func addHttpProtocolOptions(protocol pbproxystate.Protocol, c *envoy_cluster_v3.Cluster) error { + if !(protocol == pbproxystate.Protocol_PROTOCOL_HTTP2 || protocol == pbproxystate.Protocol_PROTOCOL_GRPC) { // do not error. returning nil means it won't get set. return nil } diff --git a/agent/xdsv2/resources_test.go b/agent/xdsv2/resources_test.go index e84e9bdb513c..c1afbda705be 100644 --- a/agent/xdsv2/resources_test.go +++ b/agent/xdsv2/resources_test.go @@ -4,8 +4,11 @@ package xdsv2 import ( - "os" - "path/filepath" + "fmt" + envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" + envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + "github.com/hashicorp/consul/internal/testing/golden" "sort" "testing" @@ -23,62 +26,111 @@ import ( "google.golang.org/protobuf/proto" ) -func TestResources_ImplicitDestinations(t *testing.T) { +var testTypeUrlToPrettyName = map[string]string{ + xdscommon.ListenerType: "listeners", + xdscommon.RouteType: "routes", + xdscommon.ClusterType: "clusters", + xdscommon.EndpointType: "endpoints", + xdscommon.SecretType: "secrets", +} - cases := map[string]struct { - }{ - "l4-single-implicit-destination-tproxy": {}, +// TestAllResourcesFromIR_XDSGoldenFileInputs tests the AllResourcesFromIR() by +// using the golden test output/expected files from the XDS controller tests as +// inputs to the XDSV2 resources generation. +func TestAllResourcesFromIR_XDSGoldenFileInputs(t *testing.T) { + inputPath := "../../internal/mesh/internal/controllers/xds" + + cases := []string{ + // destinations - please add in alphabetical order + "destination/l4-single-destination-ip-port-bind-address", + "destination/l4-single-destination-unix-socket-bind-address", + "destination/l4-single-implicit-destination-tproxy", + "destination/l4-multi-destination", + "destination/l4-multiple-implicit-destinations-tproxy", + "destination/l4-implicit-and-explicit-destinations-tproxy", + "destination/mixed-multi-destination", + "destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy", + "destination/multiport-l4-and-l7-single-implicit-destination-tproxy", + "destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy", + + //sources - please add in alphabetical order + //"source/l4-multiple-workload-addresses-with-specific-ports", + //"source/l4-multiple-workload-addresses-without-ports", + //"source/l4-single-workload-address-without-ports", + //"source/l7-expose-paths", + //"source/local-and-inbound-connections", + //"source/multiport-l4-multiple-workload-addresses-with-specific-ports", + //"source/multiport-l4-multiple-workload-addresses-without-ports", + //"source/multiport-l4-workload-with-only-mesh-port", + //"source/multiport-l7-multiple-workload-addresses-with-specific-ports", + //"source/multiport-l7-multiple-workload-addresses-without-ports", + //"source/multiport-l7-multiple-workload-addresses-without-ports", } - for name := range cases { - goldenValueInput := goldenValueJSON(t, name, "input") - - proxyTemplate := jsonToProxyTemplate(t, goldenValueInput) - generator := NewResourceGenerator(testutil.Logger(t)) - - resources, err := generator.AllResourcesFromIR(&proxytracker.ProxyState{ProxyState: proxyTemplate.ProxyState}) - require.NoError(t, err) - - verifyClusterResourcesToGolden(t, resources, name) - verifyListenerResourcesToGolden(t, resources, name) - + for _, name := range cases { + t.Run(name, func(t *testing.T) { + // Arrange - paths to input and output golden files. + testFile := fmt.Sprintf("%s.golden", name) + inputFilePath := fmt.Sprintf("%s/testdata/%s", inputPath, testFile) + inputValueInput := golden.GetBytesAtFilePath(t, inputFilePath) + + // Act. + ps := jsonToProxyState(t, inputValueInput) + generator := NewResourceGenerator(testutil.Logger(t)) + resources, err := generator.AllResourcesFromIR(&proxytracker.ProxyState{ProxyState: ps}) + require.NoError(t, err) + + // Assert. + // Assert all resources were generated. + typeUrls := []string{ + xdscommon.ListenerType, + xdscommon.RouteType, + xdscommon.ClusterType, + xdscommon.EndpointType, + // TODO(proxystate): add in future + //xdscommon.SecretType, + } + require.Len(t, resources, len(typeUrls)) + + // Assert each resource type has actual XDS matching expected XDS. + for _, typeUrl := range typeUrls { + prettyName := testTypeUrlToPrettyName[typeUrl] + t.Run(prettyName, func(t *testing.T) { + items, ok := resources[typeUrl] + require.True(t, ok) + + // sort resources so they don't show up as flakey tests as + // ordering in JSON is not guaranteed. + sort.Slice(items, func(i, j int) bool { + switch typeUrl { + case xdscommon.ListenerType: + return items[i].(*envoy_listener_v3.Listener).Name < items[j].(*envoy_listener_v3.Listener).Name + case xdscommon.RouteType: + return items[i].(*envoy_route_v3.RouteConfiguration).Name < items[j].(*envoy_route_v3.RouteConfiguration).Name + case xdscommon.ClusterType: + return items[i].(*envoy_cluster_v3.Cluster).Name < items[j].(*envoy_cluster_v3.Cluster).Name + case xdscommon.EndpointType: + return items[i].(*envoy_endpoint_v3.ClusterLoadAssignment).ClusterName < items[j].(*envoy_endpoint_v3.ClusterLoadAssignment).ClusterName + case xdscommon.SecretType: + return items[i].(*envoy_tls_v3.Secret).Name < items[j].(*envoy_tls_v3.Secret).Name + default: + panic("not possible") + } + }) + + // Compare actual to expected. + resp, err := response.CreateResponse(typeUrl, "00000001", "00000001", items) + require.NoError(t, err) + gotJSON := protoToJSON(t, resp) + + expectedJSON := golden.Get(t, gotJSON, fmt.Sprintf("%s/%s", prettyName, testFile)) + require.JSONEq(t, expectedJSON, gotJSON) + }) + } + }) } } -func verifyClusterResourcesToGolden(t *testing.T, resources map[string][]proto.Message, testName string) { - clusters := resources[xdscommon.ClusterType] - - // The order of clusters returned via CDS isn't relevant, so it's safe - // to sort these for the purposes of test comparisons. - sort.Slice(clusters, func(i, j int) bool { - return clusters[i].(*envoy_cluster_v3.Cluster).Name < clusters[j].(*envoy_cluster_v3.Cluster).Name - }) - - resp, err := response.CreateResponse(xdscommon.ClusterType, "00000001", "00000001", clusters) - require.NoError(t, err) - gotJSON := protoToJSON(t, resp) - - expectedJSON := goldenValue(t, filepath.Join("clusters", testName), "output") - require.JSONEq(t, expectedJSON, gotJSON) -} - -func verifyListenerResourcesToGolden(t *testing.T, resources map[string][]proto.Message, testName string) { - listeners := resources[xdscommon.ListenerType] - - // The order of clusters returned via CDS isn't relevant, so it's safe - // to sort these for the purposes of test comparisons. - sort.Slice(listeners, func(i, j int) bool { - return listeners[i].(*envoy_listener_v3.Listener).Name < listeners[j].(*envoy_listener_v3.Listener).Name - }) - - resp, err := response.CreateResponse(xdscommon.ListenerType, "00000001", "00000001", listeners) - require.NoError(t, err) - gotJSON := protoToJSON(t, resp) - - expectedJSON := goldenValue(t, filepath.Join("listeners", testName), "output") - require.JSONEq(t, expectedJSON, gotJSON) -} - func protoToJSON(t *testing.T, pb proto.Message) string { t.Helper() m := protojson.MarshalOptions{ @@ -89,25 +141,11 @@ func protoToJSON(t *testing.T, pb proto.Message) string { return string(gotJSON) } -func jsonToProxyTemplate(t *testing.T, json []byte) *meshv2beta1.ProxyStateTemplate { +func jsonToProxyState(t *testing.T, json []byte) *meshv2beta1.ProxyState { t.Helper() um := protojson.UnmarshalOptions{} - proxyTemplate := &meshv2beta1.ProxyStateTemplate{} - err := um.Unmarshal(json, proxyTemplate) - require.NoError(t, err) - return proxyTemplate -} - -func goldenValueJSON(t *testing.T, goldenFile, inputOutput string) []byte { - t.Helper() - goldenPath := filepath.Join("testdata", inputOutput, goldenFile) + ".golden" - - content, err := os.ReadFile(goldenPath) + ps := &meshv2beta1.ProxyState{} + err := um.Unmarshal(json, ps) require.NoError(t, err) - return content -} - -func goldenValue(t *testing.T, goldenFile, inputOutput string) string { - t.Helper() - return string(goldenValueJSON(t, goldenFile, inputOutput)) + return ps } diff --git a/agent/xdsv2/testdata/clusters/destination/l4-implicit-and-explicit-destinations-tproxy.golden b/agent/xdsv2/testdata/clusters/destination/l4-implicit-and-explicit-destinations-tproxy.golden new file mode 100644 index 000000000000..089bfb7c2003 --- /dev/null +++ b/agent/xdsv2/testdata/clusters/destination/l4-implicit-and-explicit-destinations-tproxy.golden @@ -0,0 +1,110 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "original-destination", + "type": "ORIGINAL_DST", + "connectTimeout": "5s", + "lbPolicy": "CLUSTER_PROVIDED" + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "tcp.api-1.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + } + ] + }, + "alpnProtocols": [ + "consul~tcp" + ] + }, + "sni": "api-1.default.dc1.internal.foo.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "tcp.api-2.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + } + ] + }, + "alpnProtocols": [ + "consul~tcp" + ] + }, + "sni": "api-2.default.dc1.internal.foo.consul" + } + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/clusters/destination/l4-multi-destination.golden b/agent/xdsv2/testdata/clusters/destination/l4-multi-destination.golden new file mode 100644 index 000000000000..c88d7770d85f --- /dev/null +++ b/agent/xdsv2/testdata/clusters/destination/l4-multi-destination.golden @@ -0,0 +1,205 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "null_route_cluster", + "type": "STATIC", + "connectTimeout": "10s" + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "tcp.api-1.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + } + ] + }, + "alpnProtocols": [ + "consul~tcp" + ] + }, + "sni": "api-1.default.dc1.internal.foo.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "tcp.api-2.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + } + ] + }, + "alpnProtocols": [ + "consul~tcp" + ] + }, + "sni": "api-2.default.dc1.internal.foo.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "tcp2.api-1.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + } + ] + }, + "alpnProtocols": [ + "consul~tcp2" + ] + }, + "sni": "api-1.default.dc1.internal.foo.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "tcp2.api-2.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + } + ] + }, + "alpnProtocols": [ + "consul~tcp2" + ] + }, + "sni": "api-2.default.dc1.internal.foo.consul" + } + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/clusters/destination/l4-multiple-implicit-destinations-tproxy.golden b/agent/xdsv2/testdata/clusters/destination/l4-multiple-implicit-destinations-tproxy.golden new file mode 100644 index 000000000000..089bfb7c2003 --- /dev/null +++ b/agent/xdsv2/testdata/clusters/destination/l4-multiple-implicit-destinations-tproxy.golden @@ -0,0 +1,110 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "original-destination", + "type": "ORIGINAL_DST", + "connectTimeout": "5s", + "lbPolicy": "CLUSTER_PROVIDED" + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "tcp.api-1.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + } + ] + }, + "alpnProtocols": [ + "consul~tcp" + ] + }, + "sni": "api-1.default.dc1.internal.foo.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "tcp.api-2.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + } + ] + }, + "alpnProtocols": [ + "consul~tcp" + ] + }, + "sni": "api-2.default.dc1.internal.foo.consul" + } + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/clusters/destination/l4-single-destination-ip-port-bind-address.golden b/agent/xdsv2/testdata/clusters/destination/l4-single-destination-ip-port-bind-address.golden new file mode 100644 index 000000000000..293416e3737f --- /dev/null +++ b/agent/xdsv2/testdata/clusters/destination/l4-single-destination-ip-port-bind-address.golden @@ -0,0 +1,109 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "null_route_cluster", + "type": "STATIC", + "connectTimeout": "10s" + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "tcp.api-1.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + } + ] + }, + "alpnProtocols": [ + "consul~tcp" + ] + }, + "sni": "api-1.default.dc1.internal.foo.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "tcp.api-2.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + } + ] + }, + "alpnProtocols": [ + "consul~tcp" + ] + }, + "sni": "api-2.default.dc1.internal.foo.consul" + } + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/clusters/destination/l4-single-destination-unix-socket-bind-address.golden b/agent/xdsv2/testdata/clusters/destination/l4-single-destination-unix-socket-bind-address.golden new file mode 100644 index 000000000000..742dbd0ea838 --- /dev/null +++ b/agent/xdsv2/testdata/clusters/destination/l4-single-destination-unix-socket-bind-address.golden @@ -0,0 +1,55 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "tcp.api-2.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + } + ] + }, + "alpnProtocols": [ + "consul~tcp" + ] + }, + "sni": "api-2.default.dc1.internal.foo.consul" + } + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/clusters/destination/l4-single-implicit-destination-tproxy.golden b/agent/xdsv2/testdata/clusters/destination/l4-single-implicit-destination-tproxy.golden new file mode 100644 index 000000000000..0c86051ad7df --- /dev/null +++ b/agent/xdsv2/testdata/clusters/destination/l4-single-implicit-destination-tproxy.golden @@ -0,0 +1,62 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "original-destination", + "type": "ORIGINAL_DST", + "connectTimeout": "5s", + "lbPolicy": "CLUSTER_PROVIDED" + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "tcp.api-1.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + } + ] + }, + "alpnProtocols": [ + "consul~tcp" + ] + }, + "sni": "api-1.default.dc1.internal.foo.consul" + } + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/clusters/destination/mixed-multi-destination.golden b/agent/xdsv2/testdata/clusters/destination/mixed-multi-destination.golden new file mode 100644 index 000000000000..280f42b8581f --- /dev/null +++ b/agent/xdsv2/testdata/clusters/destination/mixed-multi-destination.golden @@ -0,0 +1,157 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "http.api-2.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + } + ] + }, + "alpnProtocols": [ + "consul~http" + ] + }, + "sni": "api-2.default.dc1.internal.foo.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "null_route_cluster", + "type": "STATIC", + "connectTimeout": "10s" + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "tcp.api-1.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + } + ] + }, + "alpnProtocols": [ + "consul~tcp" + ] + }, + "sni": "api-1.default.dc1.internal.foo.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "tcp.api-2.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + } + ] + }, + "alpnProtocols": [ + "consul~tcp" + ] + }, + "sni": "api-2.default.dc1.internal.foo.consul" + } + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/clusters/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden b/agent/xdsv2/testdata/clusters/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden new file mode 100644 index 000000000000..ec39ef35787f --- /dev/null +++ b/agent/xdsv2/testdata/clusters/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden @@ -0,0 +1,302 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "http.api-app.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + } + ] + }, + "alpnProtocols": [ + "consul~http" + ] + }, + "sni": "api-app.default.dc1.internal.foo.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "http.api-app2.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app2-identity" + } + ] + }, + "alpnProtocols": [ + "consul~http" + ] + }, + "sni": "api-app2.default.dc1.internal.foo.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "original-destination", + "type": "ORIGINAL_DST", + "connectTimeout": "5s", + "lbPolicy": "CLUSTER_PROVIDED" + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "tcp.api-app.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + } + ] + }, + "alpnProtocols": [ + "consul~tcp" + ] + }, + "sni": "api-app.default.dc1.internal.foo.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "tcp.api-app2.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app2-identity" + } + ] + }, + "alpnProtocols": [ + "consul~tcp" + ] + }, + "sni": "api-app2.default.dc1.internal.foo.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "tcp2.api-app.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + } + ] + }, + "alpnProtocols": [ + "consul~tcp2" + ] + }, + "sni": "api-app.default.dc1.internal.foo.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "tcp2.api-app2.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app2-identity" + } + ] + }, + "alpnProtocols": [ + "consul~tcp2" + ] + }, + "sni": "api-app2.default.dc1.internal.foo.consul" + } + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/clusters/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden b/agent/xdsv2/testdata/clusters/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden new file mode 100644 index 000000000000..d8cad46e7904 --- /dev/null +++ b/agent/xdsv2/testdata/clusters/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden @@ -0,0 +1,158 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "http.api-app.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + } + ] + }, + "alpnProtocols": [ + "consul~http" + ] + }, + "sni": "api-app.default.dc1.internal.foo.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "original-destination", + "type": "ORIGINAL_DST", + "connectTimeout": "5s", + "lbPolicy": "CLUSTER_PROVIDED" + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "tcp.api-app.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + } + ] + }, + "alpnProtocols": [ + "consul~tcp" + ] + }, + "sni": "api-app.default.dc1.internal.foo.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "tcp2.api-app.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + } + ] + }, + "alpnProtocols": [ + "consul~tcp2" + ] + }, + "sni": "api-app.default.dc1.internal.foo.consul" + } + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/clusters/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden b/agent/xdsv2/testdata/clusters/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden new file mode 100644 index 000000000000..d8cad46e7904 --- /dev/null +++ b/agent/xdsv2/testdata/clusters/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden @@ -0,0 +1,158 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "http.api-app.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + } + ] + }, + "alpnProtocols": [ + "consul~http" + ] + }, + "sni": "api-app.default.dc1.internal.foo.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "original-destination", + "type": "ORIGINAL_DST", + "connectTimeout": "5s", + "lbPolicy": "CLUSTER_PROVIDED" + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "tcp.api-app.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + } + ] + }, + "alpnProtocols": [ + "consul~tcp" + ] + }, + "sni": "api-app.default.dc1.internal.foo.consul" + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "tcp2.api-app.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" + } + }, + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} + }, + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + }, + "matchSubjectAltNames": [ + { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + } + ] + }, + "alpnProtocols": [ + "consul~tcp2" + ] + }, + "sni": "api-app.default.dc1.internal.foo.consul" + } + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/clusters/source/l4-multiple-workload-addresses-with-specific-ports.golden b/agent/xdsv2/testdata/clusters/source/l4-multiple-workload-addresses-with-specific-ports.golden new file mode 100644 index 000000000000..ce9870c06cd9 --- /dev/null +++ b/agent/xdsv2/testdata/clusters/source/l4-multiple-workload-addresses-with-specific-ports.golden @@ -0,0 +1,31 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "local_app:port1", + "type": "STATIC", + "loadAssignment": { + "clusterName": "local_app:port1", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/clusters/source/l4-multiple-workload-addresses-without-ports.golden b/agent/xdsv2/testdata/clusters/source/l4-multiple-workload-addresses-without-ports.golden new file mode 100644 index 000000000000..ce9870c06cd9 --- /dev/null +++ b/agent/xdsv2/testdata/clusters/source/l4-multiple-workload-addresses-without-ports.golden @@ -0,0 +1,31 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "local_app:port1", + "type": "STATIC", + "loadAssignment": { + "clusterName": "local_app:port1", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/clusters/source/l4-single-workload-address-without-ports.golden b/agent/xdsv2/testdata/clusters/source/l4-single-workload-address-without-ports.golden new file mode 100644 index 000000000000..ce9870c06cd9 --- /dev/null +++ b/agent/xdsv2/testdata/clusters/source/l4-single-workload-address-without-ports.golden @@ -0,0 +1,31 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "local_app:port1", + "type": "STATIC", + "loadAssignment": { + "clusterName": "local_app:port1", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/clusters/source/l7-expose-paths.golden b/agent/xdsv2/testdata/clusters/source/l7-expose-paths.golden new file mode 100644 index 000000000000..a83751b4b502 --- /dev/null +++ b/agent/xdsv2/testdata/clusters/source/l7-expose-paths.golden @@ -0,0 +1,87 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "exposed_cluster_9090", + "type": "STATIC", + "loadAssignment": { + "clusterName": "exposed_cluster_9090", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9090 + } + } + } + } + ] + } + ] + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "exposed_cluster_9091", + "type": "STATIC", + "loadAssignment": { + "clusterName": "exposed_cluster_9091", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9091 + } + } + } + } + ] + } + ] + }, + "typedExtensionProtocolOptions": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicitHttpConfig": { + "http2ProtocolOptions": {} + } + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "local_app:port1", + "type": "STATIC", + "loadAssignment": { + "clusterName": "local_app:port1", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/clusters/source/local-and-inbound-connections.golden b/agent/xdsv2/testdata/clusters/source/local-and-inbound-connections.golden new file mode 100644 index 000000000000..d4e6fd1d64ce --- /dev/null +++ b/agent/xdsv2/testdata/clusters/source/local-and-inbound-connections.golden @@ -0,0 +1,127 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "exposed_cluster_9090", + "type": "STATIC", + "loadAssignment": { + "clusterName": "exposed_cluster_9090", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9090 + } + } + } + } + ] + } + ] + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "exposed_cluster_9091", + "type": "STATIC", + "loadAssignment": { + "clusterName": "exposed_cluster_9091", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9091 + } + } + } + } + ] + } + ] + }, + "typedExtensionProtocolOptions": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicitHttpConfig": { + "http2ProtocolOptions": {} + } + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "local_app:port1", + "type": "STATIC", + "connectTimeout": "6s", + "loadAssignment": { + "clusterName": "local_app:port1", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + }, + "circuitBreakers": { + "thresholds": [ + { + "maxConnections": 123 + } + ] + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "local_app:port3", + "type": "STATIC", + "connectTimeout": "8s", + "loadAssignment": { + "clusterName": "local_app:port3", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8081 + } + } + } + } + ] + } + ] + }, + "circuitBreakers": { + "thresholds": [ + { + "maxConnections": 123 + } + ] + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/clusters/source/multiport-l4-multiple-workload-addresses-with-specific-ports.golden b/agent/xdsv2/testdata/clusters/source/multiport-l4-multiple-workload-addresses-with-specific-ports.golden new file mode 100644 index 000000000000..045470a3e572 --- /dev/null +++ b/agent/xdsv2/testdata/clusters/source/multiport-l4-multiple-workload-addresses-with-specific-ports.golden @@ -0,0 +1,55 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "local_app:admin-port", + "type": "STATIC", + "loadAssignment": { + "clusterName": "local_app:admin-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "local_app:api-port", + "type": "STATIC", + "loadAssignment": { + "clusterName": "local_app:api-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9090 + } + } + } + } + ] + } + ] + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/clusters/source/multiport-l4-multiple-workload-addresses-without-ports.golden b/agent/xdsv2/testdata/clusters/source/multiport-l4-multiple-workload-addresses-without-ports.golden new file mode 100644 index 000000000000..045470a3e572 --- /dev/null +++ b/agent/xdsv2/testdata/clusters/source/multiport-l4-multiple-workload-addresses-without-ports.golden @@ -0,0 +1,55 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "local_app:admin-port", + "type": "STATIC", + "loadAssignment": { + "clusterName": "local_app:admin-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "local_app:api-port", + "type": "STATIC", + "loadAssignment": { + "clusterName": "local_app:api-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9090 + } + } + } + } + ] + } + ] + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/clusters/source/multiport-l4-workload-with-only-mesh-port.golden b/agent/xdsv2/testdata/clusters/source/multiport-l4-workload-with-only-mesh-port.golden new file mode 100644 index 000000000000..460d515fe589 --- /dev/null +++ b/agent/xdsv2/testdata/clusters/source/multiport-l4-workload-with-only-mesh-port.golden @@ -0,0 +1,12 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "black-hole-cluster", + "type": "STATIC" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/clusters/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden b/agent/xdsv2/testdata/clusters/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden new file mode 100644 index 000000000000..339faaae6b0d --- /dev/null +++ b/agent/xdsv2/testdata/clusters/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden @@ -0,0 +1,63 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "local_app:admin-port", + "type": "STATIC", + "loadAssignment": { + "clusterName": "local_app:admin-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "local_app:api-port", + "type": "STATIC", + "loadAssignment": { + "clusterName": "local_app:api-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9090 + } + } + } + } + ] + } + ] + }, + "typedExtensionProtocolOptions": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicitHttpConfig": { + "http2ProtocolOptions": {} + } + } + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/clusters/source/multiport-l7-multiple-workload-addresses-without-ports.golden b/agent/xdsv2/testdata/clusters/source/multiport-l7-multiple-workload-addresses-without-ports.golden new file mode 100644 index 000000000000..6246f19733b8 --- /dev/null +++ b/agent/xdsv2/testdata/clusters/source/multiport-l7-multiple-workload-addresses-without-ports.golden @@ -0,0 +1,95 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "local_app:admin-port", + "type": "STATIC", + "loadAssignment": { + "clusterName": "local_app:admin-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "local_app:api-port", + "type": "STATIC", + "loadAssignment": { + "clusterName": "local_app:api-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9090 + } + } + } + } + ] + } + ] + }, + "typedExtensionProtocolOptions": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicitHttpConfig": { + "http2ProtocolOptions": {} + } + } + } + }, + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "local_app:grpc-port", + "type": "STATIC", + "loadAssignment": { + "clusterName": "local_app:grpc-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9091 + } + } + } + } + ] + } + ] + }, + "typedExtensionProtocolOptions": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicitHttpConfig": { + "http2ProtocolOptions": {} + } + } + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/destination/l4-implicit-and-explicit-destinations-tproxy.golden b/agent/xdsv2/testdata/endpoints/destination/l4-implicit-and-explicit-destinations-tproxy.golden new file mode 100644 index 000000000000..f7d569dc2266 --- /dev/null +++ b/agent/xdsv2/testdata/endpoints/destination/l4-implicit-and-explicit-destinations-tproxy.golden @@ -0,0 +1,49 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "tcp.api-1.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "tcp.api-2.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/destination/l4-multi-destination.golden b/agent/xdsv2/testdata/endpoints/destination/l4-multi-destination.golden new file mode 100644 index 000000000000..f8bca7ea3212 --- /dev/null +++ b/agent/xdsv2/testdata/endpoints/destination/l4-multi-destination.golden @@ -0,0 +1,91 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "tcp.api-1.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "tcp.api-2.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "tcp2.api-1.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "tcp2.api-2.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/destination/l4-multiple-implicit-destinations-tproxy.golden b/agent/xdsv2/testdata/endpoints/destination/l4-multiple-implicit-destinations-tproxy.golden new file mode 100644 index 000000000000..f7d569dc2266 --- /dev/null +++ b/agent/xdsv2/testdata/endpoints/destination/l4-multiple-implicit-destinations-tproxy.golden @@ -0,0 +1,49 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "tcp.api-1.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "tcp.api-2.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/destination/l4-single-destination-ip-port-bind-address.golden b/agent/xdsv2/testdata/endpoints/destination/l4-single-destination-ip-port-bind-address.golden new file mode 100644 index 000000000000..f7d569dc2266 --- /dev/null +++ b/agent/xdsv2/testdata/endpoints/destination/l4-single-destination-ip-port-bind-address.golden @@ -0,0 +1,49 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "tcp.api-1.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "tcp.api-2.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/destination/l4-single-destination-unix-socket-bind-address.golden b/agent/xdsv2/testdata/endpoints/destination/l4-single-destination-unix-socket-bind-address.golden new file mode 100644 index 000000000000..8075b842d96c --- /dev/null +++ b/agent/xdsv2/testdata/endpoints/destination/l4-single-destination-unix-socket-bind-address.golden @@ -0,0 +1,28 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "tcp.api-2.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/destination/l4-single-implicit-destination-tproxy.golden b/agent/xdsv2/testdata/endpoints/destination/l4-single-implicit-destination-tproxy.golden new file mode 100644 index 000000000000..333765ea0cb2 --- /dev/null +++ b/agent/xdsv2/testdata/endpoints/destination/l4-single-implicit-destination-tproxy.golden @@ -0,0 +1,28 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "tcp.api-1.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/destination/mixed-multi-destination.golden b/agent/xdsv2/testdata/endpoints/destination/mixed-multi-destination.golden new file mode 100644 index 000000000000..e22812cafe4b --- /dev/null +++ b/agent/xdsv2/testdata/endpoints/destination/mixed-multi-destination.golden @@ -0,0 +1,91 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "http.api-1.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "http.api-2.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "tcp.api-1.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "tcp.api-2.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden b/agent/xdsv2/testdata/endpoints/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden new file mode 100644 index 000000000000..56ff9fb5884b --- /dev/null +++ b/agent/xdsv2/testdata/endpoints/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden @@ -0,0 +1,133 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "http.api-app.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "http.api-app2.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "tcp.api-app.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "tcp.api-app2.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "tcp2.api-app.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "tcp2.api-app2.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden b/agent/xdsv2/testdata/endpoints/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden new file mode 100644 index 000000000000..52f227f9d4b8 --- /dev/null +++ b/agent/xdsv2/testdata/endpoints/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden @@ -0,0 +1,70 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "http.api-app.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "tcp.api-app.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "tcp2.api-app.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden b/agent/xdsv2/testdata/endpoints/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden new file mode 100644 index 000000000000..52f227f9d4b8 --- /dev/null +++ b/agent/xdsv2/testdata/endpoints/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden @@ -0,0 +1,70 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "http.api-app.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "tcp.api-app.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "tcp2.api-app.default.dc1.internal.foo.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.1.1.1", + "portValue": 20000 + } + } + }, + "healthStatus": "HEALTHY" + } + ] + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/source/l4-multiple-workload-addresses-with-specific-ports.golden b/agent/xdsv2/testdata/endpoints/source/l4-multiple-workload-addresses-with-specific-ports.golden new file mode 100644 index 000000000000..b0c31e6e79c7 --- /dev/null +++ b/agent/xdsv2/testdata/endpoints/source/l4-multiple-workload-addresses-with-specific-ports.golden @@ -0,0 +1,27 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:port1", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/source/l4-multiple-workload-addresses-without-ports.golden b/agent/xdsv2/testdata/endpoints/source/l4-multiple-workload-addresses-without-ports.golden new file mode 100644 index 000000000000..b0c31e6e79c7 --- /dev/null +++ b/agent/xdsv2/testdata/endpoints/source/l4-multiple-workload-addresses-without-ports.golden @@ -0,0 +1,27 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:port1", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/source/l4-single-workload-address-without-ports.golden b/agent/xdsv2/testdata/endpoints/source/l4-single-workload-address-without-ports.golden new file mode 100644 index 000000000000..b0c31e6e79c7 --- /dev/null +++ b/agent/xdsv2/testdata/endpoints/source/l4-single-workload-address-without-ports.golden @@ -0,0 +1,27 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:port1", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/source/l7-expose-paths.golden b/agent/xdsv2/testdata/endpoints/source/l7-expose-paths.golden new file mode 100644 index 000000000000..1ccb234c89db --- /dev/null +++ b/agent/xdsv2/testdata/endpoints/source/l7-expose-paths.golden @@ -0,0 +1,67 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "exposed_cluster_9090", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9090 + } + } + } + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "exposed_cluster_9091", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9091 + } + } + } + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:port1", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/source/local-and-inbound-connections.golden b/agent/xdsv2/testdata/endpoints/source/local-and-inbound-connections.golden new file mode 100644 index 000000000000..c9e8727f031d --- /dev/null +++ b/agent/xdsv2/testdata/endpoints/source/local-and-inbound-connections.golden @@ -0,0 +1,87 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "exposed_cluster_9090", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9090 + } + } + } + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "exposed_cluster_9091", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9091 + } + } + } + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:port1", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:port3", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8081 + } + } + } + } + ] + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/source/multiport-l4-multiple-workload-addresses-with-specific-ports.golden b/agent/xdsv2/testdata/endpoints/source/multiport-l4-multiple-workload-addresses-with-specific-ports.golden new file mode 100644 index 000000000000..916fbc26ceab --- /dev/null +++ b/agent/xdsv2/testdata/endpoints/source/multiport-l4-multiple-workload-addresses-with-specific-ports.golden @@ -0,0 +1,47 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:admin-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:api-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9090 + } + } + } + } + ] + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/source/multiport-l4-multiple-workload-addresses-without-ports.golden b/agent/xdsv2/testdata/endpoints/source/multiport-l4-multiple-workload-addresses-without-ports.golden new file mode 100644 index 000000000000..916fbc26ceab --- /dev/null +++ b/agent/xdsv2/testdata/endpoints/source/multiport-l4-multiple-workload-addresses-without-ports.golden @@ -0,0 +1,47 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:admin-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:api-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9090 + } + } + } + } + ] + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/source/multiport-l4-workload-with-only-mesh-port.golden b/agent/xdsv2/testdata/endpoints/source/multiport-l4-workload-with-only-mesh-port.golden new file mode 100644 index 000000000000..47b46bca225b --- /dev/null +++ b/agent/xdsv2/testdata/endpoints/source/multiport-l4-workload-with-only-mesh-port.golden @@ -0,0 +1,5 @@ +{ + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden b/agent/xdsv2/testdata/endpoints/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden new file mode 100644 index 000000000000..916fbc26ceab --- /dev/null +++ b/agent/xdsv2/testdata/endpoints/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden @@ -0,0 +1,47 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:admin-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:api-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9090 + } + } + } + } + ] + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/source/multiport-l7-multiple-workload-addresses-without-ports.golden b/agent/xdsv2/testdata/endpoints/source/multiport-l7-multiple-workload-addresses-without-ports.golden new file mode 100644 index 000000000000..e3c67d2c90ae --- /dev/null +++ b/agent/xdsv2/testdata/endpoints/source/multiport-l7-multiple-workload-addresses-without-ports.golden @@ -0,0 +1,67 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:admin-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:api-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9090 + } + } + } + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:grpc-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9091 + } + } + } + } + ] + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/input/l4-single-implicit-destination-tproxy.golden b/agent/xdsv2/testdata/input/l4-single-implicit-destination-tproxy.golden deleted file mode 100644 index feaa68bd3c23..000000000000 --- a/agent/xdsv2/testdata/input/l4-single-implicit-destination-tproxy.golden +++ /dev/null @@ -1,110 +0,0 @@ -{ - "proxyState": { - "identity": { - "tenancy": { - "partition": "default", - "namespace": "default", - "peerName": "local" - }, - "name": "test-identity" - }, - "listeners": [ - { - "name": "outbound_listener", - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 15001 - }, - "routers": [ - { - "match": { - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ], - "destinationPort": 8080 - }, - "l4": { - "cluster": { - "name": "tcp.api-1.default.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp.api-1.default.default.dc1" - } - } - ], - "capabilities": [ - "CAPABILITY_TRANSPARENT" - ], - "defaultRouter": { - "l4": { - "cluster": { - "name": "original-destination" - }, - "statPrefix": "upstream.original-destination" - } - } - } - ], - "clusters": { - "tcp.api-1.default.dc1.internal.foo.consul": { - "endpointGroup": { - "dynamic": { - "config": { - "disablePanicThreshold": true - }, - "outboundTls": { - "outboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - }, - "sni": "api-1.default.dc1.internal.foo.consul" - }, - "alpnProtocols": [ - "consul~tcp" - ] - } - } - } - } - }, - "leafCertificates": { - "test-identity": { - "cert": "cert1", - "key": "key1" - } - }, - "trustBundles": { - "local": { - "trustDomain": "foo.consul", - "roots": [ - "root1" - ] - } - } - }, - "requiredEndpoints": { - "api-1.default.dc1.internal.foo.consul": { - "id": { - "name": "api-1", - "type": { - "group": "catalog", - "groupVersion": "v1alpha1", - "kind": "ServiceEndpoints" - }, - "tenancy": { - "partition": "default", - "namespace": "default", - "peerName": "local" - } - }, - "port": "mesh" - } - } -} \ No newline at end of file diff --git a/agent/xdsv2/testdata/listeners/destination/l4-implicit-and-explicit-destinations-tproxy.golden b/agent/xdsv2/testdata/listeners/destination/l4-implicit-and-explicit-destinations-tproxy.golden new file mode 100644 index 000000000000..35304ea0d7f5 --- /dev/null +++ b/agent/xdsv2/testdata/listeners/destination/l4-implicit-and-explicit-destinations-tproxy.golden @@ -0,0 +1,90 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "default/local/default/api-1:tcp:1.1.1.1:1234", + "address": { + "socketAddress": { + "address": "1.1.1.1", + "portValue": 1234 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.tcp.api-1.default.default.dc1", + "cluster": "tcp.api-1.default.dc1.internal.foo.consul" + } + } + ] + } + ], + "trafficDirection": "OUTBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "outbound_listener", + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 15001 + } + }, + "filterChains": [ + { + "filterChainMatch": { + "destinationPort": 7070, + "prefixRanges": [ + { + "addressPrefix": "2.2.2.2", + "prefixLen": 32 + }, + { + "addressPrefix": "3.3.3.3", + "prefixLen": 32 + } + ] + }, + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.tcp.api-2.default.default.dc1", + "cluster": "tcp.api-2.default.dc1.internal.foo.consul" + } + } + ] + } + ], + "defaultFilterChain": { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.original-destination", + "cluster": "original-destination" + } + } + ] + }, + "listenerFilters": [ + { + "name": "envoy.filters.listener.original_dst", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst" + } + } + ], + "trafficDirection": "OUTBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/listeners/destination/l4-multi-destination.golden b/agent/xdsv2/testdata/listeners/destination/l4-multi-destination.golden new file mode 100644 index 000000000000..105b508ef52c --- /dev/null +++ b/agent/xdsv2/testdata/listeners/destination/l4-multi-destination.golden @@ -0,0 +1,137 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "default/local/default/api-1:tcp2:1.1.1.1:2345", + "address": { + "socketAddress": { + "address": "1.1.1.1", + "portValue": 2345 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.tcp2.api-1.default.default.dc1", + "weightedClusters": { + "clusters": [ + { + "name": "tcp2.api-2.default.dc1.internal.foo.consul", + "weight": 60 + }, + { + "name": "tcp2.api-1.default.dc1.internal.foo.consul", + "weight": 40 + }, + { + "name": "null_route_cluster", + "weight": 10 + } + ] + } + } + } + ] + } + ], + "trafficDirection": "OUTBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "default/local/default/api-1:tcp:1.1.1.1:1234", + "address": { + "socketAddress": { + "address": "1.1.1.1", + "portValue": 1234 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.tcp.api-1.default.default.dc1", + "weightedClusters": { + "clusters": [ + { + "name": "tcp.api-2.default.dc1.internal.foo.consul", + "weight": 60 + }, + { + "name": "tcp.api-1.default.dc1.internal.foo.consul", + "weight": 40 + }, + { + "name": "null_route_cluster", + "weight": 10 + } + ] + } + } + } + ] + } + ], + "trafficDirection": "OUTBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "default/local/default/api-2:tcp2:/path/to/socket", + "address": { + "pipe": { + "path": "/path/to/socket", + "mode": 438 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.tcp2.api-2.default.default.dc1", + "cluster": "tcp2.api-2.default.dc1.internal.foo.consul" + } + } + ] + } + ], + "trafficDirection": "OUTBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "default/local/default/api-2:tcp:/path/to/socket", + "address": { + "pipe": { + "path": "/path/to/socket", + "mode": 438 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.tcp.api-2.default.default.dc1", + "cluster": "tcp.api-2.default.dc1.internal.foo.consul" + } + } + ] + } + ], + "trafficDirection": "OUTBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/listeners/destination/l4-multiple-implicit-destinations-tproxy.golden b/agent/xdsv2/testdata/listeners/destination/l4-multiple-implicit-destinations-tproxy.golden new file mode 100644 index 000000000000..7901233ae959 --- /dev/null +++ b/agent/xdsv2/testdata/listeners/destination/l4-multiple-implicit-destinations-tproxy.golden @@ -0,0 +1,86 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "outbound_listener", + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 15001 + } + }, + "filterChains": [ + { + "filterChainMatch": { + "destinationPort": 7070, + "prefixRanges": [ + { + "addressPrefix": "1.1.1.1", + "prefixLen": 32 + } + ] + }, + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.tcp.api-1.default.default.dc1", + "cluster": "tcp.api-1.default.dc1.internal.foo.consul" + } + } + ] + }, + { + "filterChainMatch": { + "destinationPort": 7070, + "prefixRanges": [ + { + "addressPrefix": "2.2.2.2", + "prefixLen": 32 + }, + { + "addressPrefix": "3.3.3.3", + "prefixLen": 32 + } + ] + }, + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.tcp.api-2.default.default.dc1", + "cluster": "tcp.api-2.default.dc1.internal.foo.consul" + } + } + ] + } + ], + "defaultFilterChain": { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.original-destination", + "cluster": "original-destination" + } + } + ] + }, + "listenerFilters": [ + { + "name": "envoy.filters.listener.original_dst", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst" + } + } + ], + "trafficDirection": "OUTBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/listeners/destination/l4-single-destination-ip-port-bind-address.golden b/agent/xdsv2/testdata/listeners/destination/l4-single-destination-ip-port-bind-address.golden new file mode 100644 index 000000000000..5f78003e3fd8 --- /dev/null +++ b/agent/xdsv2/testdata/listeners/destination/l4-single-destination-ip-port-bind-address.golden @@ -0,0 +1,47 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "default/local/default/api-1:tcp:1.1.1.1:1234", + "address": { + "socketAddress": { + "address": "1.1.1.1", + "portValue": 1234 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.tcp.api-1.default.default.dc1", + "weightedClusters": { + "clusters": [ + { + "name": "tcp.api-2.default.dc1.internal.foo.consul", + "weight": 60 + }, + { + "name": "tcp.api-1.default.dc1.internal.foo.consul", + "weight": 40 + }, + { + "name": "null_route_cluster", + "weight": 10 + } + ] + } + } + } + ] + } + ], + "trafficDirection": "OUTBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/listeners/destination/l4-single-destination-unix-socket-bind-address.golden b/agent/xdsv2/testdata/listeners/destination/l4-single-destination-unix-socket-bind-address.golden new file mode 100644 index 000000000000..cf468d7fbbcf --- /dev/null +++ b/agent/xdsv2/testdata/listeners/destination/l4-single-destination-unix-socket-bind-address.golden @@ -0,0 +1,32 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "default/local/default/api-2:tcp:/path/to/socket", + "address": { + "pipe": { + "path": "/path/to/socket", + "mode": 438 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.tcp.api-2.default.default.dc1", + "cluster": "tcp.api-2.default.dc1.internal.foo.consul" + } + } + ] + } + ], + "trafficDirection": "OUTBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/output/listeners/l4-single-implicit-destination-tproxy.golden b/agent/xdsv2/testdata/listeners/destination/l4-single-implicit-destination-tproxy.golden similarity index 78% rename from agent/xdsv2/testdata/output/listeners/l4-single-implicit-destination-tproxy.golden rename to agent/xdsv2/testdata/listeners/destination/l4-single-implicit-destination-tproxy.golden index d34b4e610793..ce759b6b0211 100644 --- a/agent/xdsv2/testdata/output/listeners/l4-single-implicit-destination-tproxy.golden +++ b/agent/xdsv2/testdata/listeners/destination/l4-single-implicit-destination-tproxy.golden @@ -10,22 +10,10 @@ "portValue": 15001 } }, - "defaultFilterChain": { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "original-destination", - "statPrefix": "upstream.original-destination" - } - } - ] - }, "filterChains": [ { "filterChainMatch": { - "destinationPort": 8080, + "destinationPort": 7070, "prefixRanges": [ { "addressPrefix": "1.1.1.1", @@ -45,6 +33,18 @@ ] } ], + "defaultFilterChain": { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.original-destination", + "cluster": "original-destination" + } + } + ] + }, "listenerFilters": [ { "name": "envoy.filters.listener.original_dst", diff --git a/agent/xdsv2/testdata/listeners/destination/mixed-multi-destination.golden b/agent/xdsv2/testdata/listeners/destination/mixed-multi-destination.golden new file mode 100644 index 000000000000..23dd5e4c6475 --- /dev/null +++ b/agent/xdsv2/testdata/listeners/destination/mixed-multi-destination.golden @@ -0,0 +1,119 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "default/local/default/api-1:http:1.1.1.1:1234", + "address": { + "socketAddress": { + "address": "1.1.1.1", + "portValue": 1234 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "statPrefix": "upstream.", + "rds": { + "configSource": { + "ads": {}, + "resourceApiVersion": "V3" + }, + "routeConfigName": "default/local/default/api-1:http:1.1.1.1:1234" + }, + "httpFilters": [ + { + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + } + ], + "tracing": { + "randomSampling": {} + }, + "upgradeConfigs": [ + { + "upgradeType": "websocket" + } + ] + } + } + ] + } + ], + "trafficDirection": "OUTBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "default/local/default/api-1:tcp:1.1.1.1:1234", + "address": { + "socketAddress": { + "address": "1.1.1.1", + "portValue": 1234 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.tcp.api-1.default.default.dc1", + "weightedClusters": { + "clusters": [ + { + "name": "tcp.api-2.default.dc1.internal.foo.consul", + "weight": 60 + }, + { + "name": "tcp.api-1.default.dc1.internal.foo.consul", + "weight": 40 + }, + { + "name": "null_route_cluster", + "weight": 10 + } + ] + } + } + } + ] + } + ], + "trafficDirection": "OUTBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "default/local/default/api-2:tcp:/path/to/socket", + "address": { + "pipe": { + "path": "/path/to/socket", + "mode": 438 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.tcp.api-2.default.default.dc1", + "cluster": "tcp.api-2.default.dc1.internal.foo.consul" + } + } + ] + } + ], + "trafficDirection": "OUTBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/listeners/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden b/agent/xdsv2/testdata/listeners/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden new file mode 100644 index 000000000000..9cd146e6ef0d --- /dev/null +++ b/agent/xdsv2/testdata/listeners/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden @@ -0,0 +1,222 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "outbound_listener", + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 15001 + } + }, + "filterChains": [ + { + "filterChainMatch": { + "destinationPort": 7070, + "prefixRanges": [ + { + "addressPrefix": "1.1.1.1", + "prefixLen": 32 + } + ] + }, + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.tcp.api-app.default.default.dc1", + "cluster": "tcp.api-app.default.dc1.internal.foo.consul" + } + } + ] + }, + { + "filterChainMatch": { + "destinationPort": 8080, + "prefixRanges": [ + { + "addressPrefix": "1.1.1.1", + "prefixLen": 32 + } + ] + }, + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "statPrefix": "upstream.", + "rds": { + "configSource": { + "ads": {}, + "resourceApiVersion": "V3" + }, + "routeConfigName": "default/local/default/api-app:http" + }, + "httpFilters": [ + { + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + } + ], + "tracing": { + "randomSampling": {} + }, + "upgradeConfigs": [ + { + "upgradeType": "websocket" + } + ] + } + } + ] + }, + { + "filterChainMatch": { + "destinationPort": 8081, + "prefixRanges": [ + { + "addressPrefix": "1.1.1.1", + "prefixLen": 32 + } + ] + }, + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.tcp2.api-app.default.default.dc1", + "cluster": "tcp2.api-app.default.dc1.internal.foo.consul" + } + } + ] + }, + { + "filterChainMatch": { + "destinationPort": 7070, + "prefixRanges": [ + { + "addressPrefix": "2.2.2.2", + "prefixLen": 32 + }, + { + "addressPrefix": "3.3.3.3", + "prefixLen": 32 + } + ] + }, + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.tcp.api-app2.default.default.dc1", + "cluster": "tcp.api-app2.default.dc1.internal.foo.consul" + } + } + ] + }, + { + "filterChainMatch": { + "destinationPort": 8080, + "prefixRanges": [ + { + "addressPrefix": "2.2.2.2", + "prefixLen": 32 + }, + { + "addressPrefix": "3.3.3.3", + "prefixLen": 32 + } + ] + }, + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "statPrefix": "upstream.", + "rds": { + "configSource": { + "ads": {}, + "resourceApiVersion": "V3" + }, + "routeConfigName": "default/local/default/api-app2:http" + }, + "httpFilters": [ + { + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + } + ], + "tracing": { + "randomSampling": {} + }, + "upgradeConfigs": [ + { + "upgradeType": "websocket" + } + ] + } + } + ] + }, + { + "filterChainMatch": { + "destinationPort": 8081, + "prefixRanges": [ + { + "addressPrefix": "2.2.2.2", + "prefixLen": 32 + }, + { + "addressPrefix": "3.3.3.3", + "prefixLen": 32 + } + ] + }, + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.tcp2.api-app2.default.default.dc1", + "cluster": "tcp2.api-app2.default.dc1.internal.foo.consul" + } + } + ] + } + ], + "defaultFilterChain": { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.original-destination", + "cluster": "original-destination" + } + } + ] + }, + "listenerFilters": [ + { + "name": "envoy.filters.listener.original_dst", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst" + } + } + ], + "trafficDirection": "OUTBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/listeners/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden b/agent/xdsv2/testdata/listeners/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden new file mode 100644 index 000000000000..71dec1b4db46 --- /dev/null +++ b/agent/xdsv2/testdata/listeners/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden @@ -0,0 +1,125 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "outbound_listener", + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 15001 + } + }, + "filterChains": [ + { + "filterChainMatch": { + "destinationPort": 7070, + "prefixRanges": [ + { + "addressPrefix": "1.1.1.1", + "prefixLen": 32 + } + ] + }, + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.tcp.api-app.default.default.dc1", + "cluster": "tcp.api-app.default.dc1.internal.foo.consul" + } + } + ] + }, + { + "filterChainMatch": { + "destinationPort": 8080, + "prefixRanges": [ + { + "addressPrefix": "1.1.1.1", + "prefixLen": 32 + } + ] + }, + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "statPrefix": "upstream.", + "rds": { + "configSource": { + "ads": {}, + "resourceApiVersion": "V3" + }, + "routeConfigName": "default/local/default/api-app:http" + }, + "httpFilters": [ + { + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + } + ], + "tracing": { + "randomSampling": {} + }, + "upgradeConfigs": [ + { + "upgradeType": "websocket" + } + ] + } + } + ] + }, + { + "filterChainMatch": { + "destinationPort": 8081, + "prefixRanges": [ + { + "addressPrefix": "1.1.1.1", + "prefixLen": 32 + } + ] + }, + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.tcp2.api-app.default.default.dc1", + "cluster": "tcp2.api-app.default.dc1.internal.foo.consul" + } + } + ] + } + ], + "defaultFilterChain": { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.original-destination", + "cluster": "original-destination" + } + } + ] + }, + "listenerFilters": [ + { + "name": "envoy.filters.listener.original_dst", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst" + } + } + ], + "trafficDirection": "OUTBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/listeners/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden b/agent/xdsv2/testdata/listeners/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden new file mode 100644 index 000000000000..71dec1b4db46 --- /dev/null +++ b/agent/xdsv2/testdata/listeners/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden @@ -0,0 +1,125 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "outbound_listener", + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 15001 + } + }, + "filterChains": [ + { + "filterChainMatch": { + "destinationPort": 7070, + "prefixRanges": [ + { + "addressPrefix": "1.1.1.1", + "prefixLen": 32 + } + ] + }, + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.tcp.api-app.default.default.dc1", + "cluster": "tcp.api-app.default.dc1.internal.foo.consul" + } + } + ] + }, + { + "filterChainMatch": { + "destinationPort": 8080, + "prefixRanges": [ + { + "addressPrefix": "1.1.1.1", + "prefixLen": 32 + } + ] + }, + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "statPrefix": "upstream.", + "rds": { + "configSource": { + "ads": {}, + "resourceApiVersion": "V3" + }, + "routeConfigName": "default/local/default/api-app:http" + }, + "httpFilters": [ + { + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + } + ], + "tracing": { + "randomSampling": {} + }, + "upgradeConfigs": [ + { + "upgradeType": "websocket" + } + ] + } + } + ] + }, + { + "filterChainMatch": { + "destinationPort": 8081, + "prefixRanges": [ + { + "addressPrefix": "1.1.1.1", + "prefixLen": 32 + } + ] + }, + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.tcp2.api-app.default.default.dc1", + "cluster": "tcp2.api-app.default.dc1.internal.foo.consul" + } + } + ] + } + ], + "defaultFilterChain": { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "upstream.original-destination", + "cluster": "original-destination" + } + } + ] + }, + "listenerFilters": [ + { + "name": "envoy.filters.listener.original_dst", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst" + } + } + ], + "trafficDirection": "OUTBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/listeners/source/l4-multiple-workload-addresses-with-specific-ports.golden b/agent/xdsv2/testdata/listeners/source/l4-multiple-workload-addresses-with-specific-ports.golden new file mode 100644 index 000000000000..644769d8423f --- /dev/null +++ b/agent/xdsv2/testdata/listeners/source/l4-multiple-workload-addresses-with-specific-ports.golden @@ -0,0 +1,100 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "public_listener", + "address": { + "socketAddress": { + "address": "10.0.0.2", + "portValue": 20000 + } + }, + "filterChains": [ + { + "filterChainMatch": { + "applicationProtocols": [ + "consul~port1" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + "policies": { + "consul-intentions-layer4": { + "permissions": [ + { + "any": true + } + ], + "principals": [ + { + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://foo.consul/ap/default/ns/default/identity/foo$" + } + } + } + } + ] + } + } + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "public_listener", + "cluster": "local_app:port1" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + } + } + }, + "requireClientCertificate": true + } + } + } + ], + "listenerFilters": [ + { + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } + } + ], + "trafficDirection": "INBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/listeners/source/l4-multiple-workload-addresses-without-ports.golden b/agent/xdsv2/testdata/listeners/source/l4-multiple-workload-addresses-without-ports.golden new file mode 100644 index 000000000000..82581d576248 --- /dev/null +++ b/agent/xdsv2/testdata/listeners/source/l4-multiple-workload-addresses-without-ports.golden @@ -0,0 +1,78 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "public_listener", + "address": { + "socketAddress": { + "address": "10.0.0.1", + "portValue": 20000 + } + }, + "filterChains": [ + { + "filterChainMatch": { + "applicationProtocols": [ + "consul~port1" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": {}, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "public_listener", + "cluster": "local_app:port1" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + } + } + }, + "requireClientCertificate": true + } + } + } + ], + "listenerFilters": [ + { + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } + } + ], + "trafficDirection": "INBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/listeners/source/l4-single-workload-address-without-ports.golden b/agent/xdsv2/testdata/listeners/source/l4-single-workload-address-without-ports.golden new file mode 100644 index 000000000000..82581d576248 --- /dev/null +++ b/agent/xdsv2/testdata/listeners/source/l4-single-workload-address-without-ports.golden @@ -0,0 +1,78 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "public_listener", + "address": { + "socketAddress": { + "address": "10.0.0.1", + "portValue": 20000 + } + }, + "filterChains": [ + { + "filterChainMatch": { + "applicationProtocols": [ + "consul~port1" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": {}, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "public_listener", + "cluster": "local_app:port1" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + } + } + }, + "requireClientCertificate": true + } + } + } + ], + "listenerFilters": [ + { + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } + } + ], + "trafficDirection": "INBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/listeners/source/l7-expose-paths.golden b/agent/xdsv2/testdata/listeners/source/l7-expose-paths.golden new file mode 100644 index 000000000000..973c825a6c63 --- /dev/null +++ b/agent/xdsv2/testdata/listeners/source/l7-expose-paths.golden @@ -0,0 +1,201 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "exposed_path_GetHealth1235", + "address": { + "socketAddress": { + "address": "10.0.0.1", + "portValue": 1235 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "statPrefix": "exposed_path_route_GetHealth1235", + "routeConfig": { + "name": "exposed_path_route_GetHealth1235", + "virtualHosts": [ + { + "name": "exposed_path_route_GetHealth1235", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "path": "GetHealth" + }, + "route": { + "cluster": "exposed_cluster_9091" + } + } + ] + } + ] + }, + "httpFilters": [ + { + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + } + ], + "tracing": { + "randomSampling": {} + }, + "http2ProtocolOptions": {}, + "upgradeConfigs": [ + { + "upgradeType": "websocket" + } + ] + } + } + ] + } + ], + "trafficDirection": "INBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "exposed_path_health1234", + "address": { + "socketAddress": { + "address": "10.0.0.1", + "portValue": 1234 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "statPrefix": "exposed_path_route_health1234", + "routeConfig": { + "name": "exposed_path_route_health1234", + "virtualHosts": [ + { + "name": "exposed_path_route_health1234", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "path": "/health" + }, + "route": { + "cluster": "exposed_cluster_9090" + } + } + ] + } + ] + }, + "httpFilters": [ + { + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + } + ], + "tracing": { + "randomSampling": {} + }, + "upgradeConfigs": [ + { + "upgradeType": "websocket" + } + ] + } + } + ] + } + ], + "trafficDirection": "INBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "public_listener", + "address": { + "socketAddress": { + "address": "10.0.0.1", + "portValue": 20000 + } + }, + "filterChains": [ + { + "filterChainMatch": { + "applicationProtocols": [ + "consul~port1" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": {}, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "public_listener", + "cluster": "local_app:port1" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + } + } + }, + "requireClientCertificate": true + } + } + } + ], + "listenerFilters": [ + { + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } + } + ], + "trafficDirection": "INBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/listeners/source/local-and-inbound-connections.golden b/agent/xdsv2/testdata/listeners/source/local-and-inbound-connections.golden new file mode 100644 index 000000000000..916961daaf9f --- /dev/null +++ b/agent/xdsv2/testdata/listeners/source/local-and-inbound-connections.golden @@ -0,0 +1,309 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "exposed_path_GetHealth1235", + "address": { + "socketAddress": { + "address": "10.0.0.1", + "portValue": 1235 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "statPrefix": "exposed_path_route_GetHealth1235", + "routeConfig": { + "name": "exposed_path_route_GetHealth1235", + "virtualHosts": [ + { + "name": "exposed_path_route_GetHealth1235", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "path": "GetHealth" + }, + "route": { + "cluster": "exposed_cluster_9091" + } + } + ] + } + ] + }, + "httpFilters": [ + { + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + } + ], + "tracing": { + "randomSampling": {} + }, + "http2ProtocolOptions": {}, + "upgradeConfigs": [ + { + "upgradeType": "websocket" + } + ] + } + } + ] + } + ], + "trafficDirection": "INBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "exposed_path_health1234", + "address": { + "socketAddress": { + "address": "10.0.0.1", + "portValue": 1234 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "statPrefix": "exposed_path_route_health1234", + "routeConfig": { + "name": "exposed_path_route_health1234", + "virtualHosts": [ + { + "name": "exposed_path_route_health1234", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "path": "/health" + }, + "route": { + "cluster": "exposed_cluster_9090" + } + } + ] + } + ] + }, + "httpFilters": [ + { + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + } + ], + "tracing": { + "randomSampling": {} + }, + "upgradeConfigs": [ + { + "upgradeType": "websocket" + } + ] + } + } + ] + } + ], + "trafficDirection": "INBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "public_listener", + "address": { + "socketAddress": { + "address": "10.0.0.1", + "portValue": 20000 + } + }, + "filterChains": [ + { + "filterChainMatch": { + "applicationProtocols": [ + "consul~port1" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": {}, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.connection_limit", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.connection_limit.v3.ConnectionLimit", + "statPrefix": "inbound_connection_limit", + "maxConnections": "123" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "public_listener", + "cluster": "local_app:port1" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filterChainMatch": { + "applicationProtocols": [ + "consul~port3" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.connection_limit", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.connection_limit.v3.ConnectionLimit", + "statPrefix": "inbound_connection_limit", + "maxConnections": "123" + } + }, + { + "name": "envoy.filters.network.http_connection_manager", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "statPrefix": "public_listener", + "routeConfig": { + "name": "public_listener:port3", + "virtualHosts": [ + { + "name": "public_listener:port3", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "local_app:port3", + "timeout": "9s" + } + } + ] + } + ] + }, + "httpFilters": [ + { + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": {} + } + }, + { + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + } + ], + "tracing": { + "randomSampling": {} + }, + "upgradeConfigs": [ + { + "upgradeType": "websocket" + } + ] + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + } + }, + "alpnProtocols": [ + "http/1.1" + ] + }, + "requireClientCertificate": true + } + } + } + ], + "listenerFilters": [ + { + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } + } + ], + "trafficDirection": "INBOUND", + "connectionBalanceConfig": { + "exactBalance": {} + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/listeners/source/multiport-l4-multiple-workload-addresses-with-specific-ports.golden b/agent/xdsv2/testdata/listeners/source/multiport-l4-multiple-workload-addresses-with-specific-ports.golden new file mode 100644 index 000000000000..10fcbb9c9b6c --- /dev/null +++ b/agent/xdsv2/testdata/listeners/source/multiport-l4-multiple-workload-addresses-with-specific-ports.golden @@ -0,0 +1,128 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "public_listener", + "address": { + "socketAddress": { + "address": "10.0.0.3", + "portValue": 20000 + } + }, + "filterChains": [ + { + "filterChainMatch": { + "applicationProtocols": [ + "consul~admin-port" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": {}, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "public_listener", + "cluster": "local_app:admin-port" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filterChainMatch": { + "applicationProtocols": [ + "consul~api-port" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": {}, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "public_listener", + "cluster": "local_app:api-port" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + } + } + }, + "requireClientCertificate": true + } + } + } + ], + "listenerFilters": [ + { + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } + } + ], + "trafficDirection": "INBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/listeners/source/multiport-l4-multiple-workload-addresses-without-ports.golden b/agent/xdsv2/testdata/listeners/source/multiport-l4-multiple-workload-addresses-without-ports.golden new file mode 100644 index 000000000000..ba8670185485 --- /dev/null +++ b/agent/xdsv2/testdata/listeners/source/multiport-l4-multiple-workload-addresses-without-ports.golden @@ -0,0 +1,128 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "public_listener", + "address": { + "socketAddress": { + "address": "10.0.0.1", + "portValue": 20000 + } + }, + "filterChains": [ + { + "filterChainMatch": { + "applicationProtocols": [ + "consul~admin-port" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": {}, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "public_listener", + "cluster": "local_app:admin-port" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + } + } + }, + "requireClientCertificate": true + } + } + }, + { + "filterChainMatch": { + "applicationProtocols": [ + "consul~api-port" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": {}, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "public_listener", + "cluster": "local_app:api-port" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + } + } + }, + "requireClientCertificate": true + } + } + } + ], + "listenerFilters": [ + { + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } + } + ], + "trafficDirection": "INBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/listeners/source/multiport-l4-workload-with-only-mesh-port.golden b/agent/xdsv2/testdata/listeners/source/multiport-l4-workload-with-only-mesh-port.golden new file mode 100644 index 000000000000..15d019e69ca5 --- /dev/null +++ b/agent/xdsv2/testdata/listeners/source/multiport-l4-workload-with-only-mesh-port.golden @@ -0,0 +1,40 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "public_listener", + "address": { + "socketAddress": { + "address": "10.0.0.1", + "portValue": 20000 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "public_listener", + "cluster": "black-hole-cluster" + } + } + ] + } + ], + "listenerFilters": [ + { + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } + } + ], + "trafficDirection": "INBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/listeners/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden b/agent/xdsv2/testdata/listeners/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden new file mode 100644 index 000000000000..1f0d971a9905 --- /dev/null +++ b/agent/xdsv2/testdata/listeners/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden @@ -0,0 +1,206 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "public_listener", + "address": { + "socketAddress": { + "address": "10.0.0.3", + "portValue": 20000 + } + }, + "filterChains": [ + { + "filterChainMatch": { + "applicationProtocols": [ + "consul~admin-port" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "statPrefix": "public_listener", + "routeConfig": { + "name": "public_listener:admin-port", + "virtualHosts": [ + { + "name": "public_listener:admin-port", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "local_app:admin-port" + } + } + ] + } + ] + }, + "httpFilters": [ + { + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": {} + } + }, + { + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + } + ], + "tracing": { + "randomSampling": {} + }, + "upgradeConfigs": [ + { + "upgradeType": "websocket" + } + ] + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + } + }, + "alpnProtocols": [ + "http/1.1" + ] + }, + "requireClientCertificate": true + } + } + }, + { + "filterChainMatch": { + "applicationProtocols": [ + "consul~api-port" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "statPrefix": "public_listener", + "routeConfig": { + "name": "public_listener:api-port", + "virtualHosts": [ + { + "name": "public_listener:api-port", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "local_app:api-port" + } + } + ] + } + ] + }, + "httpFilters": [ + { + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": {} + } + }, + { + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + } + ], + "tracing": { + "randomSampling": {} + }, + "http2ProtocolOptions": {}, + "upgradeConfigs": [ + { + "upgradeType": "websocket" + } + ] + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + } + }, + "alpnProtocols": [ + "h2", + "http/1.1" + ] + }, + "requireClientCertificate": true + } + } + } + ], + "listenerFilters": [ + { + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } + } + ], + "trafficDirection": "INBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/listeners/source/multiport-l7-multiple-workload-addresses-without-ports.golden b/agent/xdsv2/testdata/listeners/source/multiport-l7-multiple-workload-addresses-without-ports.golden new file mode 100644 index 000000000000..594d47c96c55 --- /dev/null +++ b/agent/xdsv2/testdata/listeners/source/multiport-l7-multiple-workload-addresses-without-ports.golden @@ -0,0 +1,309 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "public_listener", + "address": { + "socketAddress": { + "address": "10.0.0.1", + "portValue": 20000 + } + }, + "filterChains": [ + { + "filterChainMatch": { + "applicationProtocols": [ + "consul~admin-port" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "statPrefix": "public_listener", + "routeConfig": { + "name": "public_listener:admin-port", + "virtualHosts": [ + { + "name": "public_listener:admin-port", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "local_app:admin-port" + } + } + ] + } + ] + }, + "httpFilters": [ + { + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": {} + } + }, + { + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + } + ], + "tracing": { + "randomSampling": {} + }, + "upgradeConfigs": [ + { + "upgradeType": "websocket" + } + ] + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + } + }, + "alpnProtocols": [ + "http/1.1" + ] + }, + "requireClientCertificate": true + } + } + }, + { + "filterChainMatch": { + "applicationProtocols": [ + "consul~api-port" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "statPrefix": "public_listener", + "routeConfig": { + "name": "public_listener:api-port", + "virtualHosts": [ + { + "name": "public_listener:api-port", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "local_app:api-port" + } + } + ] + } + ] + }, + "httpFilters": [ + { + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": {} + } + }, + { + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + } + ], + "tracing": { + "randomSampling": {} + }, + "http2ProtocolOptions": {}, + "upgradeConfigs": [ + { + "upgradeType": "websocket" + } + ] + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + } + }, + "alpnProtocols": [ + "h2", + "http/1.1" + ] + }, + "requireClientCertificate": true + } + } + }, + { + "filterChainMatch": { + "applicationProtocols": [ + "consul~grpc-port" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "statPrefix": "public_listener", + "routeConfig": { + "name": "public_listener:grpc-port", + "virtualHosts": [ + { + "name": "public_listener:grpc-port", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "local_app:grpc-port" + } + } + ] + } + ] + }, + "httpFilters": [ + { + "name": "envoy.filters.http.grpc_stats", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.grpc_stats.v3.FilterConfig", + "statsForAllMethods": true + } + }, + { + "name": "envoy.filters.http.grpc_http1_bridge", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.grpc_http1_bridge.v3.Config" + } + }, + { + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": {} + } + }, + { + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + } + ], + "tracing": { + "randomSampling": {} + }, + "http2ProtocolOptions": {}, + "upgradeConfigs": [ + { + "upgradeType": "websocket" + } + ] + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + } + }, + "alpnProtocols": [ + "h2", + "http/1.1" + ] + }, + "requireClientCertificate": true + } + } + } + ], + "listenerFilters": [ + { + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } + } + ], + "trafficDirection": "INBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/output/clusters/l4-single-implicit-destination-tproxy.golden b/agent/xdsv2/testdata/output/clusters/l4-single-implicit-destination-tproxy.golden deleted file mode 100644 index 611c863c3af9..000000000000 --- a/agent/xdsv2/testdata/output/clusters/l4-single-implicit-destination-tproxy.golden +++ /dev/null @@ -1,56 +0,0 @@ -{ - "versionInfo": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "tcp.api-1.default.dc1.internal.foo.consul", - "type": "EDS", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "name": "tcp.api-1.default.dc1.internal.foo.consul", - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "alpnProtocols": [ - "consul~tcp" - ], - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "cert1\n" - }, - "privateKey": { - "inlineString": "key1\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" - } - ], - "trustedCa": { - "inlineString": "root1\n" - } - } - }, - "sni": "api-1.default.dc1.internal.foo.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "nonce": "00000001" -} \ No newline at end of file diff --git a/agent/xdsv2/testdata/routes/destination/l4-implicit-and-explicit-destinations-tproxy.golden b/agent/xdsv2/testdata/routes/destination/l4-implicit-and-explicit-destinations-tproxy.golden new file mode 100644 index 000000000000..306f5220e7b9 --- /dev/null +++ b/agent/xdsv2/testdata/routes/destination/l4-implicit-and-explicit-destinations-tproxy.golden @@ -0,0 +1,5 @@ +{ + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/routes/destination/l4-multi-destination.golden b/agent/xdsv2/testdata/routes/destination/l4-multi-destination.golden new file mode 100644 index 000000000000..306f5220e7b9 --- /dev/null +++ b/agent/xdsv2/testdata/routes/destination/l4-multi-destination.golden @@ -0,0 +1,5 @@ +{ + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/routes/destination/l4-multiple-implicit-destinations-tproxy.golden b/agent/xdsv2/testdata/routes/destination/l4-multiple-implicit-destinations-tproxy.golden new file mode 100644 index 000000000000..306f5220e7b9 --- /dev/null +++ b/agent/xdsv2/testdata/routes/destination/l4-multiple-implicit-destinations-tproxy.golden @@ -0,0 +1,5 @@ +{ + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/routes/destination/l4-single-destination-ip-port-bind-address.golden b/agent/xdsv2/testdata/routes/destination/l4-single-destination-ip-port-bind-address.golden new file mode 100644 index 000000000000..306f5220e7b9 --- /dev/null +++ b/agent/xdsv2/testdata/routes/destination/l4-single-destination-ip-port-bind-address.golden @@ -0,0 +1,5 @@ +{ + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/routes/destination/l4-single-destination-unix-socket-bind-address.golden b/agent/xdsv2/testdata/routes/destination/l4-single-destination-unix-socket-bind-address.golden new file mode 100644 index 000000000000..306f5220e7b9 --- /dev/null +++ b/agent/xdsv2/testdata/routes/destination/l4-single-destination-unix-socket-bind-address.golden @@ -0,0 +1,5 @@ +{ + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/routes/destination/l4-single-implicit-destination-tproxy.golden b/agent/xdsv2/testdata/routes/destination/l4-single-implicit-destination-tproxy.golden new file mode 100644 index 000000000000..306f5220e7b9 --- /dev/null +++ b/agent/xdsv2/testdata/routes/destination/l4-single-implicit-destination-tproxy.golden @@ -0,0 +1,5 @@ +{ + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/routes/destination/mixed-multi-destination.golden b/agent/xdsv2/testdata/routes/destination/mixed-multi-destination.golden new file mode 100644 index 000000000000..28f9669ee371 --- /dev/null +++ b/agent/xdsv2/testdata/routes/destination/mixed-multi-destination.golden @@ -0,0 +1,67 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "default/local/default/api-1:http:1.1.1.1:1234", + "virtualHosts": [ + { + "name": "default/local/default/api-1:http:1.1.1.1:1234", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/split" + }, + "route": { + "weightedClusters": { + "clusters": [ + { + "name": "http.api-2.default.dc1.internal.foo.consul", + "weight": 60 + }, + { + "name": "http.api-1.default.dc1.internal.foo.consul", + "weight": 40 + }, + { + "name": "null_route_cluster", + "weight": 10 + } + ] + }, + "timeout": "77s" + } + }, + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "http.api-1.default.dc1.internal.foo.consul", + "timeout": "606s", + "retryPolicy": { + "retryOn": "connect-failure", + "numRetries": 4 + } + } + }, + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "null_route_cluster" + } + } + ] + } + ], + "validateClusters": true + } + ], + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/routes/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden b/agent/xdsv2/testdata/routes/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden new file mode 100644 index 000000000000..c34c2a0602d2 --- /dev/null +++ b/agent/xdsv2/testdata/routes/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden @@ -0,0 +1,53 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "default/local/default/api-app2:http", + "virtualHosts": [ + { + "name": "default/local/default/api-app2:http", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "http.api-app2.default.dc1.internal.foo.consul" + } + } + ] + } + ], + "validateClusters": true + }, + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "default/local/default/api-app:http", + "virtualHosts": [ + { + "name": "default/local/default/api-app:http", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "http.api-app.default.dc1.internal.foo.consul" + } + } + ] + } + ], + "validateClusters": true + } + ], + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/routes/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden b/agent/xdsv2/testdata/routes/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden new file mode 100644 index 000000000000..caa0f6deb000 --- /dev/null +++ b/agent/xdsv2/testdata/routes/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden @@ -0,0 +1,30 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "default/local/default/api-app:http", + "virtualHosts": [ + { + "name": "default/local/default/api-app:http", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "http.api-app.default.dc1.internal.foo.consul" + } + } + ] + } + ], + "validateClusters": true + } + ], + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/routes/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden b/agent/xdsv2/testdata/routes/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden new file mode 100644 index 000000000000..caa0f6deb000 --- /dev/null +++ b/agent/xdsv2/testdata/routes/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden @@ -0,0 +1,30 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "default/local/default/api-app:http", + "virtualHosts": [ + { + "name": "default/local/default/api-app:http", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "http.api-app.default.dc1.internal.foo.consul" + } + } + ] + } + ], + "validateClusters": true + } + ], + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/routes/source/l4-multiple-workload-addresses-with-specific-ports.golden b/agent/xdsv2/testdata/routes/source/l4-multiple-workload-addresses-with-specific-ports.golden new file mode 100644 index 000000000000..306f5220e7b9 --- /dev/null +++ b/agent/xdsv2/testdata/routes/source/l4-multiple-workload-addresses-with-specific-ports.golden @@ -0,0 +1,5 @@ +{ + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/routes/source/l4-multiple-workload-addresses-without-ports.golden b/agent/xdsv2/testdata/routes/source/l4-multiple-workload-addresses-without-ports.golden new file mode 100644 index 000000000000..306f5220e7b9 --- /dev/null +++ b/agent/xdsv2/testdata/routes/source/l4-multiple-workload-addresses-without-ports.golden @@ -0,0 +1,5 @@ +{ + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/routes/source/l4-single-workload-address-without-ports.golden b/agent/xdsv2/testdata/routes/source/l4-single-workload-address-without-ports.golden new file mode 100644 index 000000000000..306f5220e7b9 --- /dev/null +++ b/agent/xdsv2/testdata/routes/source/l4-single-workload-address-without-ports.golden @@ -0,0 +1,5 @@ +{ + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/routes/source/l7-expose-paths.golden b/agent/xdsv2/testdata/routes/source/l7-expose-paths.golden new file mode 100644 index 000000000000..68b5239aec9e --- /dev/null +++ b/agent/xdsv2/testdata/routes/source/l7-expose-paths.golden @@ -0,0 +1,53 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "exposed_path_route_GetHealth1235", + "virtualHosts": [ + { + "name": "exposed_path_route_GetHealth1235", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "path": "GetHealth" + }, + "route": { + "cluster": "exposed_cluster_9091" + } + } + ] + } + ], + "validateClusters": true + }, + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "exposed_path_route_health1234", + "virtualHosts": [ + { + "name": "exposed_path_route_health1234", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "path": "/health" + }, + "route": { + "cluster": "exposed_cluster_9090" + } + } + ] + } + ], + "validateClusters": true + } + ], + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/routes/source/local-and-inbound-connections.golden b/agent/xdsv2/testdata/routes/source/local-and-inbound-connections.golden new file mode 100644 index 000000000000..97c96f44bb62 --- /dev/null +++ b/agent/xdsv2/testdata/routes/source/local-and-inbound-connections.golden @@ -0,0 +1,77 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "exposed_path_route_GetHealth1235", + "virtualHosts": [ + { + "name": "exposed_path_route_GetHealth1235", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "path": "GetHealth" + }, + "route": { + "cluster": "exposed_cluster_9091" + } + } + ] + } + ], + "validateClusters": true + }, + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "exposed_path_route_health1234", + "virtualHosts": [ + { + "name": "exposed_path_route_health1234", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "path": "/health" + }, + "route": { + "cluster": "exposed_cluster_9090" + } + } + ] + } + ], + "validateClusters": true + }, + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "public_listener:port3", + "virtualHosts": [ + { + "name": "public_listener:port3", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "local_app:port3", + "timeout": "9s" + } + } + ] + } + ], + "validateClusters": true + } + ], + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/routes/source/multiport-l4-multiple-workload-addresses-with-specific-ports.golden b/agent/xdsv2/testdata/routes/source/multiport-l4-multiple-workload-addresses-with-specific-ports.golden new file mode 100644 index 000000000000..306f5220e7b9 --- /dev/null +++ b/agent/xdsv2/testdata/routes/source/multiport-l4-multiple-workload-addresses-with-specific-ports.golden @@ -0,0 +1,5 @@ +{ + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/routes/source/multiport-l4-multiple-workload-addresses-without-ports.golden b/agent/xdsv2/testdata/routes/source/multiport-l4-multiple-workload-addresses-without-ports.golden new file mode 100644 index 000000000000..306f5220e7b9 --- /dev/null +++ b/agent/xdsv2/testdata/routes/source/multiport-l4-multiple-workload-addresses-without-ports.golden @@ -0,0 +1,5 @@ +{ + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/routes/source/multiport-l4-workload-with-only-mesh-port.golden b/agent/xdsv2/testdata/routes/source/multiport-l4-workload-with-only-mesh-port.golden new file mode 100644 index 000000000000..306f5220e7b9 --- /dev/null +++ b/agent/xdsv2/testdata/routes/source/multiport-l4-workload-with-only-mesh-port.golden @@ -0,0 +1,5 @@ +{ + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/routes/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden b/agent/xdsv2/testdata/routes/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden new file mode 100644 index 000000000000..3b1a61403ba7 --- /dev/null +++ b/agent/xdsv2/testdata/routes/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden @@ -0,0 +1,53 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "public_listener:admin-port", + "virtualHosts": [ + { + "name": "public_listener:admin-port", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "local_app:admin-port" + } + } + ] + } + ], + "validateClusters": true + }, + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "public_listener:api-port", + "virtualHosts": [ + { + "name": "public_listener:api-port", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "local_app:api-port" + } + } + ] + } + ], + "validateClusters": true + } + ], + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/routes/source/multiport-l7-multiple-workload-addresses-without-ports.golden b/agent/xdsv2/testdata/routes/source/multiport-l7-multiple-workload-addresses-without-ports.golden new file mode 100644 index 000000000000..7f976890c64b --- /dev/null +++ b/agent/xdsv2/testdata/routes/source/multiport-l7-multiple-workload-addresses-without-ports.golden @@ -0,0 +1,76 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "public_listener:admin-port", + "virtualHosts": [ + { + "name": "public_listener:admin-port", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "local_app:admin-port" + } + } + ] + } + ], + "validateClusters": true + }, + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "public_listener:api-port", + "virtualHosts": [ + { + "name": "public_listener:api-port", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "local_app:api-port" + } + } + ] + } + ], + "validateClusters": true + }, + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "public_listener:grpc-port", + "virtualHosts": [ + { + "name": "public_listener:grpc-port", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "local_app:grpc-port" + } + } + ] + } + ], + "validateClusters": true + } + ], + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file diff --git a/api/.copywrite.hcl b/api/.copywrite.hcl new file mode 100644 index 000000000000..34d99ba25e12 --- /dev/null +++ b/api/.copywrite.hcl @@ -0,0 +1,8 @@ +schema_version = 1 + +project { + license = "MPL-2.0" + copyright_year = 2023 + + header_ignore = [] +} diff --git a/api/config_entry.go b/api/config_entry.go index b59c20fd3007..ffc18a85ed5c 100644 --- a/api/config_entry.go +++ b/api/config_entry.go @@ -341,6 +341,7 @@ type InstanceLevelRateLimits struct { RequestsMaxBurst int `alias:"requests_max_burst"` // Routes is a list of rate limits applied to specific routes. + // For a given request, the first matching route will be applied, if any // Overrides any top-level configuration. Routes []InstanceLevelRouteRateLimits } diff --git a/api/config_entry_rate_limit_ip.go b/api/config_entry_rate_limit_ip.go index 8df7d4c98e77..7af2a2658f2e 100644 --- a/api/config_entry_rate_limit_ip.go +++ b/api/config_entry_rate_limit_ip.go @@ -4,8 +4,8 @@ package api type ReadWriteRatesConfig struct { - ReadRate float64 - WriteRate float64 + ReadRate float64 `alias:"read_rate"` + WriteRate float64 `alias:"write_rate"` } type RateLimitIPConfigEntry struct { @@ -16,8 +16,8 @@ type RateLimitIPConfigEntry struct { Meta map[string]string `json:",omitempty"` // overall limits - ReadRate float64 - WriteRate float64 + ReadRate float64 `alias:"read_rate"` + WriteRate float64 `alias:"write_rate"` //limits specific to a type of call ACL *ReadWriteRatesConfig `json:",omitempty"` // OperationCategoryACL OperationCategory = "ACL" diff --git a/api/config_entry_routes.go b/api/config_entry_routes.go index 1918386576cd..bbaa032d50f6 100644 --- a/api/config_entry_routes.go +++ b/api/config_entry_routes.go @@ -222,10 +222,10 @@ type URLRewrite struct { } type RetryFilter struct { - NumRetries *uint32 + NumRetries uint32 RetryOn []string RetryOnStatusCodes []uint32 - RetryOnConnectFailure *bool + RetryOnConnectFailure bool } type TimeoutFilter struct { diff --git a/api/config_entry_routes_test.go b/api/config_entry_routes_test.go index b878612e907e..0a4f8e38b1b8 100644 --- a/api/config_entry_routes_test.go +++ b/api/config_entry_routes_test.go @@ -1,3 +1,6 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + package api import ( diff --git a/api/config_entry_status_test.go b/api/config_entry_status_test.go index 9c6eaf034c32..ec64c8716407 100644 --- a/api/config_entry_status_test.go +++ b/api/config_entry_status_test.go @@ -1,3 +1,6 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + package api import "testing" diff --git a/api/go.mod b/api/go.mod index a9e1b8e353a8..aa6e9a153349 100644 --- a/api/go.mod +++ b/api/go.mod @@ -6,7 +6,7 @@ replace github.com/hashicorp/consul/sdk => ../sdk require ( github.com/google/go-cmp v0.5.9 - github.com/hashicorp/consul/sdk v0.14.1 + github.com/hashicorp/consul/sdk v0.15.0 github.com/hashicorp/go-cleanhttp v0.5.2 github.com/hashicorp/go-hclog v1.5.0 github.com/hashicorp/go-multierror v1.1.1 @@ -39,8 +39,8 @@ require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 // indirect github.com/stretchr/objx v0.5.0 // indirect - golang.org/x/net v0.13.0 // indirect + golang.org/x/net v0.17.0 // indirect golang.org/x/sync v0.2.0 // indirect - golang.org/x/sys v0.11.0 // indirect + golang.org/x/sys v0.13.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/api/go.sum b/api/go.sum index 6411c8af5446..bfc3fb8a11fb 100644 --- a/api/go.sum +++ b/api/go.sum @@ -182,8 +182,8 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= -golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY= -golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -211,8 +211,8 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= -golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= diff --git a/api/internal.go b/api/internal.go index dee161a65eb2..b5f400f4b19b 100644 --- a/api/internal.go +++ b/api/internal.go @@ -1,3 +1,6 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + package api import "context" diff --git a/api/internal_test.go b/api/internal_test.go index ce088f1787d1..ce773d7360f9 100644 --- a/api/internal_test.go +++ b/api/internal_test.go @@ -1,3 +1,6 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + package api import ( diff --git a/api/operator_audit.go b/api/operator_audit.go index b255d67f4e31..5240d38a70d7 100644 --- a/api/operator_audit.go +++ b/api/operator_audit.go @@ -1,5 +1,5 @@ // Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 +// SPDX-License-Identifier: MPL-2.0 // The /v1/operator/audit-hash endpoint is available only in Consul Enterprise and // interact with its audit logging subsystem. diff --git a/build-support/docker/Build-Go.dockerfile b/build-support/docker/Build-Go.dockerfile index c0186842fb76..884bc4894af3 100644 --- a/build-support/docker/Build-Go.dockerfile +++ b/build-support/docker/Build-Go.dockerfile @@ -1,7 +1,7 @@ # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: BUSL-1.1 -ARG GOLANG_VERSION=1.20.8 +ARG GOLANG_VERSION=1.20.10 FROM golang:${GOLANG_VERSION} WORKDIR /consul diff --git a/build-support/docker/Build-UI.dockerfile b/build-support/docker/Build-UI.dockerfile index 9d646fb6ea69..01e8c8254b08 100644 --- a/build-support/docker/Build-UI.dockerfile +++ b/build-support/docker/Build-UI.dockerfile @@ -1,10 +1,11 @@ # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: BUSL-1.1 -FROM docker.mirror.hashicorp.services/circleci/node:16-browsers +FROM docker.mirror.hashicorp.services/node:18-alpine USER root +RUN apk update && apk add make RUN mkdir /consul-src WORKDIR /consul-src CMD make dist-docker diff --git a/build-support/docker/Consul-Dev-Multiarch.dockerfile b/build-support/docker/Consul-Dev-Multiarch.dockerfile index e35a98d5f890..075c5607a722 100644 --- a/build-support/docker/Consul-Dev-Multiarch.dockerfile +++ b/build-support/docker/Consul-Dev-Multiarch.dockerfile @@ -2,7 +2,7 @@ # SPDX-License-Identifier: BUSL-1.1 ARG CONSUL_IMAGE_VERSION=latest -FROM hashicorp/consul:${CONSUL_IMAGE_VERSION} +FROM docker.mirror.hashicorp.services/hashicorp/consul:${CONSUL_IMAGE_VERSION} RUN apk update && apk add iptables ARG TARGETARCH COPY linux_${TARGETARCH}/consul /bin/consul diff --git a/build-support/docker/Consul-Dev.dockerfile b/build-support/docker/Consul-Dev.dockerfile index 12f014969ab5..6586f09bd016 100644 --- a/build-support/docker/Consul-Dev.dockerfile +++ b/build-support/docker/Consul-Dev.dockerfile @@ -2,6 +2,6 @@ # SPDX-License-Identifier: BUSL-1.1 ARG CONSUL_IMAGE_VERSION=latest -FROM hashicorp/consul:${CONSUL_IMAGE_VERSION} +FROM docker.mirror.hashicorp.services/hashicorp/consul:${CONSUL_IMAGE_VERSION} RUN apk update && apk add iptables COPY consul /bin/consul diff --git a/build-support/scripts/copywrite-exceptions.sh b/build-support/scripts/copywrite-exceptions.sh new file mode 100755 index 000000000000..f6ca45626cf2 --- /dev/null +++ b/build-support/scripts/copywrite-exceptions.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +# Used as a stopgap for copywrite bot in MPL-licensed subdirs, detects BUSL licensed +# headers and deletes them, then runs the copywrite bot to utilize local subdir config +# to inject correct headers. + +find . -type f -name '*.go' | while read line; do + if grep "SPDX-License-Identifier: BUSL-1.1" $line; then + sed -i '/SPDX-License-Identifier: BUSL-1.1/d' $line + sed -i '/Copyright (c) HashiCorp, Inc./d' $line + fi +done + +copywrite headers diff --git a/command/acl/role/create/role_create.go b/command/acl/role/create/role_create.go index b93d25548d28..c6bc7330a915 100644 --- a/command/acl/role/create/role_create.go +++ b/command/acl/role/create/role_create.go @@ -94,6 +94,13 @@ func (c *cmd) Run(args []string) int { return 1 } + if len(c.templatedPolicyFile) != 0 && len(c.templatedPolicy) != 0 { + c.UI.Error("Cannot combine the use of templated-policy flag with templated-policy-file. " + + "To create a role with a single templated policy and simple use case, use -templated-policy. " + + "For multiple templated policies and more complicated use cases, use -templated-policy-file") + return 1 + } + client, err := c.http.APIClient() if err != nil { c.UI.Error(fmt.Sprintf("Error connecting to Consul agent: %s", err)) diff --git a/command/acl/role/create/role_create_test.go b/command/acl/role/create/role_create_test.go index 7094a76e6cc7..55aebc13fac2 100644 --- a/command/acl/role/create/role_create_test.go +++ b/command/acl/role/create/role_create_test.go @@ -115,6 +115,22 @@ func TestRoleCreateCommand_Pretty(t *testing.T) { require.Len(t, role.NodeIdentities, 1) }) + + t.Run("prevent templated-policy and templated-policy-file simultaneous use", func(t *testing.T) { + ui := cli.NewMockUi() + cmd := New(ui) + + code := cmd.Run([]string{ + "-http-addr=" + a.HTTPAddr(), + "-token=root", + "-name=role-with-node-identity", + "-templated-policy=builtin/node", + "-var=name:" + a.Config.NodeName, + "-templated-policy-file=test.hcl", + }) + require.Equal(t, 1, code) + require.Contains(t, ui.ErrorWriter.String(), "Cannot combine the use of templated-policy flag with templated-policy-file.") + }) } func TestRoleCreateCommand_JSON(t *testing.T) { diff --git a/command/acl/token/create/token_create.go b/command/acl/token/create/token_create.go index bb6e52416780..b7a7b9eefa67 100644 --- a/command/acl/token/create/token_create.go +++ b/command/acl/token/create/token_create.go @@ -105,6 +105,13 @@ func (c *cmd) Run(args []string) int { return 1 } + if len(c.templatedPolicyFile) != 0 && len(c.templatedPolicy) != 0 { + c.UI.Error("Cannot combine the use of templated-policy flag with templated-policy-file. " + + "To create a token with a single templated policy and simple use case, use -templated-policy. " + + "For multiple templated policies and more complicated use cases, use -templated-policy-file") + return 1 + } + client, err := c.http.APIClient() if err != nil { c.UI.Error(fmt.Sprintf("Error connecting to Consul agent: %s", err)) diff --git a/command/acl/token/create/token_create_test.go b/command/acl/token/create/token_create_test.go index 90471b5a5b2a..55ced9a3d17e 100644 --- a/command/acl/token/create/token_create_test.go +++ b/command/acl/token/create/token_create_test.go @@ -128,6 +128,21 @@ func TestTokenCreateCommand_Pretty(t *testing.T) { require.Equal(t, a.Config.NodeName, nodes[0].Node) }) + t.Run("prevent templated-policy and templated-policy-file simultaneous use", func(t *testing.T) { + ui := cli.NewMockUi() + cmd := New(ui) + + code := cmd.Run(append([]string{ + "-http-addr=" + a.HTTPAddr(), + "-token=root", + "-templated-policy=builtin/node", + "-var=name:" + a.Config.NodeName, + "-templated-policy-file=test.hcl", + }, "-format=json")) + require.Equal(t, 1, code) + require.Contains(t, ui.ErrorWriter.String(), "Cannot combine the use of templated-policy flag with templated-policy-file.") + }) + // create with accessor and secret t.Run("predefined-ids", func(t *testing.T) { token := run(t, []string{ diff --git a/command/connect/envoy/envoy_test.go b/command/connect/envoy/envoy_test.go index 0e61eea1865a..71c75a8f8bfe 100644 --- a/command/connect/envoy/envoy_test.go +++ b/command/connect/envoy/envoy_test.go @@ -137,6 +137,22 @@ type generateConfigTestCase struct { // the logic is. We also allow generating golden files but only for cases that // pass the test of having their template args generated as expected. func TestGenerateConfig(t *testing.T) { + + b, err := os.ReadFile("../../../test/ca/root.cer") + require.NoError(t, err) + + rootPEM := string(b) + rootPEM = strings.Replace(rootPEM, "\n", "\\n", -1) + + b, err = os.ReadFile("../../../test/ca_path/cert1.crt") + require.NoError(t, err) + pathPEM := string(b) + + b, err = os.ReadFile("../../../test/ca_path/cert2.crt") + require.NoError(t, err) + pathPEM += string(b) + pathPEM = strings.Replace(pathPEM, "\n", "\\n", -1) + cases := []generateConfigTestCase{ { Name: "no-args", @@ -499,7 +515,7 @@ func TestGenerateConfig(t *testing.T) { AdminAccessLogPath: "/dev/null", AdminBindAddress: "127.0.0.1", AdminBindPort: "19000", - AgentCAPEM: `-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+gAwIBAgIJAIewRMI8OnvTMA0GCSqGSIb3DQEBBQUAMIGYMQswCQYD\nVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xHDAa\nBgNVBAoTE0hhc2hpQ29ycCBUZXN0IENlcnQxDDAKBgNVBAsTA0RldjEWMBQGA1UE\nAxMNdGVzdC5pbnRlcm5hbDEgMB4GCSqGSIb3DQEJARYRdGVzdEBpbnRlcm5hbC5j\nb20wHhcNMTQwNDA3MTkwMTA4WhcNMjQwNDA0MTkwMTA4WjCBmDELMAkGA1UEBhMC\nVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQK\nExNIYXNoaUNvcnAgVGVzdCBDZXJ0MQwwCgYDVQQLEwNEZXYxFjAUBgNVBAMTDXRl\nc3QuaW50ZXJuYWwxIDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrs6JK4NpiOItxrpNR/1ppUU\nmH7p2BgLCBZ6eHdclle9J56i68adt8J85zaqphCfz6VDP58DsFx+N50PZyjQaDsU\nd0HejRqfHRMtg2O+UQkv4Z66+Vo+gc6uGuANi2xMtSYDVTAqqzF48OOPQDgYkzcG\nxcFZzTRFFZt2vPnyHj8cHcaFo/NMNVh7C3yTXevRGNm9u2mrbxCEeiHzFC2WUnvg\nU2jQuC7Fhnl33Zd3B6d3mQH6O23ncmwxTcPUJe6xZaIRrDuzwUcyhLj5Z3faag/f\npFIIcHSiHRfoqHLGsGg+3swId/zVJSSDHr7pJUu7Cre+vZa63FqDaooqvnisrQID\nAQABo4IBADCB/TAdBgNVHQ4EFgQUo/nrOfqvbee2VklVKIFlyQEbuJUwgc0GA1Ud\nIwSBxTCBwoAUo/nrOfqvbee2VklVKIFlyQEbuJWhgZ6kgZswgZgxCzAJBgNVBAYT\nAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEcMBoGA1UE\nChMTSGFzaGlDb3JwIFRlc3QgQ2VydDEMMAoGA1UECxMDRGV2MRYwFAYDVQQDEw10\nZXN0LmludGVybmFsMSAwHgYJKoZIhvcNAQkBFhF0ZXN0QGludGVybmFsLmNvbYIJ\nAIewRMI8OnvTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADa9fV9h\ngjapBlkNmu64WX0Ufub5dsJrdHS8672P30S7ILB7Mk0W8sL65IezRsZnG898yHf9\n2uzmz5OvNTM9K380g7xFlyobSVq+6yqmmSAlA/ptAcIIZT727P5jig/DB7fzJM3g\njctDlEGOmEe50GQXc25VKpcpjAsNQi5ER5gowQ0v3IXNZs+yU+LvxLHc0rUJ/XSp\nlFCAMOqd5uRoMOejnT51G6krvLNzPaQ3N9jQfNVY4Q0zfs0M+6dRWvqfqB9Vyq8/\nPOLMld+HyAZEBk9zK3ZVIXx6XS4dkDnSNR91njLq7eouf6M7+7s/oMQZZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----\n`, + AgentCAPEM: rootPEM, LocalAgentClusterName: xds.LocalAgentClusterName, PrometheusScrapePath: "/metrics", }, @@ -627,7 +643,7 @@ func TestGenerateConfig(t *testing.T) { AgentPort: "8502", AgentTLS: true, }, - AgentCAPEM: `-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+gAwIBAgIJAIewRMI8OnvTMA0GCSqGSIb3DQEBBQUAMIGYMQswCQYD\nVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xHDAa\nBgNVBAoTE0hhc2hpQ29ycCBUZXN0IENlcnQxDDAKBgNVBAsTA0RldjEWMBQGA1UE\nAxMNdGVzdC5pbnRlcm5hbDEgMB4GCSqGSIb3DQEJARYRdGVzdEBpbnRlcm5hbC5j\nb20wHhcNMTQwNDA3MTkwMTA4WhcNMjQwNDA0MTkwMTA4WjCBmDELMAkGA1UEBhMC\nVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQK\nExNIYXNoaUNvcnAgVGVzdCBDZXJ0MQwwCgYDVQQLEwNEZXYxFjAUBgNVBAMTDXRl\nc3QuaW50ZXJuYWwxIDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrs6JK4NpiOItxrpNR/1ppUU\nmH7p2BgLCBZ6eHdclle9J56i68adt8J85zaqphCfz6VDP58DsFx+N50PZyjQaDsU\nd0HejRqfHRMtg2O+UQkv4Z66+Vo+gc6uGuANi2xMtSYDVTAqqzF48OOPQDgYkzcG\nxcFZzTRFFZt2vPnyHj8cHcaFo/NMNVh7C3yTXevRGNm9u2mrbxCEeiHzFC2WUnvg\nU2jQuC7Fhnl33Zd3B6d3mQH6O23ncmwxTcPUJe6xZaIRrDuzwUcyhLj5Z3faag/f\npFIIcHSiHRfoqHLGsGg+3swId/zVJSSDHr7pJUu7Cre+vZa63FqDaooqvnisrQID\nAQABo4IBADCB/TAdBgNVHQ4EFgQUo/nrOfqvbee2VklVKIFlyQEbuJUwgc0GA1Ud\nIwSBxTCBwoAUo/nrOfqvbee2VklVKIFlyQEbuJWhgZ6kgZswgZgxCzAJBgNVBAYT\nAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEcMBoGA1UE\nChMTSGFzaGlDb3JwIFRlc3QgQ2VydDEMMAoGA1UECxMDRGV2MRYwFAYDVQQDEw10\nZXN0LmludGVybmFsMSAwHgYJKoZIhvcNAQkBFhF0ZXN0QGludGVybmFsLmNvbYIJ\nAIewRMI8OnvTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADa9fV9h\ngjapBlkNmu64WX0Ufub5dsJrdHS8672P30S7ILB7Mk0W8sL65IezRsZnG898yHf9\n2uzmz5OvNTM9K380g7xFlyobSVq+6yqmmSAlA/ptAcIIZT727P5jig/DB7fzJM3g\njctDlEGOmEe50GQXc25VKpcpjAsNQi5ER5gowQ0v3IXNZs+yU+LvxLHc0rUJ/XSp\nlFCAMOqd5uRoMOejnT51G6krvLNzPaQ3N9jQfNVY4Q0zfs0M+6dRWvqfqB9Vyq8/\nPOLMld+HyAZEBk9zK3ZVIXx6XS4dkDnSNR91njLq7eouf6M7+7s/oMQZZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----\n`, + AgentCAPEM: rootPEM, AdminAccessLogPath: "/dev/null", AdminBindAddress: "127.0.0.1", AdminBindPort: "19000", @@ -659,7 +675,7 @@ func TestGenerateConfig(t *testing.T) { AgentPort: "8502", AgentTLS: true, }, - AgentCAPEM: `-----BEGIN CERTIFICATE-----\nMIIFADCCAuqgAwIBAgIBATALBgkqhkiG9w0BAQswEzERMA8GA1UEAxMIQ2VydEF1\ndGgwHhcNMTUwNTExMjI0NjQzWhcNMjUwNTExMjI0NjU0WjATMREwDwYDVQQDEwhD\nZXJ0QXV0aDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALcMByyynHsA\n+K4PJwo5+XHygaEZAhPGvHiKQK2Cbc9NDm0ZTzx0rA/dRTZlvouhDyzcJHm+6R1F\nj6zQv7iaSC3qQtJiPnPsfZ+/0XhFZ3fQWMnfDiGbZpF1kJF01ofB6vnsuocFC0zG\naGC+SZiLAzs+QMP3Bebw1elCBIeoN+8NWnRYmLsYIaYGJGBSbNo/lCpLTuinofUn\nL3ehWEGv1INwpHnSVeN0Ml2GFe23d7PUlj/wNIHgUdpUR+KEJxIP3klwtsI3QpSH\nc4VjWdf4aIcka6K3IFuw+K0PUh3xAAPnMpAQOtCZk0AhF5rlvUbevC6jADxpKxLp\nOONmvCTer4LtyNURAoBH52vbK0r/DNcTpPEFV0IP66nXUFgkk0mRKsu8HTb4IOkC\nX3K4mp18EiWUUtrHZAnNct0iIniDBqKK0yhSNhztG6VakVt/1WdQY9Ey3mNtxN1O\nthqWFKdpKUzPKYC3P6PfVpiE7+VbWTLLXba+8BPe8BxWPsVkjJqGSGnCte4COusz\nM8/7bbTgifwJfsepwFtZG53tvwjWlO46Exl30VoDNTaIGvs1fO0GqJlh2A7FN5F2\nS1rS5VYHtPK8QdmUSvyq+7JDBc1HNT5I2zsIQbNcLwDTZ5EsbU6QR7NHDJKxjv/w\nbs3eTXJSSNcFD74wRU10pXjgE5wOFu9TAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIA\nBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQHazgZ3Puiuc6K2LzgcX5b6fAC\nPzAfBgNVHSMEGDAWgBQHazgZ3Puiuc6K2LzgcX5b6fACPzALBgkqhkiG9w0BAQsD\nggIBAEmeNrSUhpHg1I8dtfqu9hCU/6IZThjtcFA+QcPkkMa+Z1k0SOtsgW8MdlcA\ngCf5g5yQZ0DdpWM9nDB6xDIhQdccm91idHgf8wmpEHUj0an4uyn2ESCt8eqrAWf7\nAClYORCASTYfguJCxcfvwtI1uqaOeCxSOdmFay79UVitVsWeonbCRGsVgBDifJxw\nG2oCQqoYAmXPM4J6syk5GHhB1O9MMq+g1+hOx9s+XHyTui9FL4V+IUO1ygVqEQB5\nPSiRBvcIsajSGVao+vK0gf2XfcXzqr3y3NhBky9rFMp1g+ykb2yWekV4WiROJlCj\nTsWwWZDRyjiGahDbho/XW8JciouHZhJdjhmO31rqW3HdFviCTdXMiGk3GQIzz/Jg\nP+enOaHXoY9lcxzDvY9z1BysWBgNvNrMnVge/fLP9o+a0a0PRIIVl8T0Ef3zeg1O\nCLCSy/1Vae5Tx63ZTFvGFdOSusYkG9rlAUHXZE364JRCKzM9Bz0bM+t+LaO0MaEb\nYoxcXEPU+gB2IvmARpInN3oHexR6ekuYHVTRGdWrdmuHFzc7eFwygRqTFdoCCU+G\nQZEkd+lOEyv0zvQqYg+Jp0AEGz2B2zB53uBVECtn0EqrSdPtRzUBSByXVs6QhSXn\neVmy+z3U3MecP63X6oSPXekqSyZFuegXpNNuHkjNoL4ep2ix\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+gAwIBAgIJAIewRMI8OnvTMA0GCSqGSIb3DQEBBQUAMIGYMQswCQYD\nVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xHDAa\nBgNVBAoTE0hhc2hpQ29ycCBUZXN0IENlcnQxDDAKBgNVBAsTA0RldjEWMBQGA1UE\nAxMNdGVzdC5pbnRlcm5hbDEgMB4GCSqGSIb3DQEJARYRdGVzdEBpbnRlcm5hbC5j\nb20wHhcNMTQwNDA3MTkwMTA4WhcNMjQwNDA0MTkwMTA4WjCBmDELMAkGA1UEBhMC\nVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQK\nExNIYXNoaUNvcnAgVGVzdCBDZXJ0MQwwCgYDVQQLEwNEZXYxFjAUBgNVBAMTDXRl\nc3QuaW50ZXJuYWwxIDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrs6JK4NpiOItxrpNR/1ppUU\nmH7p2BgLCBZ6eHdclle9J56i68adt8J85zaqphCfz6VDP58DsFx+N50PZyjQaDsU\nd0HejRqfHRMtg2O+UQkv4Z66+Vo+gc6uGuANi2xMtSYDVTAqqzF48OOPQDgYkzcG\nxcFZzTRFFZt2vPnyHj8cHcaFo/NMNVh7C3yTXevRGNm9u2mrbxCEeiHzFC2WUnvg\nU2jQuC7Fhnl33Zd3B6d3mQH6O23ncmwxTcPUJe6xZaIRrDuzwUcyhLj5Z3faag/f\npFIIcHSiHRfoqHLGsGg+3swId/zVJSSDHr7pJUu7Cre+vZa63FqDaooqvnisrQID\nAQABo4IBADCB/TAdBgNVHQ4EFgQUo/nrOfqvbee2VklVKIFlyQEbuJUwgc0GA1Ud\nIwSBxTCBwoAUo/nrOfqvbee2VklVKIFlyQEbuJWhgZ6kgZswgZgxCzAJBgNVBAYT\nAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEcMBoGA1UE\nChMTSGFzaGlDb3JwIFRlc3QgQ2VydDEMMAoGA1UECxMDRGV2MRYwFAYDVQQDEw10\nZXN0LmludGVybmFsMSAwHgYJKoZIhvcNAQkBFhF0ZXN0QGludGVybmFsLmNvbYIJ\nAIewRMI8OnvTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADa9fV9h\ngjapBlkNmu64WX0Ufub5dsJrdHS8672P30S7ILB7Mk0W8sL65IezRsZnG898yHf9\n2uzmz5OvNTM9K380g7xFlyobSVq+6yqmmSAlA/ptAcIIZT727P5jig/DB7fzJM3g\njctDlEGOmEe50GQXc25VKpcpjAsNQi5ER5gowQ0v3IXNZs+yU+LvxLHc0rUJ/XSp\nlFCAMOqd5uRoMOejnT51G6krvLNzPaQ3N9jQfNVY4Q0zfs0M+6dRWvqfqB9Vyq8/\nPOLMld+HyAZEBk9zK3ZVIXx6XS4dkDnSNR91njLq7eouf6M7+7s/oMQZZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----\n`, + AgentCAPEM: pathPEM, AdminAccessLogPath: "/dev/null", AdminBindAddress: "127.0.0.1", AdminBindPort: "19000", @@ -919,7 +935,7 @@ func TestGenerateConfig(t *testing.T) { AgentPort: "8502", AgentTLS: true, }, - AgentCAPEM: `-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+gAwIBAgIJAIewRMI8OnvTMA0GCSqGSIb3DQEBBQUAMIGYMQswCQYD\nVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xHDAa\nBgNVBAoTE0hhc2hpQ29ycCBUZXN0IENlcnQxDDAKBgNVBAsTA0RldjEWMBQGA1UE\nAxMNdGVzdC5pbnRlcm5hbDEgMB4GCSqGSIb3DQEJARYRdGVzdEBpbnRlcm5hbC5j\nb20wHhcNMTQwNDA3MTkwMTA4WhcNMjQwNDA0MTkwMTA4WjCBmDELMAkGA1UEBhMC\nVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQK\nExNIYXNoaUNvcnAgVGVzdCBDZXJ0MQwwCgYDVQQLEwNEZXYxFjAUBgNVBAMTDXRl\nc3QuaW50ZXJuYWwxIDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrs6JK4NpiOItxrpNR/1ppUU\nmH7p2BgLCBZ6eHdclle9J56i68adt8J85zaqphCfz6VDP58DsFx+N50PZyjQaDsU\nd0HejRqfHRMtg2O+UQkv4Z66+Vo+gc6uGuANi2xMtSYDVTAqqzF48OOPQDgYkzcG\nxcFZzTRFFZt2vPnyHj8cHcaFo/NMNVh7C3yTXevRGNm9u2mrbxCEeiHzFC2WUnvg\nU2jQuC7Fhnl33Zd3B6d3mQH6O23ncmwxTcPUJe6xZaIRrDuzwUcyhLj5Z3faag/f\npFIIcHSiHRfoqHLGsGg+3swId/zVJSSDHr7pJUu7Cre+vZa63FqDaooqvnisrQID\nAQABo4IBADCB/TAdBgNVHQ4EFgQUo/nrOfqvbee2VklVKIFlyQEbuJUwgc0GA1Ud\nIwSBxTCBwoAUo/nrOfqvbee2VklVKIFlyQEbuJWhgZ6kgZswgZgxCzAJBgNVBAYT\nAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEcMBoGA1UE\nChMTSGFzaGlDb3JwIFRlc3QgQ2VydDEMMAoGA1UECxMDRGV2MRYwFAYDVQQDEw10\nZXN0LmludGVybmFsMSAwHgYJKoZIhvcNAQkBFhF0ZXN0QGludGVybmFsLmNvbYIJ\nAIewRMI8OnvTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADa9fV9h\ngjapBlkNmu64WX0Ufub5dsJrdHS8672P30S7ILB7Mk0W8sL65IezRsZnG898yHf9\n2uzmz5OvNTM9K380g7xFlyobSVq+6yqmmSAlA/ptAcIIZT727P5jig/DB7fzJM3g\njctDlEGOmEe50GQXc25VKpcpjAsNQi5ER5gowQ0v3IXNZs+yU+LvxLHc0rUJ/XSp\nlFCAMOqd5uRoMOejnT51G6krvLNzPaQ3N9jQfNVY4Q0zfs0M+6dRWvqfqB9Vyq8/\nPOLMld+HyAZEBk9zK3ZVIXx6XS4dkDnSNR91njLq7eouf6M7+7s/oMQZZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----\n`, + AgentCAPEM: rootPEM, AdminAccessLogPath: "/dev/null", AdminBindAddress: "127.0.0.1", AdminBindPort: "19000", @@ -976,7 +992,7 @@ func TestGenerateConfig(t *testing.T) { AgentPort: "8502", AgentTLS: true, }, - AgentCAPEM: `-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+gAwIBAgIJAIewRMI8OnvTMA0GCSqGSIb3DQEBBQUAMIGYMQswCQYD\nVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xHDAa\nBgNVBAoTE0hhc2hpQ29ycCBUZXN0IENlcnQxDDAKBgNVBAsTA0RldjEWMBQGA1UE\nAxMNdGVzdC5pbnRlcm5hbDEgMB4GCSqGSIb3DQEJARYRdGVzdEBpbnRlcm5hbC5j\nb20wHhcNMTQwNDA3MTkwMTA4WhcNMjQwNDA0MTkwMTA4WjCBmDELMAkGA1UEBhMC\nVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQK\nExNIYXNoaUNvcnAgVGVzdCBDZXJ0MQwwCgYDVQQLEwNEZXYxFjAUBgNVBAMTDXRl\nc3QuaW50ZXJuYWwxIDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrs6JK4NpiOItxrpNR/1ppUU\nmH7p2BgLCBZ6eHdclle9J56i68adt8J85zaqphCfz6VDP58DsFx+N50PZyjQaDsU\nd0HejRqfHRMtg2O+UQkv4Z66+Vo+gc6uGuANi2xMtSYDVTAqqzF48OOPQDgYkzcG\nxcFZzTRFFZt2vPnyHj8cHcaFo/NMNVh7C3yTXevRGNm9u2mrbxCEeiHzFC2WUnvg\nU2jQuC7Fhnl33Zd3B6d3mQH6O23ncmwxTcPUJe6xZaIRrDuzwUcyhLj5Z3faag/f\npFIIcHSiHRfoqHLGsGg+3swId/zVJSSDHr7pJUu7Cre+vZa63FqDaooqvnisrQID\nAQABo4IBADCB/TAdBgNVHQ4EFgQUo/nrOfqvbee2VklVKIFlyQEbuJUwgc0GA1Ud\nIwSBxTCBwoAUo/nrOfqvbee2VklVKIFlyQEbuJWhgZ6kgZswgZgxCzAJBgNVBAYT\nAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEcMBoGA1UE\nChMTSGFzaGlDb3JwIFRlc3QgQ2VydDEMMAoGA1UECxMDRGV2MRYwFAYDVQQDEw10\nZXN0LmludGVybmFsMSAwHgYJKoZIhvcNAQkBFhF0ZXN0QGludGVybmFsLmNvbYIJ\nAIewRMI8OnvTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADa9fV9h\ngjapBlkNmu64WX0Ufub5dsJrdHS8672P30S7ILB7Mk0W8sL65IezRsZnG898yHf9\n2uzmz5OvNTM9K380g7xFlyobSVq+6yqmmSAlA/ptAcIIZT727P5jig/DB7fzJM3g\njctDlEGOmEe50GQXc25VKpcpjAsNQi5ER5gowQ0v3IXNZs+yU+LvxLHc0rUJ/XSp\nlFCAMOqd5uRoMOejnT51G6krvLNzPaQ3N9jQfNVY4Q0zfs0M+6dRWvqfqB9Vyq8/\nPOLMld+HyAZEBk9zK3ZVIXx6XS4dkDnSNR91njLq7eouf6M7+7s/oMQZZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----\n`, + AgentCAPEM: rootPEM, AdminAccessLogPath: "/dev/null", AdminBindAddress: "127.0.0.1", AdminBindPort: "19000", diff --git a/command/connect/envoy/testdata/CONSUL_GRPC_ADDR-with-https-scheme-enables-tls.golden b/command/connect/envoy/testdata/CONSUL_GRPC_ADDR-with-https-scheme-enables-tls.golden index c8144ac72fa2..d9fd8081c699 100644 --- a/command/connect/envoy/testdata/CONSUL_GRPC_ADDR-with-https-scheme-enables-tls.golden +++ b/command/connect/envoy/testdata/CONSUL_GRPC_ADDR-with-https-scheme-enables-tls.golden @@ -40,7 +40,7 @@ "common_tls_context": { "validation_context": { "trusted_ca": { - "inline_string": "-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+gAwIBAgIJAIewRMI8OnvTMA0GCSqGSIb3DQEBBQUAMIGYMQswCQYD\nVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xHDAa\nBgNVBAoTE0hhc2hpQ29ycCBUZXN0IENlcnQxDDAKBgNVBAsTA0RldjEWMBQGA1UE\nAxMNdGVzdC5pbnRlcm5hbDEgMB4GCSqGSIb3DQEJARYRdGVzdEBpbnRlcm5hbC5j\nb20wHhcNMTQwNDA3MTkwMTA4WhcNMjQwNDA0MTkwMTA4WjCBmDELMAkGA1UEBhMC\nVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQK\nExNIYXNoaUNvcnAgVGVzdCBDZXJ0MQwwCgYDVQQLEwNEZXYxFjAUBgNVBAMTDXRl\nc3QuaW50ZXJuYWwxIDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrs6JK4NpiOItxrpNR/1ppUU\nmH7p2BgLCBZ6eHdclle9J56i68adt8J85zaqphCfz6VDP58DsFx+N50PZyjQaDsU\nd0HejRqfHRMtg2O+UQkv4Z66+Vo+gc6uGuANi2xMtSYDVTAqqzF48OOPQDgYkzcG\nxcFZzTRFFZt2vPnyHj8cHcaFo/NMNVh7C3yTXevRGNm9u2mrbxCEeiHzFC2WUnvg\nU2jQuC7Fhnl33Zd3B6d3mQH6O23ncmwxTcPUJe6xZaIRrDuzwUcyhLj5Z3faag/f\npFIIcHSiHRfoqHLGsGg+3swId/zVJSSDHr7pJUu7Cre+vZa63FqDaooqvnisrQID\nAQABo4IBADCB/TAdBgNVHQ4EFgQUo/nrOfqvbee2VklVKIFlyQEbuJUwgc0GA1Ud\nIwSBxTCBwoAUo/nrOfqvbee2VklVKIFlyQEbuJWhgZ6kgZswgZgxCzAJBgNVBAYT\nAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEcMBoGA1UE\nChMTSGFzaGlDb3JwIFRlc3QgQ2VydDEMMAoGA1UECxMDRGV2MRYwFAYDVQQDEw10\nZXN0LmludGVybmFsMSAwHgYJKoZIhvcNAQkBFhF0ZXN0QGludGVybmFsLmNvbYIJ\nAIewRMI8OnvTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADa9fV9h\ngjapBlkNmu64WX0Ufub5dsJrdHS8672P30S7ILB7Mk0W8sL65IezRsZnG898yHf9\n2uzmz5OvNTM9K380g7xFlyobSVq+6yqmmSAlA/ptAcIIZT727P5jig/DB7fzJM3g\njctDlEGOmEe50GQXc25VKpcpjAsNQi5ER5gowQ0v3IXNZs+yU+LvxLHc0rUJ/XSp\nlFCAMOqd5uRoMOejnT51G6krvLNzPaQ3N9jQfNVY4Q0zfs0M+6dRWvqfqB9Vyq8/\nPOLMld+HyAZEBk9zK3ZVIXx6XS4dkDnSNR91njLq7eouf6M7+7s/oMQZZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----\n" + "inline_string": "-----BEGIN CERTIFICATE-----\nMIIEEzCCAvugAwIBAgIUIYIXKNRBFBPuuOit2D2CfVJAoDAwDQYJKoZIhvcNAQEL\nBQAwgZgxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZy\nYW5jaXNjbzEcMBoGA1UECgwTSGFzaGlDb3JwIFRlc3QgQ2VydDEMMAoGA1UECwwD\nRGV2MRYwFAYDVQQDDA10ZXN0LmludGVybmFsMSAwHgYJKoZIhvcNAQkBFhF0ZXN0\nQGludGVybmFsLmNvbTAeFw0yMzExMDIxNTUwMjlaFw0zMzEwMzAxNTUwMjlaMIGY\nMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lz\nY28xHDAaBgNVBAoME0hhc2hpQ29ycCBUZXN0IENlcnQxDDAKBgNVBAsMA0RldjEW\nMBQGA1UEAwwNdGVzdC5pbnRlcm5hbDEgMB4GCSqGSIb3DQEJARYRdGVzdEBpbnRl\ncm5hbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCIA00iG5Iv\neRzZwf2P1Laih3eoiK2Wl1Re22cz2Pcpf6gb7agPguwU5Hco0DWzsnmek2Qyw9gl\noroX1t7LbTW2rxbK1hP7PkFCwSxi9u8MZDaLF3a79bwbsYZzf3toeoz8DCBxo9bB\nSSACj4uI/S+lUjMctQrK1nFjGoNUHfxioXPwIJH+TS/76TiZPu3Zj6kN6taVFNe3\nISBNXW6Vg8E3koz+9Bwv0a6Ty7oFRoJXpsud1k/83Iy288jhYDuB56+ypUmcCNqG\nT+e0Bn/VXHx26GXTx97cXSLJE+o+JrHZaI1TcQUL2Z5DJZVJRUg/wtcXggoMLVI1\nO0enJm2jdmLXAgMBAAGjUzBRMB0GA1UdDgQWBBTmrmqnZIdFOj6vhCUAJKLZNUDw\nFDAfBgNVHSMEGDAWgBTmrmqnZIdFOj6vhCUAJKLZNUDwFDAPBgNVHRMBAf8EBTAD\nAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB3j6gvalxq54hZSwVmVZPMzjdTVYRC11b0\n6C9pWKsLwu+WINcs59ui8wpYVjcw1AK4/2I1Q7P4RgpSarAxG5tYIMB1xcfFKqBn\nf/dDXexONgwpW6SoBJ58c7OB/aH8CenDT8Vwk3fwjYslOywbFRqBjH+PB8uTlu0e\nD1fzjpcQCrQeA5VD4pjJAaTmi7bLVuH5XIya3++f/N3xOn53GVMUDO1OdFz8ZMvJ\nWrrg7E/wMXB1b5Wo2n2ypVU4sejikSjg2nfdLojUWGMrZ8TuUnjFs88PeQ9CObAp\nA36dLfs4JLF3sVOtqTd6BGwegDsmmllYO5Ky6I+laoLSHpGDEihS\n-----END CERTIFICATE-----\n" } } } diff --git a/command/connect/envoy/testdata/both-CONSUL_HTTP_ADDR-PLAIN-and-CONSUL_GRPC_ADDR-TLS-is-tls.golden b/command/connect/envoy/testdata/both-CONSUL_HTTP_ADDR-PLAIN-and-CONSUL_GRPC_ADDR-TLS-is-tls.golden index c8144ac72fa2..d9fd8081c699 100644 --- a/command/connect/envoy/testdata/both-CONSUL_HTTP_ADDR-PLAIN-and-CONSUL_GRPC_ADDR-TLS-is-tls.golden +++ b/command/connect/envoy/testdata/both-CONSUL_HTTP_ADDR-PLAIN-and-CONSUL_GRPC_ADDR-TLS-is-tls.golden @@ -40,7 +40,7 @@ "common_tls_context": { "validation_context": { "trusted_ca": { - "inline_string": "-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+gAwIBAgIJAIewRMI8OnvTMA0GCSqGSIb3DQEBBQUAMIGYMQswCQYD\nVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xHDAa\nBgNVBAoTE0hhc2hpQ29ycCBUZXN0IENlcnQxDDAKBgNVBAsTA0RldjEWMBQGA1UE\nAxMNdGVzdC5pbnRlcm5hbDEgMB4GCSqGSIb3DQEJARYRdGVzdEBpbnRlcm5hbC5j\nb20wHhcNMTQwNDA3MTkwMTA4WhcNMjQwNDA0MTkwMTA4WjCBmDELMAkGA1UEBhMC\nVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQK\nExNIYXNoaUNvcnAgVGVzdCBDZXJ0MQwwCgYDVQQLEwNEZXYxFjAUBgNVBAMTDXRl\nc3QuaW50ZXJuYWwxIDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrs6JK4NpiOItxrpNR/1ppUU\nmH7p2BgLCBZ6eHdclle9J56i68adt8J85zaqphCfz6VDP58DsFx+N50PZyjQaDsU\nd0HejRqfHRMtg2O+UQkv4Z66+Vo+gc6uGuANi2xMtSYDVTAqqzF48OOPQDgYkzcG\nxcFZzTRFFZt2vPnyHj8cHcaFo/NMNVh7C3yTXevRGNm9u2mrbxCEeiHzFC2WUnvg\nU2jQuC7Fhnl33Zd3B6d3mQH6O23ncmwxTcPUJe6xZaIRrDuzwUcyhLj5Z3faag/f\npFIIcHSiHRfoqHLGsGg+3swId/zVJSSDHr7pJUu7Cre+vZa63FqDaooqvnisrQID\nAQABo4IBADCB/TAdBgNVHQ4EFgQUo/nrOfqvbee2VklVKIFlyQEbuJUwgc0GA1Ud\nIwSBxTCBwoAUo/nrOfqvbee2VklVKIFlyQEbuJWhgZ6kgZswgZgxCzAJBgNVBAYT\nAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEcMBoGA1UE\nChMTSGFzaGlDb3JwIFRlc3QgQ2VydDEMMAoGA1UECxMDRGV2MRYwFAYDVQQDEw10\nZXN0LmludGVybmFsMSAwHgYJKoZIhvcNAQkBFhF0ZXN0QGludGVybmFsLmNvbYIJ\nAIewRMI8OnvTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADa9fV9h\ngjapBlkNmu64WX0Ufub5dsJrdHS8672P30S7ILB7Mk0W8sL65IezRsZnG898yHf9\n2uzmz5OvNTM9K380g7xFlyobSVq+6yqmmSAlA/ptAcIIZT727P5jig/DB7fzJM3g\njctDlEGOmEe50GQXc25VKpcpjAsNQi5ER5gowQ0v3IXNZs+yU+LvxLHc0rUJ/XSp\nlFCAMOqd5uRoMOejnT51G6krvLNzPaQ3N9jQfNVY4Q0zfs0M+6dRWvqfqB9Vyq8/\nPOLMld+HyAZEBk9zK3ZVIXx6XS4dkDnSNR91njLq7eouf6M7+7s/oMQZZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----\n" + "inline_string": "-----BEGIN CERTIFICATE-----\nMIIEEzCCAvugAwIBAgIUIYIXKNRBFBPuuOit2D2CfVJAoDAwDQYJKoZIhvcNAQEL\nBQAwgZgxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZy\nYW5jaXNjbzEcMBoGA1UECgwTSGFzaGlDb3JwIFRlc3QgQ2VydDEMMAoGA1UECwwD\nRGV2MRYwFAYDVQQDDA10ZXN0LmludGVybmFsMSAwHgYJKoZIhvcNAQkBFhF0ZXN0\nQGludGVybmFsLmNvbTAeFw0yMzExMDIxNTUwMjlaFw0zMzEwMzAxNTUwMjlaMIGY\nMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lz\nY28xHDAaBgNVBAoME0hhc2hpQ29ycCBUZXN0IENlcnQxDDAKBgNVBAsMA0RldjEW\nMBQGA1UEAwwNdGVzdC5pbnRlcm5hbDEgMB4GCSqGSIb3DQEJARYRdGVzdEBpbnRl\ncm5hbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCIA00iG5Iv\neRzZwf2P1Laih3eoiK2Wl1Re22cz2Pcpf6gb7agPguwU5Hco0DWzsnmek2Qyw9gl\noroX1t7LbTW2rxbK1hP7PkFCwSxi9u8MZDaLF3a79bwbsYZzf3toeoz8DCBxo9bB\nSSACj4uI/S+lUjMctQrK1nFjGoNUHfxioXPwIJH+TS/76TiZPu3Zj6kN6taVFNe3\nISBNXW6Vg8E3koz+9Bwv0a6Ty7oFRoJXpsud1k/83Iy288jhYDuB56+ypUmcCNqG\nT+e0Bn/VXHx26GXTx97cXSLJE+o+JrHZaI1TcQUL2Z5DJZVJRUg/wtcXggoMLVI1\nO0enJm2jdmLXAgMBAAGjUzBRMB0GA1UdDgQWBBTmrmqnZIdFOj6vhCUAJKLZNUDw\nFDAfBgNVHSMEGDAWgBTmrmqnZIdFOj6vhCUAJKLZNUDwFDAPBgNVHRMBAf8EBTAD\nAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB3j6gvalxq54hZSwVmVZPMzjdTVYRC11b0\n6C9pWKsLwu+WINcs59ui8wpYVjcw1AK4/2I1Q7P4RgpSarAxG5tYIMB1xcfFKqBn\nf/dDXexONgwpW6SoBJ58c7OB/aH8CenDT8Vwk3fwjYslOywbFRqBjH+PB8uTlu0e\nD1fzjpcQCrQeA5VD4pjJAaTmi7bLVuH5XIya3++f/N3xOn53GVMUDO1OdFz8ZMvJ\nWrrg7E/wMXB1b5Wo2n2ypVU4sejikSjg2nfdLojUWGMrZ8TuUnjFs88PeQ9CObAp\nA36dLfs4JLF3sVOtqTd6BGwegDsmmllYO5Ky6I+laoLSHpGDEihS\n-----END CERTIFICATE-----\n" } } } diff --git a/command/connect/envoy/testdata/existing-ca-file.golden b/command/connect/envoy/testdata/existing-ca-file.golden index c8144ac72fa2..d9fd8081c699 100644 --- a/command/connect/envoy/testdata/existing-ca-file.golden +++ b/command/connect/envoy/testdata/existing-ca-file.golden @@ -40,7 +40,7 @@ "common_tls_context": { "validation_context": { "trusted_ca": { - "inline_string": "-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+gAwIBAgIJAIewRMI8OnvTMA0GCSqGSIb3DQEBBQUAMIGYMQswCQYD\nVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xHDAa\nBgNVBAoTE0hhc2hpQ29ycCBUZXN0IENlcnQxDDAKBgNVBAsTA0RldjEWMBQGA1UE\nAxMNdGVzdC5pbnRlcm5hbDEgMB4GCSqGSIb3DQEJARYRdGVzdEBpbnRlcm5hbC5j\nb20wHhcNMTQwNDA3MTkwMTA4WhcNMjQwNDA0MTkwMTA4WjCBmDELMAkGA1UEBhMC\nVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQK\nExNIYXNoaUNvcnAgVGVzdCBDZXJ0MQwwCgYDVQQLEwNEZXYxFjAUBgNVBAMTDXRl\nc3QuaW50ZXJuYWwxIDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrs6JK4NpiOItxrpNR/1ppUU\nmH7p2BgLCBZ6eHdclle9J56i68adt8J85zaqphCfz6VDP58DsFx+N50PZyjQaDsU\nd0HejRqfHRMtg2O+UQkv4Z66+Vo+gc6uGuANi2xMtSYDVTAqqzF48OOPQDgYkzcG\nxcFZzTRFFZt2vPnyHj8cHcaFo/NMNVh7C3yTXevRGNm9u2mrbxCEeiHzFC2WUnvg\nU2jQuC7Fhnl33Zd3B6d3mQH6O23ncmwxTcPUJe6xZaIRrDuzwUcyhLj5Z3faag/f\npFIIcHSiHRfoqHLGsGg+3swId/zVJSSDHr7pJUu7Cre+vZa63FqDaooqvnisrQID\nAQABo4IBADCB/TAdBgNVHQ4EFgQUo/nrOfqvbee2VklVKIFlyQEbuJUwgc0GA1Ud\nIwSBxTCBwoAUo/nrOfqvbee2VklVKIFlyQEbuJWhgZ6kgZswgZgxCzAJBgNVBAYT\nAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEcMBoGA1UE\nChMTSGFzaGlDb3JwIFRlc3QgQ2VydDEMMAoGA1UECxMDRGV2MRYwFAYDVQQDEw10\nZXN0LmludGVybmFsMSAwHgYJKoZIhvcNAQkBFhF0ZXN0QGludGVybmFsLmNvbYIJ\nAIewRMI8OnvTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADa9fV9h\ngjapBlkNmu64WX0Ufub5dsJrdHS8672P30S7ILB7Mk0W8sL65IezRsZnG898yHf9\n2uzmz5OvNTM9K380g7xFlyobSVq+6yqmmSAlA/ptAcIIZT727P5jig/DB7fzJM3g\njctDlEGOmEe50GQXc25VKpcpjAsNQi5ER5gowQ0v3IXNZs+yU+LvxLHc0rUJ/XSp\nlFCAMOqd5uRoMOejnT51G6krvLNzPaQ3N9jQfNVY4Q0zfs0M+6dRWvqfqB9Vyq8/\nPOLMld+HyAZEBk9zK3ZVIXx6XS4dkDnSNR91njLq7eouf6M7+7s/oMQZZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----\n" + "inline_string": "-----BEGIN CERTIFICATE-----\nMIIEEzCCAvugAwIBAgIUIYIXKNRBFBPuuOit2D2CfVJAoDAwDQYJKoZIhvcNAQEL\nBQAwgZgxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZy\nYW5jaXNjbzEcMBoGA1UECgwTSGFzaGlDb3JwIFRlc3QgQ2VydDEMMAoGA1UECwwD\nRGV2MRYwFAYDVQQDDA10ZXN0LmludGVybmFsMSAwHgYJKoZIhvcNAQkBFhF0ZXN0\nQGludGVybmFsLmNvbTAeFw0yMzExMDIxNTUwMjlaFw0zMzEwMzAxNTUwMjlaMIGY\nMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lz\nY28xHDAaBgNVBAoME0hhc2hpQ29ycCBUZXN0IENlcnQxDDAKBgNVBAsMA0RldjEW\nMBQGA1UEAwwNdGVzdC5pbnRlcm5hbDEgMB4GCSqGSIb3DQEJARYRdGVzdEBpbnRl\ncm5hbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCIA00iG5Iv\neRzZwf2P1Laih3eoiK2Wl1Re22cz2Pcpf6gb7agPguwU5Hco0DWzsnmek2Qyw9gl\noroX1t7LbTW2rxbK1hP7PkFCwSxi9u8MZDaLF3a79bwbsYZzf3toeoz8DCBxo9bB\nSSACj4uI/S+lUjMctQrK1nFjGoNUHfxioXPwIJH+TS/76TiZPu3Zj6kN6taVFNe3\nISBNXW6Vg8E3koz+9Bwv0a6Ty7oFRoJXpsud1k/83Iy288jhYDuB56+ypUmcCNqG\nT+e0Bn/VXHx26GXTx97cXSLJE+o+JrHZaI1TcQUL2Z5DJZVJRUg/wtcXggoMLVI1\nO0enJm2jdmLXAgMBAAGjUzBRMB0GA1UdDgQWBBTmrmqnZIdFOj6vhCUAJKLZNUDw\nFDAfBgNVHSMEGDAWgBTmrmqnZIdFOj6vhCUAJKLZNUDwFDAPBgNVHRMBAf8EBTAD\nAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB3j6gvalxq54hZSwVmVZPMzjdTVYRC11b0\n6C9pWKsLwu+WINcs59ui8wpYVjcw1AK4/2I1Q7P4RgpSarAxG5tYIMB1xcfFKqBn\nf/dDXexONgwpW6SoBJ58c7OB/aH8CenDT8Vwk3fwjYslOywbFRqBjH+PB8uTlu0e\nD1fzjpcQCrQeA5VD4pjJAaTmi7bLVuH5XIya3++f/N3xOn53GVMUDO1OdFz8ZMvJ\nWrrg7E/wMXB1b5Wo2n2ypVU4sejikSjg2nfdLojUWGMrZ8TuUnjFs88PeQ9CObAp\nA36dLfs4JLF3sVOtqTd6BGwegDsmmllYO5Ky6I+laoLSHpGDEihS\n-----END CERTIFICATE-----\n" } } } diff --git a/command/connect/envoy/testdata/existing-ca-path.golden b/command/connect/envoy/testdata/existing-ca-path.golden index c0566ab351d7..16f233e1b891 100644 --- a/command/connect/envoy/testdata/existing-ca-path.golden +++ b/command/connect/envoy/testdata/existing-ca-path.golden @@ -40,7 +40,7 @@ "common_tls_context": { "validation_context": { "trusted_ca": { - "inline_string": "-----BEGIN CERTIFICATE-----\nMIIFADCCAuqgAwIBAgIBATALBgkqhkiG9w0BAQswEzERMA8GA1UEAxMIQ2VydEF1\ndGgwHhcNMTUwNTExMjI0NjQzWhcNMjUwNTExMjI0NjU0WjATMREwDwYDVQQDEwhD\nZXJ0QXV0aDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALcMByyynHsA\n+K4PJwo5+XHygaEZAhPGvHiKQK2Cbc9NDm0ZTzx0rA/dRTZlvouhDyzcJHm+6R1F\nj6zQv7iaSC3qQtJiPnPsfZ+/0XhFZ3fQWMnfDiGbZpF1kJF01ofB6vnsuocFC0zG\naGC+SZiLAzs+QMP3Bebw1elCBIeoN+8NWnRYmLsYIaYGJGBSbNo/lCpLTuinofUn\nL3ehWEGv1INwpHnSVeN0Ml2GFe23d7PUlj/wNIHgUdpUR+KEJxIP3klwtsI3QpSH\nc4VjWdf4aIcka6K3IFuw+K0PUh3xAAPnMpAQOtCZk0AhF5rlvUbevC6jADxpKxLp\nOONmvCTer4LtyNURAoBH52vbK0r/DNcTpPEFV0IP66nXUFgkk0mRKsu8HTb4IOkC\nX3K4mp18EiWUUtrHZAnNct0iIniDBqKK0yhSNhztG6VakVt/1WdQY9Ey3mNtxN1O\nthqWFKdpKUzPKYC3P6PfVpiE7+VbWTLLXba+8BPe8BxWPsVkjJqGSGnCte4COusz\nM8/7bbTgifwJfsepwFtZG53tvwjWlO46Exl30VoDNTaIGvs1fO0GqJlh2A7FN5F2\nS1rS5VYHtPK8QdmUSvyq+7JDBc1HNT5I2zsIQbNcLwDTZ5EsbU6QR7NHDJKxjv/w\nbs3eTXJSSNcFD74wRU10pXjgE5wOFu9TAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIA\nBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQHazgZ3Puiuc6K2LzgcX5b6fAC\nPzAfBgNVHSMEGDAWgBQHazgZ3Puiuc6K2LzgcX5b6fACPzALBgkqhkiG9w0BAQsD\nggIBAEmeNrSUhpHg1I8dtfqu9hCU/6IZThjtcFA+QcPkkMa+Z1k0SOtsgW8MdlcA\ngCf5g5yQZ0DdpWM9nDB6xDIhQdccm91idHgf8wmpEHUj0an4uyn2ESCt8eqrAWf7\nAClYORCASTYfguJCxcfvwtI1uqaOeCxSOdmFay79UVitVsWeonbCRGsVgBDifJxw\nG2oCQqoYAmXPM4J6syk5GHhB1O9MMq+g1+hOx9s+XHyTui9FL4V+IUO1ygVqEQB5\nPSiRBvcIsajSGVao+vK0gf2XfcXzqr3y3NhBky9rFMp1g+ykb2yWekV4WiROJlCj\nTsWwWZDRyjiGahDbho/XW8JciouHZhJdjhmO31rqW3HdFviCTdXMiGk3GQIzz/Jg\nP+enOaHXoY9lcxzDvY9z1BysWBgNvNrMnVge/fLP9o+a0a0PRIIVl8T0Ef3zeg1O\nCLCSy/1Vae5Tx63ZTFvGFdOSusYkG9rlAUHXZE364JRCKzM9Bz0bM+t+LaO0MaEb\nYoxcXEPU+gB2IvmARpInN3oHexR6ekuYHVTRGdWrdmuHFzc7eFwygRqTFdoCCU+G\nQZEkd+lOEyv0zvQqYg+Jp0AEGz2B2zB53uBVECtn0EqrSdPtRzUBSByXVs6QhSXn\neVmy+z3U3MecP63X6oSPXekqSyZFuegXpNNuHkjNoL4ep2ix\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+gAwIBAgIJAIewRMI8OnvTMA0GCSqGSIb3DQEBBQUAMIGYMQswCQYD\nVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xHDAa\nBgNVBAoTE0hhc2hpQ29ycCBUZXN0IENlcnQxDDAKBgNVBAsTA0RldjEWMBQGA1UE\nAxMNdGVzdC5pbnRlcm5hbDEgMB4GCSqGSIb3DQEJARYRdGVzdEBpbnRlcm5hbC5j\nb20wHhcNMTQwNDA3MTkwMTA4WhcNMjQwNDA0MTkwMTA4WjCBmDELMAkGA1UEBhMC\nVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQK\nExNIYXNoaUNvcnAgVGVzdCBDZXJ0MQwwCgYDVQQLEwNEZXYxFjAUBgNVBAMTDXRl\nc3QuaW50ZXJuYWwxIDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrs6JK4NpiOItxrpNR/1ppUU\nmH7p2BgLCBZ6eHdclle9J56i68adt8J85zaqphCfz6VDP58DsFx+N50PZyjQaDsU\nd0HejRqfHRMtg2O+UQkv4Z66+Vo+gc6uGuANi2xMtSYDVTAqqzF48OOPQDgYkzcG\nxcFZzTRFFZt2vPnyHj8cHcaFo/NMNVh7C3yTXevRGNm9u2mrbxCEeiHzFC2WUnvg\nU2jQuC7Fhnl33Zd3B6d3mQH6O23ncmwxTcPUJe6xZaIRrDuzwUcyhLj5Z3faag/f\npFIIcHSiHRfoqHLGsGg+3swId/zVJSSDHr7pJUu7Cre+vZa63FqDaooqvnisrQID\nAQABo4IBADCB/TAdBgNVHQ4EFgQUo/nrOfqvbee2VklVKIFlyQEbuJUwgc0GA1Ud\nIwSBxTCBwoAUo/nrOfqvbee2VklVKIFlyQEbuJWhgZ6kgZswgZgxCzAJBgNVBAYT\nAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEcMBoGA1UE\nChMTSGFzaGlDb3JwIFRlc3QgQ2VydDEMMAoGA1UECxMDRGV2MRYwFAYDVQQDEw10\nZXN0LmludGVybmFsMSAwHgYJKoZIhvcNAQkBFhF0ZXN0QGludGVybmFsLmNvbYIJ\nAIewRMI8OnvTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADa9fV9h\ngjapBlkNmu64WX0Ufub5dsJrdHS8672P30S7ILB7Mk0W8sL65IezRsZnG898yHf9\n2uzmz5OvNTM9K380g7xFlyobSVq+6yqmmSAlA/ptAcIIZT727P5jig/DB7fzJM3g\njctDlEGOmEe50GQXc25VKpcpjAsNQi5ER5gowQ0v3IXNZs+yU+LvxLHc0rUJ/XSp\nlFCAMOqd5uRoMOejnT51G6krvLNzPaQ3N9jQfNVY4Q0zfs0M+6dRWvqfqB9Vyq8/\nPOLMld+HyAZEBk9zK3ZVIXx6XS4dkDnSNR91njLq7eouf6M7+7s/oMQZZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----\n" + "inline_string": "-----BEGIN CERTIFICATE-----\nMIIFADCCAuqgAwIBAgIBATALBgkqhkiG9w0BAQswEzERMA8GA1UEAxMIQ2VydEF1\ndGgwHhcNMTUwNTExMjI0NjQzWhcNMjUwNTExMjI0NjU0WjATMREwDwYDVQQDEwhD\nZXJ0QXV0aDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALcMByyynHsA\n+K4PJwo5+XHygaEZAhPGvHiKQK2Cbc9NDm0ZTzx0rA/dRTZlvouhDyzcJHm+6R1F\nj6zQv7iaSC3qQtJiPnPsfZ+/0XhFZ3fQWMnfDiGbZpF1kJF01ofB6vnsuocFC0zG\naGC+SZiLAzs+QMP3Bebw1elCBIeoN+8NWnRYmLsYIaYGJGBSbNo/lCpLTuinofUn\nL3ehWEGv1INwpHnSVeN0Ml2GFe23d7PUlj/wNIHgUdpUR+KEJxIP3klwtsI3QpSH\nc4VjWdf4aIcka6K3IFuw+K0PUh3xAAPnMpAQOtCZk0AhF5rlvUbevC6jADxpKxLp\nOONmvCTer4LtyNURAoBH52vbK0r/DNcTpPEFV0IP66nXUFgkk0mRKsu8HTb4IOkC\nX3K4mp18EiWUUtrHZAnNct0iIniDBqKK0yhSNhztG6VakVt/1WdQY9Ey3mNtxN1O\nthqWFKdpKUzPKYC3P6PfVpiE7+VbWTLLXba+8BPe8BxWPsVkjJqGSGnCte4COusz\nM8/7bbTgifwJfsepwFtZG53tvwjWlO46Exl30VoDNTaIGvs1fO0GqJlh2A7FN5F2\nS1rS5VYHtPK8QdmUSvyq+7JDBc1HNT5I2zsIQbNcLwDTZ5EsbU6QR7NHDJKxjv/w\nbs3eTXJSSNcFD74wRU10pXjgE5wOFu9TAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIA\nBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQHazgZ3Puiuc6K2LzgcX5b6fAC\nPzAfBgNVHSMEGDAWgBQHazgZ3Puiuc6K2LzgcX5b6fACPzALBgkqhkiG9w0BAQsD\nggIBAEmeNrSUhpHg1I8dtfqu9hCU/6IZThjtcFA+QcPkkMa+Z1k0SOtsgW8MdlcA\ngCf5g5yQZ0DdpWM9nDB6xDIhQdccm91idHgf8wmpEHUj0an4uyn2ESCt8eqrAWf7\nAClYORCASTYfguJCxcfvwtI1uqaOeCxSOdmFay79UVitVsWeonbCRGsVgBDifJxw\nG2oCQqoYAmXPM4J6syk5GHhB1O9MMq+g1+hOx9s+XHyTui9FL4V+IUO1ygVqEQB5\nPSiRBvcIsajSGVao+vK0gf2XfcXzqr3y3NhBky9rFMp1g+ykb2yWekV4WiROJlCj\nTsWwWZDRyjiGahDbho/XW8JciouHZhJdjhmO31rqW3HdFviCTdXMiGk3GQIzz/Jg\nP+enOaHXoY9lcxzDvY9z1BysWBgNvNrMnVge/fLP9o+a0a0PRIIVl8T0Ef3zeg1O\nCLCSy/1Vae5Tx63ZTFvGFdOSusYkG9rlAUHXZE364JRCKzM9Bz0bM+t+LaO0MaEb\nYoxcXEPU+gB2IvmARpInN3oHexR6ekuYHVTRGdWrdmuHFzc7eFwygRqTFdoCCU+G\nQZEkd+lOEyv0zvQqYg+Jp0AEGz2B2zB53uBVECtn0EqrSdPtRzUBSByXVs6QhSXn\neVmy+z3U3MecP63X6oSPXekqSyZFuegXpNNuHkjNoL4ep2ix\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+gAwIBAgIJAIewRMI8OnvTMA0GCSqGSIb3DQEBBQUAMIGYMQswCQYD\nVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xHDAa\nBgNVBAoTE0hhc2hpQ29ycCBUZXN0IENlcnQxDDAKBgNVBAsTA0RldjEWMBQGA1UE\nAxMNdGVzdC5pbnRlcm5hbDEgMB4GCSqGSIb3DQEJARYRdGVzdEBpbnRlcm5hbC5j\nb20wHhcNMTQwNDA3MTkwMTA4WhcNMjQwNDA0MTkwMTA4WjCBmDELMAkGA1UEBhMC\nVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQK\nExNIYXNoaUNvcnAgVGVzdCBDZXJ0MQwwCgYDVQQLEwNEZXYxFjAUBgNVBAMTDXRl\nc3QuaW50ZXJuYWwxIDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrs6JK4NpiOItxrpNR/1ppUU\nmH7p2BgLCBZ6eHdclle9J56i68adt8J85zaqphCfz6VDP58DsFx+N50PZyjQaDsU\nd0HejRqfHRMtg2O+UQkv4Z66+Vo+gc6uGuANi2xMtSYDVTAqqzF48OOPQDgYkzcG\nxcFZzTRFFZt2vPnyHj8cHcaFo/NMNVh7C3yTXevRGNm9u2mrbxCEeiHzFC2WUnvg\nU2jQuC7Fhnl33Zd3B6d3mQH6O23ncmwxTcPUJe6xZaIRrDuzwUcyhLj5Z3faag/f\npFIIcHSiHRfoqHLGsGg+3swId/zVJSSDHr7pJUu7Cre+vZa63FqDaooqvnisrQID\nAQABo4IBADCB/TAdBgNVHQ4EFgQUo/nrOfqvbee2VklVKIFlyQEbuJUwgc0GA1Ud\nIwSBxTCBwoAUo/nrOfqvbee2VklVKIFlyQEbuJWhgZ6kgZswgZgxCzAJBgNVBAYT\nAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEcMBoGA1UE\nChMTSGFzaGlDb3JwIFRlc3QgQ2VydDEMMAoGA1UECxMDRGV2MRYwFAYDVQQDEw10\nZXN0LmludGVybmFsMSAwHgYJKoZIhvcNAQkBFhF0ZXN0QGludGVybmFsLmNvbYIJ\nAIewRMI8OnvTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADa9fV9h\ngjapBlkNmu64WX0Ufub5dsJrdHS8672P30S7ILB7Mk0W8sL65IezRsZnG898yHf9\n2uzmz5OvNTM9K380g7xFlyobSVq+6yqmmSAlA/ptAcIIZT727P5jig/DB7fzJM3g\njctDlEGOmEe50GQXc25VKpcpjAsNQi5ER5gowQ0v3IXNZs+yU+LvxLHc0rUJ/XSp\nlFCAMOqd5uRoMOejnT51G6krvLNzPaQ3N9jQfNVY4Q0zfs0M+6dRWvqfqB9Vyq8/\nPOLMld+HyAZEBk9zK3ZVIXx6XS4dkDnSNR91njLq7eouf6M7+7s/oMQZZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----" } } } diff --git a/command/connect/envoy/testdata/grpc-addr-unix-with-tls.golden b/command/connect/envoy/testdata/grpc-addr-unix-with-tls.golden index 2b902d48d476..d05a4666995d 100644 --- a/command/connect/envoy/testdata/grpc-addr-unix-with-tls.golden +++ b/command/connect/envoy/testdata/grpc-addr-unix-with-tls.golden @@ -40,7 +40,7 @@ "common_tls_context": { "validation_context": { "trusted_ca": { - "inline_string": "-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+gAwIBAgIJAIewRMI8OnvTMA0GCSqGSIb3DQEBBQUAMIGYMQswCQYD\nVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xHDAa\nBgNVBAoTE0hhc2hpQ29ycCBUZXN0IENlcnQxDDAKBgNVBAsTA0RldjEWMBQGA1UE\nAxMNdGVzdC5pbnRlcm5hbDEgMB4GCSqGSIb3DQEJARYRdGVzdEBpbnRlcm5hbC5j\nb20wHhcNMTQwNDA3MTkwMTA4WhcNMjQwNDA0MTkwMTA4WjCBmDELMAkGA1UEBhMC\nVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQK\nExNIYXNoaUNvcnAgVGVzdCBDZXJ0MQwwCgYDVQQLEwNEZXYxFjAUBgNVBAMTDXRl\nc3QuaW50ZXJuYWwxIDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrs6JK4NpiOItxrpNR/1ppUU\nmH7p2BgLCBZ6eHdclle9J56i68adt8J85zaqphCfz6VDP58DsFx+N50PZyjQaDsU\nd0HejRqfHRMtg2O+UQkv4Z66+Vo+gc6uGuANi2xMtSYDVTAqqzF48OOPQDgYkzcG\nxcFZzTRFFZt2vPnyHj8cHcaFo/NMNVh7C3yTXevRGNm9u2mrbxCEeiHzFC2WUnvg\nU2jQuC7Fhnl33Zd3B6d3mQH6O23ncmwxTcPUJe6xZaIRrDuzwUcyhLj5Z3faag/f\npFIIcHSiHRfoqHLGsGg+3swId/zVJSSDHr7pJUu7Cre+vZa63FqDaooqvnisrQID\nAQABo4IBADCB/TAdBgNVHQ4EFgQUo/nrOfqvbee2VklVKIFlyQEbuJUwgc0GA1Ud\nIwSBxTCBwoAUo/nrOfqvbee2VklVKIFlyQEbuJWhgZ6kgZswgZgxCzAJBgNVBAYT\nAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEcMBoGA1UE\nChMTSGFzaGlDb3JwIFRlc3QgQ2VydDEMMAoGA1UECxMDRGV2MRYwFAYDVQQDEw10\nZXN0LmludGVybmFsMSAwHgYJKoZIhvcNAQkBFhF0ZXN0QGludGVybmFsLmNvbYIJ\nAIewRMI8OnvTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADa9fV9h\ngjapBlkNmu64WX0Ufub5dsJrdHS8672P30S7ILB7Mk0W8sL65IezRsZnG898yHf9\n2uzmz5OvNTM9K380g7xFlyobSVq+6yqmmSAlA/ptAcIIZT727P5jig/DB7fzJM3g\njctDlEGOmEe50GQXc25VKpcpjAsNQi5ER5gowQ0v3IXNZs+yU+LvxLHc0rUJ/XSp\nlFCAMOqd5uRoMOejnT51G6krvLNzPaQ3N9jQfNVY4Q0zfs0M+6dRWvqfqB9Vyq8/\nPOLMld+HyAZEBk9zK3ZVIXx6XS4dkDnSNR91njLq7eouf6M7+7s/oMQZZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----\n" + "inline_string": "-----BEGIN CERTIFICATE-----\nMIIEEzCCAvugAwIBAgIUIYIXKNRBFBPuuOit2D2CfVJAoDAwDQYJKoZIhvcNAQEL\nBQAwgZgxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZy\nYW5jaXNjbzEcMBoGA1UECgwTSGFzaGlDb3JwIFRlc3QgQ2VydDEMMAoGA1UECwwD\nRGV2MRYwFAYDVQQDDA10ZXN0LmludGVybmFsMSAwHgYJKoZIhvcNAQkBFhF0ZXN0\nQGludGVybmFsLmNvbTAeFw0yMzExMDIxNTUwMjlaFw0zMzEwMzAxNTUwMjlaMIGY\nMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lz\nY28xHDAaBgNVBAoME0hhc2hpQ29ycCBUZXN0IENlcnQxDDAKBgNVBAsMA0RldjEW\nMBQGA1UEAwwNdGVzdC5pbnRlcm5hbDEgMB4GCSqGSIb3DQEJARYRdGVzdEBpbnRl\ncm5hbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCIA00iG5Iv\neRzZwf2P1Laih3eoiK2Wl1Re22cz2Pcpf6gb7agPguwU5Hco0DWzsnmek2Qyw9gl\noroX1t7LbTW2rxbK1hP7PkFCwSxi9u8MZDaLF3a79bwbsYZzf3toeoz8DCBxo9bB\nSSACj4uI/S+lUjMctQrK1nFjGoNUHfxioXPwIJH+TS/76TiZPu3Zj6kN6taVFNe3\nISBNXW6Vg8E3koz+9Bwv0a6Ty7oFRoJXpsud1k/83Iy288jhYDuB56+ypUmcCNqG\nT+e0Bn/VXHx26GXTx97cXSLJE+o+JrHZaI1TcQUL2Z5DJZVJRUg/wtcXggoMLVI1\nO0enJm2jdmLXAgMBAAGjUzBRMB0GA1UdDgQWBBTmrmqnZIdFOj6vhCUAJKLZNUDw\nFDAfBgNVHSMEGDAWgBTmrmqnZIdFOj6vhCUAJKLZNUDwFDAPBgNVHRMBAf8EBTAD\nAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB3j6gvalxq54hZSwVmVZPMzjdTVYRC11b0\n6C9pWKsLwu+WINcs59ui8wpYVjcw1AK4/2I1Q7P4RgpSarAxG5tYIMB1xcfFKqBn\nf/dDXexONgwpW6SoBJ58c7OB/aH8CenDT8Vwk3fwjYslOywbFRqBjH+PB8uTlu0e\nD1fzjpcQCrQeA5VD4pjJAaTmi7bLVuH5XIya3++f/N3xOn53GVMUDO1OdFz8ZMvJ\nWrrg7E/wMXB1b5Wo2n2ypVU4sejikSjg2nfdLojUWGMrZ8TuUnjFs88PeQ9CObAp\nA36dLfs4JLF3sVOtqTd6BGwegDsmmllYO5Ky6I+laoLSHpGDEihS\n-----END CERTIFICATE-----\n" } } } diff --git a/command/resource/delete/delete.go b/command/resource/delete/delete.go index 2679951da8b1..06421d6d1e2d 100644 --- a/command/resource/delete/delete.go +++ b/command/resource/delete/delete.go @@ -84,10 +84,6 @@ func (c *cmd) Run(args []string) int { return 1 } } else { - if len(args) < 2 { - c.UI.Error("Incorrect argument format: Must specify two arguments: resource type and resource name") - return 1 - } var err error gvk, resourceName, err = resource.GetTypeAndResourceName(args) if err != nil { diff --git a/command/resource/delete/delete_test.go b/command/resource/delete/delete_test.go index f888bb3c8fd5..7454455c941e 100644 --- a/command/resource/delete/delete_test.go +++ b/command/resource/delete/delete_test.go @@ -67,7 +67,7 @@ func TestResourceDeleteInvalidArgs(t *testing.T) { "invalid resource type format": { args: []string{"a.", "name", "-namespace", "default"}, expectedCode: 1, - expectedErr: errors.New("Incorrect argument format: Must include resource type argument in group.verion.kind format"), + expectedErr: errors.New("Must provide resource type argument with either in group.verion.kind format or its shorthand name"), }, } diff --git a/command/resource/helper.go b/command/resource/helper.go index 417144ac7896..221a018599a7 100644 --- a/command/resource/helper.go +++ b/command/resource/helper.go @@ -96,21 +96,7 @@ func parseJson(js string) (*pbresource.Resource, error) { } func ParseResourceFromFile(filePath string) (*pbresource.Resource, error) { - data, err := helpers.LoadDataSourceNoRaw(filePath, nil) - if err != nil { - return nil, fmt.Errorf("Failed to load data: %v", err) - } - var parsedResource *pbresource.Resource - if isHCL([]byte(data)) { - parsedResource, err = resourcehcl.Unmarshal([]byte(data), consul.NewTypeRegistry()) - } else { - parsedResource, err = parseJson(data) - } - if err != nil { - return nil, fmt.Errorf("Failed to decode resource from input file: %v", err) - } - - return parsedResource, nil + return ParseResourceInput(filePath, nil) } // this is an inlined variant of hcl.lexMode() @@ -165,23 +151,17 @@ func ParseInputParams(inputArgs []string, flags *flag.FlagSet) error { } func GetTypeAndResourceName(args []string) (gvk *GVK, resourceName string, e error) { + if len(args) < 2 { + return nil, "", fmt.Errorf("Must specify two arguments: resource type and resource name") + } // it has to be resource name after the type if strings.HasPrefix(args[1], "-") { return nil, "", fmt.Errorf("Must provide resource name right after type") } + resourceName = args[1] - s := strings.Split(args[0], ".") - if len(s) != 3 { - return nil, "", fmt.Errorf("Must include resource type argument in group.verion.kind format") - } - - gvk = &GVK{ - Group: s[0], - Version: s[1], - Kind: s[2], - } + gvk, e = inferGVKFromResourceType(args[0]) - resourceName = args[1] return } @@ -282,3 +262,54 @@ func (resource *Resource) List(gvk *GVK, q *client.QueryOptions) (*ListResponse, return out, nil } + +func inferGVKFromResourceType(resourceType string) (*GVK, error) { + s := strings.Split(resourceType, ".") + switch length := len(s); { + // only kind is provided + case length == 1: + kindToGVKMap := BuildKindToGVKMap() + kind := strings.ToLower(s[0]) + switch len(kindToGVKMap[kind]) { + // no g.v.k is found + case 0: + return nil, fmt.Errorf("The shorthand name does not map to any existing resource type, please check `consul api-resources`") + // only one is found + case 1: + // infer gvk from resource kind + gvkSplit := strings.Split(kindToGVKMap[kind][0], ".") + return &GVK{ + Group: gvkSplit[0], + Version: gvkSplit[1], + Kind: gvkSplit[2], + }, nil + // it alerts error if any conflict is found + default: + return nil, fmt.Errorf("The shorthand name has conflicts %v, please use the full name", kindToGVKMap[s[0]]) + } + case length == 3: + return &GVK{ + Group: s[0], + Version: s[1], + Kind: s[2], + }, nil + default: + return nil, fmt.Errorf("Must provide resource type argument with either in group.verion.kind format or its shorthand name") + } +} + +func BuildKindToGVKMap() map[string][]string { + // this use the local copy of registration to build map + typeRegistry := consul.NewTypeRegistry() + kindToGVKMap := map[string][]string{} + for _, r := range typeRegistry.Types() { + gvkString := fmt.Sprintf("%s.%s.%s", r.Type.Group, r.Type.GroupVersion, r.Type.Kind) + kindKey := strings.ToLower(r.Type.Kind) + if len(kindToGVKMap[kindKey]) == 0 { + kindToGVKMap[kindKey] = []string{gvkString} + } else { + kindToGVKMap[kindKey] = append(kindToGVKMap[kindKey], gvkString) + } + } + return kindToGVKMap +} diff --git a/command/resource/read/read_test.go b/command/resource/read/read_test.go index 766f86b02cc1..a293a9faf5e2 100644 --- a/command/resource/read/read_test.go +++ b/command/resource/read/read_test.go @@ -67,7 +67,7 @@ func TestResourceReadInvalidArgs(t *testing.T) { "invalid resource type format": { args: []string{"a.", "name", "-namespace", "default"}, expectedCode: 1, - expectedErr: errors.New("Incorrect argument format: Must include resource type argument in group.verion.kind format"), + expectedErr: errors.New("Incorrect argument format: Must provide resource type argument with either in group.verion.kind format or its shorthand name"), }, } diff --git a/command/resource/testdata/nested_data.hcl b/command/resource/testdata/nested_data.hcl index aab8aa401ee9..b62875c732b4 100644 --- a/command/resource/testdata/nested_data.hcl +++ b/command/resource/testdata/nested_data.hcl @@ -21,6 +21,7 @@ Data { DestinationPort = "tcp" IpPort = { + Ip = "127.0.0.1" Port = 1234 } } diff --git a/command/services/register/register_test.go b/command/services/register/register_test.go index 24d5f4fb87ea..8b4d94328a12 100644 --- a/command/services/register/register_test.go +++ b/command/services/register/register_test.go @@ -9,6 +9,7 @@ import ( "testing" "github.com/hashicorp/consul/agent" + "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/sdk/testutil" "github.com/mitchellh/cli" "github.com/stretchr/testify/require" @@ -75,7 +76,7 @@ func TestCommand_File(t *testing.T) { ui := cli.NewMockUi() c := New(ui) - contents := `{ "Service": { "Name": "web" } }` + contents := `{ "Service": { "Name": "web", "Locality": { "Region": "us-east-1", "Zone": "us-east-1a" } } }` f := testFile(t, "json") defer os.Remove(f.Name()) if _, err := f.WriteString(contents); err != nil { @@ -93,8 +94,11 @@ func TestCommand_File(t *testing.T) { require.NoError(t, err) require.Len(t, svcs, 1) - svc := svcs["web"] - require.NotNil(t, svc) + require.NotNil(t, svcs["web"]) + + svc, _, err := client.Agent().Service("web", nil) + require.NoError(t, err) + require.Equal(t, &api.Locality{Region: "us-east-1", Zone: "us-east-1a"}, svc.Locality) } func TestCommand_Flags(t *testing.T) { diff --git a/envoyextensions/go.mod b/envoyextensions/go.mod index 4d4301841ea3..f6f1b1b186fc 100644 --- a/envoyextensions/go.mod +++ b/envoyextensions/go.mod @@ -10,8 +10,8 @@ replace ( require ( github.com/envoyproxy/go-control-plane v0.11.0 github.com/google/go-cmp v0.5.9 - github.com/hashicorp/consul/api v1.24.0 - github.com/hashicorp/consul/sdk v0.14.1 + github.com/hashicorp/consul/api v1.26.1 + github.com/hashicorp/consul/sdk v0.15.0 github.com/hashicorp/go-hclog v1.5.0 github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/go-version v1.2.1 @@ -41,7 +41,7 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 // indirect - golang.org/x/sys v0.11.0 // indirect + golang.org/x/sys v0.13.0 // indirect google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/envoyextensions/go.sum b/envoyextensions/go.sum index de21ca6c0b42..b611aa2308ee 100644 --- a/envoyextensions/go.sum +++ b/envoyextensions/go.sum @@ -200,7 +200,7 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= -golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -229,8 +229,8 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= -golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= diff --git a/envoyextensions/xdscommon/envoy_versioning_test.go b/envoyextensions/xdscommon/envoy_versioning_test.go index bc02e9c4aadc..925e2fa5378f 100644 --- a/envoyextensions/xdscommon/envoy_versioning_test.go +++ b/envoyextensions/xdscommon/envoy_versioning_test.go @@ -151,10 +151,10 @@ func TestDetermineSupportedProxyFeaturesFromString(t *testing.T) { } */ for _, v := range []string{ - "1.24.0", "1.24.1", "1.24.2", "1.24.3", "1.24.4", "1.24.5", "1.24.6", "1.24.7", "1.24.8", "1.24.9", "1.24.10", - "1.25.0", "1.25.1", "1.25.2", "1.25.3", "1.25.4", "1.25.5", "1.25.6", "1.25.7", "1.25.8", "1.25.9", - "1.26.0", "1.26.1", "1.26.2", "1.26.3", "1.26.4", - "1.27.0", + "1.24.0", "1.24.1", "1.24.2", "1.24.3", "1.24.4", "1.24.5", "1.24.6", "1.24.7", "1.24.8", "1.24.9", "1.24.10", "1.24.11", "1.24.12", + "1.25.0", "1.25.1", "1.25.2", "1.25.3", "1.25.4", "1.25.5", "1.25.6", "1.25.7", "1.25.8", "1.25.9", "1.25.10", "1.25.11", + "1.26.0", "1.26.1", "1.26.2", "1.26.3", "1.26.4", "1.26.5", "1.26.6", + "1.27.0", "1.27.1", "1.27.2", } { cases[v] = testcase{expect: SupportedProxyFeatures{}} } diff --git a/envoyextensions/xdscommon/proxysupport.go b/envoyextensions/xdscommon/proxysupport.go index 764d967616f6..9e487e1867e2 100644 --- a/envoyextensions/xdscommon/proxysupport.go +++ b/envoyextensions/xdscommon/proxysupport.go @@ -12,10 +12,10 @@ import "strings" // // see: https://www.consul.io/docs/connect/proxies/envoy#supported-versions var EnvoyVersions = []string{ - "1.27.0", - "1.26.4", - "1.25.9", - "1.24.10", + "1.27.2", + "1.26.6", + "1.25.11", + "1.24.12", } // UnsupportedEnvoyVersions lists any unsupported Envoy versions (mainly minor versions) that fall diff --git a/fixup_acl_move.sh b/fixup_acl_move.sh deleted file mode 100644 index ac57c8c7e933..000000000000 --- a/fixup_acl_move.sh +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: BUSL-1.1 - - -GOIMPORTS=~/go/bin/goimports - -CHANGED=(EnterpriseMeta PartitionOrDefault IsDefaultPartition NamespaceOrDefault NewEnterpriseMetaWithPartition EqualPartitions) - -DIRS=(agent command proto) - -for dir in "${DIRS[@]}" - do - echo "CD to $dir" - pushd $dir - for s in "${CHANGED[@]}" - do - REWRITE='structs.'$s' -> acl.'$s - echo "REPL $REWRITE" - gofmt -w -r="$REWRITE" . - done - popd -done - -find . -name \*.go | xargs fgrep 'acl.' -l | xargs $GOIMPORTS -local "github.com/hashicorp/consul" -w - -make --always-make proto -make go-mod-tidy diff --git a/go.mod b/go.mod index b89b5d420c24..48c59e089101 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( github.com/coredns/coredns v1.10.1 github.com/coreos/go-oidc v2.1.0+incompatible github.com/docker/go-connections v0.4.0 - github.com/envoyproxy/go-control-plane v0.11.0 + github.com/envoyproxy/go-control-plane v0.11.1 github.com/envoyproxy/go-control-plane/xdsmatcher v0.0.0-20230524161521-aaaacbfbe53e github.com/fatih/color v1.14.1 github.com/fsnotify/fsnotify v1.6.0 @@ -38,11 +38,11 @@ require ( github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706 github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69 - github.com/hashicorp/consul/api v1.24.0 - github.com/hashicorp/consul/envoyextensions v0.4.1 - github.com/hashicorp/consul/proto-public v0.4.1 - github.com/hashicorp/consul/sdk v0.14.1 - github.com/hashicorp/consul/troubleshoot v0.3.1 + github.com/hashicorp/consul/api v1.26.1 + github.com/hashicorp/consul/envoyextensions v0.5.1 + github.com/hashicorp/consul/proto-public v0.5.1 + github.com/hashicorp/consul/sdk v0.15.0 + github.com/hashicorp/consul/troubleshoot v0.4.1 github.com/hashicorp/go-bexpr v0.1.2 github.com/hashicorp/go-checkpoint v0.5.0 github.com/hashicorp/go-cleanhttp v0.5.2 @@ -71,7 +71,7 @@ require ( github.com/hashicorp/raft v1.5.0 github.com/hashicorp/raft-autopilot v0.1.6 github.com/hashicorp/raft-boltdb/v2 v2.2.2 - github.com/hashicorp/raft-wal v0.3.0 + github.com/hashicorp/raft-wal v0.4.1 github.com/hashicorp/serf v0.10.1 github.com/hashicorp/vault-plugin-auth-alicloud v0.14.0 github.com/hashicorp/vault/api v1.8.3 @@ -109,26 +109,25 @@ require ( go.opentelemetry.io/otel/sdk/metric v0.39.0 go.opentelemetry.io/proto/otlp v0.19.0 go.uber.org/goleak v1.1.10 - golang.org/x/crypto v0.12.0 + golang.org/x/crypto v0.14.0 golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 - golang.org/x/net v0.14.0 - golang.org/x/oauth2 v0.6.0 + golang.org/x/net v0.17.0 + golang.org/x/oauth2 v0.7.0 golang.org/x/sync v0.3.0 - golang.org/x/sys v0.11.0 + golang.org/x/sys v0.13.0 golang.org/x/time v0.3.0 - google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 - google.golang.org/grpc v1.55.0 + google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e + google.golang.org/grpc v1.56.3 google.golang.org/protobuf v1.30.0 gopkg.in/square/go-jose.v2 v2.5.1 gotest.tools/v3 v3.4.0 k8s.io/api v0.26.2 k8s.io/apimachinery v0.26.2 k8s.io/client-go v0.26.2 - k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 ) require ( - cloud.google.com/go/compute v1.19.0 // indirect + cloud.google.com/go/compute v1.19.1 // indirect cloud.google.com/go/compute/metadata v0.2.3 // indirect cloud.google.com/go/iam v0.13.0 // indirect github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect @@ -159,7 +158,7 @@ require ( github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible // indirect github.com/circonus-labs/circonusllhist v0.1.3 // indirect - github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195 // indirect + github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 // indirect github.com/coreos/etcd v3.3.27+incompatible // indirect github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf // indirect github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf // indirect @@ -169,7 +168,7 @@ require ( github.com/digitalocean/godo v1.10.0 // indirect github.com/dimchansky/utfbom v1.1.1 // indirect github.com/emicklei/go-restful/v3 v3.10.1 // indirect - github.com/envoyproxy/protoc-gen-validate v0.10.0 // indirect + github.com/envoyproxy/protoc-gen-validate v1.0.1 // indirect github.com/go-logr/logr v1.2.4 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-ole/go-ole v1.2.6 // indirect @@ -233,7 +232,7 @@ require ( github.com/posener/complete v1.2.3 // indirect github.com/power-devops/perfstat v0.0.0-20220216144756-c35f1ee13d7c // indirect github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect - github.com/prometheus/client_model v0.3.0 // indirect + github.com/prometheus/client_model v0.4.0 // indirect github.com/prometheus/common v0.39.0 // indirect github.com/prometheus/procfs v0.8.0 // indirect github.com/renier/xmlrpc v0.0.0-20170708154548-ce4a1a486c03 // indirect @@ -262,11 +261,13 @@ require ( go.uber.org/atomic v1.9.0 // indirect golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect golang.org/x/mod v0.12.0 // indirect - golang.org/x/term v0.11.0 // indirect - golang.org/x/text v0.12.0 // indirect + golang.org/x/term v0.13.0 // indirect + golang.org/x/text v0.13.0 // indirect golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 // indirect google.golang.org/api v0.114.0 // indirect google.golang.org/appengine v1.6.7 // indirect + google.golang.org/genproto v0.0.0-20230526203410-71b5a4ffd15e // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20230526203410-71b5a4ffd15e // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.66.2 // indirect gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce // indirect @@ -275,6 +276,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/klog/v2 v2.90.1 // indirect k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect + k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect sigs.k8s.io/yaml v1.3.0 // indirect diff --git a/go.sum b/go.sum index a809cbba8070..3598121de6f4 100644 --- a/go.sum +++ b/go.sum @@ -32,8 +32,8 @@ cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvf cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/compute v1.19.0 h1:+9zda3WGgW1ZSTlVppLCYFIr48Pa35q1uG2N1itbCEQ= -cloud.google.com/go/compute v1.19.0/go.mod h1:rikpw2y+UMidAe9tISo04EHNOIf42RLYF/q8Bs93scU= +cloud.google.com/go/compute v1.19.1 h1:am86mquDUgjGNWxiGn+5PGLbmgiWXlE/yNWpIpNvuXY= +cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE= cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= @@ -183,8 +183,8 @@ github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195 h1:58f1tJ1ra+zFINPlwLWvQsR9CzAKt2e+EWV2yX9oXQ4= -github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k= +github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= github.com/coredns/coredns v1.10.1 h1:6OyL7tcvYxeNHONj5iQlVM2GXBzAOq57L3/LUKP1DbA= github.com/coredns/coredns v1.10.1/go.mod h1:oGgoY6cRrdJzKgNrsT30Hztu7/MutSHCYwqGDWngXCc= @@ -240,13 +240,13 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= -github.com/envoyproxy/go-control-plane v0.11.0 h1:jtLewhRR2vMRNnq2ZZUoCjUlgut+Y0+sDDWPOfwOi1o= -github.com/envoyproxy/go-control-plane v0.11.0/go.mod h1:VnHyVMpzcLvCFt9yUz1UnCwHLhwx1WguiVDV7pTG/tI= +github.com/envoyproxy/go-control-plane v0.11.1 h1:wSUXTlLfiAQRWs2F+p+EKOY9rUyis1MyGqJ2DIk5HpM= +github.com/envoyproxy/go-control-plane v0.11.1/go.mod h1:uhMcXKCQMEJHiAb0w+YGefQLaTEw+YhGluxZkrTmD0g= github.com/envoyproxy/go-control-plane/xdsmatcher v0.0.0-20230524161521-aaaacbfbe53e h1:g8euodkL4GdSpVAjfzhssb07KgVmOUqyF4QOmwFumTs= github.com/envoyproxy/go-control-plane/xdsmatcher v0.0.0-20230524161521-aaaacbfbe53e/go.mod h1:/NGEcKqwNq3HAS2vCqHfsPx9sJZbkiNQ6dGx9gTE/NA= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v0.10.0 h1:oIfnZFdC0YhpNNEX+SuIqko4cqqVZeN9IGTrhZje83Y= -github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= +github.com/envoyproxy/protoc-gen-validate v1.0.1 h1:kt9FtLiooDc0vbwTLhdg3dyNX1K9Qwa1EK9LcD4jVUQ= +github.com/envoyproxy/protoc-gen-validate v1.0.1/go.mod h1:0vj8bNkYbSTNS2PIyH87KZaeN4x9zpL9Qt8fQC7d+vs= github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.5.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= @@ -595,8 +595,8 @@ github.com/hashicorp/raft-boltdb v0.0.0-20210409134258-03c10cc3d4ea/go.mod h1:qR github.com/hashicorp/raft-boltdb v0.0.0-20220329195025-15018e9b97e0 h1:CO8dBMLH6dvE1jTn/30ZZw3iuPsNfajshWoJTnVc5cc= github.com/hashicorp/raft-boltdb/v2 v2.2.2 h1:rlkPtOllgIcKLxVT4nutqlTH2NRFn+tO1wwZk/4Dxqw= github.com/hashicorp/raft-boltdb/v2 v2.2.2/go.mod h1:N8YgaZgNJLpZC+h+by7vDu5rzsRgONThTEeUS3zWbfY= -github.com/hashicorp/raft-wal v0.3.0 h1:Mi6RPoRbsxIIYZryI+bSTXHD97Ua6rIYO51ibYV9bkY= -github.com/hashicorp/raft-wal v0.3.0/go.mod h1:A6vP5o8hGOs1LHfC1Okh9xPwWDcmb6Vvuz/QyqUXlOE= +github.com/hashicorp/raft-wal v0.4.1 h1:aU8XZ6x8R9BAIB/83Z1dTDtXvDVmv9YVYeXxd/1QBSA= +github.com/hashicorp/raft-wal v0.4.1/go.mod h1:A6vP5o8hGOs1LHfC1Okh9xPwWDcmb6Vvuz/QyqUXlOE= github.com/hashicorp/serf v0.10.1 h1:Z1H2J60yRKvfDYAOZLd2MU0ND4AH/WDz7xYHDWQsIPY= github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4= github.com/hashicorp/vault-plugin-auth-alicloud v0.14.0 h1:O6tNk0s/arubLUbLeCyaRs5xGo9VwmbQazISY/BfPK4= @@ -832,8 +832,8 @@ github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1: github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= -github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= +github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= +github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= @@ -1037,8 +1037,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= -golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= +golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= +golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1133,8 +1133,8 @@ golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= -golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= -golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1151,8 +1151,8 @@ golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.6.0 h1:Lh8GPgSKBfWSwFvtuWOfeI3aAAnbXTSutYxJiOJFgIw= -golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw= +golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g= +golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1251,13 +1251,13 @@ golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= -golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0= -golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= +golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= +golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1269,8 +1269,8 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc= -golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1445,8 +1445,12 @@ google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEc google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A= -google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= +google.golang.org/genproto v0.0.0-20230526203410-71b5a4ffd15e h1:Ao9GzfUMPH3zjVfzXG5rlWlk+Q8MXWKwWpwVQE1MXfw= +google.golang.org/genproto v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:zqTuNwFlFRsw5zIts5VnzLQxSRqh+CGOTVMlYbY0Eyk= +google.golang.org/genproto/googleapis/api v0.0.0-20230526203410-71b5a4ffd15e h1:AZX1ra8YbFMSb7+1pI8S9v4rrgRR7jU1FmuFSSjTVcQ= +google.golang.org/genproto/googleapis/api v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e h1:NumxXLPfHSndr3wBBdeKiVHjGVFzi9RX2HwwQke94iY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= @@ -1476,8 +1480,8 @@ google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k= google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag= -google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= +google.golang.org/grpc v1.56.3 h1:8I4C0Yq1EjstUzUJzpcRVbuYA2mODtEmpWiQoN/b2nc= +google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= diff --git a/internal/auth/internal/types/computed_traffic_permissions.go b/internal/auth/internal/types/computed_traffic_permissions.go index 0ba88427233b..0a32e13d2926 100644 --- a/internal/auth/internal/types/computed_traffic_permissions.go +++ b/internal/auth/internal/types/computed_traffic_permissions.go @@ -19,7 +19,7 @@ func RegisterComputedTrafficPermission(r resource.Registry) { ACLs: &resource.ACLHooks{ Read: aclReadHookComputedTrafficPermissions, Write: aclWriteHookComputedTrafficPermissions, - List: aclListHookComputedTrafficPermissions, + List: resource.NoOpACLListHook, }, Validate: ValidateComputedTrafficPermissions, Scope: resource.ScopeNamespace, @@ -71,9 +71,3 @@ func aclReadHookComputedTrafficPermissions(authorizer acl.Authorizer, authzConte func aclWriteHookComputedTrafficPermissions(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error { return authorizer.ToAllowAuthorizer().TrafficPermissionsWriteAllowed(res.Id.Name, authzContext) } - -func aclListHookComputedTrafficPermissions(_ acl.Authorizer, _ *acl.AuthorizerContext) error { - // No-op List permission as we want to default to filtering resources - // from the list using the Read enforcement - return nil -} diff --git a/internal/auth/internal/types/errors.go b/internal/auth/internal/types/errors.go index b79d7a3b98e9..b11fac630476 100644 --- a/internal/auth/internal/types/errors.go +++ b/internal/auth/internal/types/errors.go @@ -12,4 +12,5 @@ var ( errSourceExcludes = errors.New("must be defined on wildcard sources") errInvalidPrefixValues = errors.New("prefix values, regex values, and explicit names must not combined") ErrWildcardNotSupported = errors.New("traffic permissions without explicit destinations are not yet supported") + ErrL7NotSupported = errors.New("traffic permissions with L7 rules are not yet supported") ) diff --git a/internal/auth/internal/types/traffic_permissions.go b/internal/auth/internal/types/traffic_permissions.go index fb1de7acff90..84a30a46e2f6 100644 --- a/internal/auth/internal/types/traffic_permissions.go +++ b/internal/auth/internal/types/traffic_permissions.go @@ -19,7 +19,7 @@ func RegisterTrafficPermissions(r resource.Registry) { ACLs: &resource.ACLHooks{ Read: aclReadHookTrafficPermissions, Write: aclWriteHookTrafficPermissions, - List: aclListHookTrafficPermissions, + List: resource.NoOpACLListHook, }, Validate: ValidateTrafficPermissions, Mutate: MutateTrafficPermissions, @@ -227,6 +227,13 @@ func validatePermission(p *pbauth.Permission, wrapErr func(error) error) error { Wrapped: err, }) } + // TODO: remove this when L7 traffic permissions are implemented + if len(dest.PathExact) > 0 || len(dest.PathPrefix) > 0 || len(dest.PathRegex) > 0 || len(dest.Methods) > 0 || dest.Header != nil { + merr = multierror.Append(merr, wrapDestRuleErr(resource.ErrInvalidListElement{ + Name: "destination_rule", + Wrapped: ErrL7NotSupported, + })) + } if (len(dest.PathExact) > 0 && len(dest.PathPrefix) > 0) || (len(dest.PathRegex) > 0 && len(dest.PathExact) > 0) || (len(dest.PathRegex) > 0 && len(dest.PathPrefix) > 0) { @@ -244,6 +251,13 @@ func validatePermission(p *pbauth.Permission, wrapErr func(error) error) error { Wrapped: err, }) } + // TODO: remove this when L7 traffic permissions are implemented + if len(excl.PathExact) > 0 || len(excl.PathPrefix) > 0 || len(excl.PathRegex) > 0 || len(excl.Methods) > 0 || excl.Header != nil { + merr = multierror.Append(merr, wrapDestRuleErr(resource.ErrInvalidListElement{ + Name: "exclude_permission_rules", + Wrapped: ErrL7NotSupported, + })) + } if (len(excl.PathExact) > 0 && len(excl.PathPrefix) > 0) || (len(excl.PathRegex) > 0 && len(excl.PathExact) > 0) || (len(excl.PathRegex) > 0 && len(excl.PathPrefix) > 0) { @@ -273,7 +287,7 @@ func isLocalPeer(p string) bool { func aclReadHookTrafficPermissions(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, _ *pbresource.ID, res *pbresource.Resource) error { if res == nil { - return resource.ErrNeedData + return resource.ErrNeedResource } return authorizeDestination(res, func(dest string) error { return authorizer.ToAllowAuthorizer().TrafficPermissionsReadAllowed(dest, authzContext) @@ -286,12 +300,6 @@ func aclWriteHookTrafficPermissions(authorizer acl.Authorizer, authzContext *acl }) } -func aclListHookTrafficPermissions(_ acl.Authorizer, _ *acl.AuthorizerContext) error { - // No-op List permission as we want to default to filtering resources - // from the list using the Read enforcement - return nil -} - func authorizeDestination(res *pbresource.Resource, intentionAllowed func(string) error) error { tp, err := resource.Decode[*pbauth.TrafficPermissions](res) if err != nil { diff --git a/internal/auth/internal/types/traffic_permissions_test.go b/internal/auth/internal/types/traffic_permissions_test.go index 0948d240b699..94fb165c3b8b 100644 --- a/internal/auth/internal/types/traffic_permissions_test.go +++ b/internal/auth/internal/types/traffic_permissions_test.go @@ -65,10 +65,46 @@ func TestValidateTrafficPermissions(t *testing.T) { }, "no-destination": { tp: &pbauth.TrafficPermissions{ + Action: pbauth.Action_ACTION_ALLOW, + Permissions: nil, + }, + expectErr: `invalid "data.destination" field: cannot be empty`, + }, + "source-tenancy": { + tp: &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "w1", + }, + Action: pbauth.Action_ACTION_ALLOW, + Permissions: []*pbauth.Permission{ + { + Sources: []*pbauth.Source{ + { + Partition: "ap1", + Peer: "cl1", + SamenessGroup: "sg1", + }, + }, + DestinationRules: nil, + }, + }, + }, + expectErr: `invalid element at index 0 of list "permissions": invalid element at index 0 of list "sources": invalid element at index 0 of list "source": permissions sources may not specify partitions, peers, and sameness_groups together`, + }, + // TODO: remove when L7 traffic permissions are implemented + "l7-fields-path": { + tp: &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "w1", + }, Action: pbauth.Action_ACTION_ALLOW, Permissions: []*pbauth.Permission{ { - Sources: nil, + Sources: []*pbauth.Source{ + { + Partition: "ap1", + }, + }, DestinationRules: []*pbauth.DestinationRule{ { PathExact: "wi2", @@ -77,9 +113,9 @@ func TestValidateTrafficPermissions(t *testing.T) { }, }, }, - expectErr: `invalid "data.destination" field: cannot be empty`, + expectErr: `invalid element at index 0 of list "permissions": invalid element at index 0 of list "destination_rules": invalid element at index 0 of list "destination_rule": traffic permissions with L7 rules are not yet supported`, }, - "source-tenancy": { + "l7-fields-methods": { tp: &pbauth.TrafficPermissions{ Destination: &pbauth.Destination{ IdentityName: "w1", @@ -89,16 +125,41 @@ func TestValidateTrafficPermissions(t *testing.T) { { Sources: []*pbauth.Source{ { - Partition: "ap1", - Peer: "cl1", - SamenessGroup: "sg1", + Partition: "ap1", + }, + }, + DestinationRules: []*pbauth.DestinationRule{ + { + Methods: []string{"PUT"}, }, }, - DestinationRules: nil, }, }, }, - expectErr: `invalid element at index 0 of list "permissions": invalid element at index 0 of list "sources": invalid element at index 0 of list "source": permissions sources may not specify partitions, peers, and sameness_groups together`, + expectErr: `invalid element at index 0 of list "permissions": invalid element at index 0 of list "destination_rules": invalid element at index 0 of list "destination_rule": traffic permissions with L7 rules are not yet supported`, + }, + "l7-fields-header": { + tp: &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "w1", + }, + Action: pbauth.Action_ACTION_ALLOW, + Permissions: []*pbauth.Permission{ + { + Sources: []*pbauth.Source{ + { + Partition: "ap1", + }, + }, + DestinationRules: []*pbauth.DestinationRule{ + { + Header: &pbauth.DestinationRuleHeader{Name: "foo"}, + }, + }, + }, + }, + }, + expectErr: `invalid element at index 0 of list "permissions": invalid element at index 0 of list "destination_rules": invalid element at index 0 of list "destination_rule": traffic permissions with L7 rules are not yet supported`, }, } diff --git a/internal/auth/internal/types/workload_identity.go b/internal/auth/internal/types/workload_identity.go index 5379d256ba4f..17334e66099e 100644 --- a/internal/auth/internal/types/workload_identity.go +++ b/internal/auth/internal/types/workload_identity.go @@ -18,7 +18,7 @@ func RegisterWorkloadIdentity(r resource.Registry) { ACLs: &resource.ACLHooks{ Read: aclReadHookWorkloadIdentity, Write: aclWriteHookWorkloadIdentity, - List: aclListHookWorkloadIdentity, + List: resource.NoOpACLListHook, }, Validate: nil, }) @@ -36,7 +36,7 @@ func aclReadHookWorkloadIdentity( if res != nil { return authorizer.ToAllowAuthorizer().IdentityReadAllowed(res.Id.Name, authzCtx) } - return resource.ErrNeedData + return resource.ErrNeedResource } func aclWriteHookWorkloadIdentity( @@ -44,13 +44,7 @@ func aclWriteHookWorkloadIdentity( authzCtx *acl.AuthorizerContext, res *pbresource.Resource) error { if res == nil { - return resource.ErrNeedData + return resource.ErrNeedResource } return authorizer.ToAllowAuthorizer().IdentityWriteAllowed(res.Id.Name, authzCtx) } - -func aclListHookWorkloadIdentity(authorizer acl.Authorizer, context *acl.AuthorizerContext) error { - // No-op List permission as we want to default to filtering resources - // from the list using the Read enforcement - return nil -} diff --git a/internal/auth/internal/types/workload_identity_test.go b/internal/auth/internal/types/workload_identity_test.go index 1ca59952ecee..8dfb22bc74a2 100644 --- a/internal/auth/internal/types/workload_identity_test.go +++ b/internal/auth/internal/types/workload_identity_test.go @@ -82,8 +82,8 @@ func TestWorkloadIdentityACLs(t *testing.T) { checkF(t, tc.listOK, err) }) t.Run("errors", func(t *testing.T) { - require.ErrorIs(t, reg.ACLs.Read(authz, &acl.AuthorizerContext{}, nil, nil), resource.ErrNeedData) - require.ErrorIs(t, reg.ACLs.Write(authz, &acl.AuthorizerContext{}, nil), resource.ErrNeedData) + require.ErrorIs(t, reg.ACLs.Read(authz, &acl.AuthorizerContext{}, nil, nil), resource.ErrNeedResource) + require.ErrorIs(t, reg.ACLs.Write(authz, &acl.AuthorizerContext{}, nil), resource.ErrNeedResource) }) } diff --git a/internal/catalog/catalogtest/helpers/acl_hooks_test_helpers.go b/internal/catalog/catalogtest/helpers/acl_hooks_test_helpers.go new file mode 100644 index 000000000000..097647ed08d1 --- /dev/null +++ b/internal/catalog/catalogtest/helpers/acl_hooks_test_helpers.go @@ -0,0 +1,21 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package helpers + +import ( + "testing" + + "github.com/hashicorp/consul/internal/catalog" + "github.com/hashicorp/consul/internal/catalog/internal/testhelpers" + "github.com/hashicorp/consul/internal/resource" + pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" + "github.com/hashicorp/consul/proto-public/pbresource" +) + +func RunWorkloadSelectingTypeACLsTests[T catalog.WorkloadSelecting](t *testing.T, typ *pbresource.Type, + getData func(selector *pbcatalog.WorkloadSelector) T, + registerFunc func(registry resource.Registry), +) { + testhelpers.RunWorkloadSelectingTypeACLsTests[T](t, typ, getData, registerFunc) +} diff --git a/internal/catalog/catalogtest/run_test.go b/internal/catalog/catalogtest/run_test.go index 2c12785bbb0b..554900559e46 100644 --- a/internal/catalog/catalogtest/run_test.go +++ b/internal/catalog/catalogtest/run_test.go @@ -11,10 +11,15 @@ import ( "github.com/hashicorp/consul/internal/catalog/internal/controllers" "github.com/hashicorp/consul/internal/controller" "github.com/hashicorp/consul/internal/resource/reaper" + rtest "github.com/hashicorp/consul/internal/resource/resourcetest" "github.com/hashicorp/consul/proto-public/pbresource" "github.com/hashicorp/consul/sdk/testutil" ) +var ( + clientOpts = rtest.ConfigureTestCLIFlags() +) + func runInMemResourceServiceAndControllers(t *testing.T, deps controllers.Dependencies) pbresource.ResourceServiceClient { t.Helper() @@ -38,10 +43,10 @@ func runInMemResourceServiceAndControllers(t *testing.T, deps controllers.Depend func TestControllers_Integration(t *testing.T) { client := runInMemResourceServiceAndControllers(t, catalog.DefaultControllerDependencies()) - RunCatalogV1Alpha1IntegrationTest(t, client) + RunCatalogV2Beta1IntegrationTest(t, client, clientOpts.ClientOptions(t)...) } func TestControllers_Lifecycle(t *testing.T) { client := runInMemResourceServiceAndControllers(t, catalog.DefaultControllerDependencies()) - RunCatalogV2Beta1LifecycleIntegrationTest(t, client) + RunCatalogV2Beta1LifecycleIntegrationTest(t, client, clientOpts.ClientOptions(t)...) } diff --git a/internal/catalog/catalogtest/test_integration_v2beta1.go b/internal/catalog/catalogtest/test_integration_v2beta1.go index 9f83ab365591..6d5c5854d7b0 100644 --- a/internal/catalog/catalogtest/test_integration_v2beta1.go +++ b/internal/catalog/catalogtest/test_integration_v2beta1.go @@ -38,19 +38,19 @@ var ( // is another RunCatalogIntegrationTestLifeCycle function that can be used for those // purposes. The two are distinct so that the data being published and the assertions // made against the system can be reused in upgrade tests. -func RunCatalogV1Alpha1IntegrationTest(t *testing.T, client pbresource.ResourceServiceClient) { +func RunCatalogV2Beta1IntegrationTest(t *testing.T, client pbresource.ResourceServiceClient, opts ...rtest.ClientOption) { t.Helper() - PublishCatalogV2Beta1IntegrationTestData(t, client) + PublishCatalogV2Beta1IntegrationTestData(t, client, opts...) VerifyCatalogV2Beta1IntegrationTestResults(t, client) } // PublishCatalogV2Beta1IntegrationTestData will perform a whole bunch of resource writes // for Service, ServiceEndpoints, Workload, Node and HealthStatus objects -func PublishCatalogV2Beta1IntegrationTestData(t *testing.T, client pbresource.ResourceServiceClient) { +func PublishCatalogV2Beta1IntegrationTestData(t *testing.T, client pbresource.ResourceServiceClient, opts ...rtest.ClientOption) { t.Helper() - c := rtest.NewClient(client) + c := rtest.NewClient(client, opts...) resources := rtest.ParseResourcesFromFilesystem(t, testData, "integration_test_data/v2beta1") c.PublishResources(t, resources) diff --git a/internal/catalog/catalogtest/test_lifecycle_v2beta1.go b/internal/catalog/catalogtest/test_lifecycle_v2beta1.go index ea935dd4c56b..5093b516cf42 100644 --- a/internal/catalog/catalogtest/test_lifecycle_v2beta1.go +++ b/internal/catalog/catalogtest/test_lifecycle_v2beta1.go @@ -16,19 +16,19 @@ import ( // RunCatalogV2Beta1LifecycleIntegrationTest intends to excercise functionality of // managing catalog resources over their normal lifecycle where they will be modified // several times, change state etc. -func RunCatalogV2Beta1LifecycleIntegrationTest(t *testing.T, client pbresource.ResourceServiceClient) { +func RunCatalogV2Beta1LifecycleIntegrationTest(t *testing.T, client pbresource.ResourceServiceClient, opts ...rtest.ClientOption) { t.Helper() testutil.RunStep(t, "node-lifecycle", func(t *testing.T) { - RunCatalogV2Beta1NodeLifecycleIntegrationTest(t, client) + RunCatalogV2Beta1NodeLifecycleIntegrationTest(t, client, opts...) }) testutil.RunStep(t, "workload-lifecycle", func(t *testing.T) { - RunCatalogV2Beta1WorkloadLifecycleIntegrationTest(t, client) + RunCatalogV2Beta1WorkloadLifecycleIntegrationTest(t, client, opts...) }) testutil.RunStep(t, "endpoints-lifecycle", func(t *testing.T) { - RunCatalogV2Beta1EndpointsLifecycleIntegrationTest(t, client) + RunCatalogV2Beta1EndpointsLifecycleIntegrationTest(t, client, opts...) }) } @@ -41,8 +41,8 @@ func RunCatalogV2Beta1LifecycleIntegrationTest(t *testing.T, client pbresource.R // * Changing HealthStatus to a better health will cause recomputation of the Health // * Deletion of associated HealthStatuses will recompute the Health (back to passing) // * Deletion of the node will cause deletion of associated health statuses -func RunCatalogV2Beta1NodeLifecycleIntegrationTest(t *testing.T, client pbresource.ResourceServiceClient) { - c := rtest.NewClient(client) +func RunCatalogV2Beta1NodeLifecycleIntegrationTest(t *testing.T, client pbresource.ResourceServiceClient, opts ...rtest.ClientOption) { + c := rtest.NewClient(client, opts...) nodeName := "test-lifecycle" nodeHealthName := "test-lifecycle-node-status" @@ -131,8 +131,8 @@ func RunCatalogV2Beta1NodeLifecycleIntegrationTest(t *testing.T, client pbresour // - Overall health is computed as the worst health amongst the nodes health and all // of the workloads associated HealthStatuses // - Deletion of the workload will cause deletion of all associated health statuses. -func RunCatalogV2Beta1WorkloadLifecycleIntegrationTest(t *testing.T, client pbresource.ResourceServiceClient) { - c := rtest.NewClient(client) +func RunCatalogV2Beta1WorkloadLifecycleIntegrationTest(t *testing.T, client pbresource.ResourceServiceClient, opts ...rtest.ClientOption) { + c := rtest.NewClient(client, opts...) testutil.RunStep(t, "nodeless-workload", func(t *testing.T) { runV2Beta1NodelessWorkloadLifecycleIntegrationTest(t, c) }) @@ -379,8 +379,8 @@ func runV2Beta1NodeAssociatedWorkloadLifecycleIntegrationTest(t *testing.T, c *r // * Adding ports to a service will recalculate the endpoints // * Removing ports from a service will recalculate the endpoints // * Changing the workload will recalculate the endpoints (ports, addresses, or health) -func RunCatalogV2Beta1EndpointsLifecycleIntegrationTest(t *testing.T, client pbresource.ResourceServiceClient) { - c := rtest.NewClient(client) +func RunCatalogV2Beta1EndpointsLifecycleIntegrationTest(t *testing.T, client pbresource.ResourceServiceClient, opts ...rtest.ClientOption) { + c := rtest.NewClient(client, opts...) serviceName := "test-lifecycle" // Create the service without a selector. We should not see endpoints generated but we should see the diff --git a/internal/catalog/exports.go b/internal/catalog/exports.go index c4e70ffbefe1..3c43643de419 100644 --- a/internal/catalog/exports.go +++ b/internal/catalog/exports.go @@ -48,6 +48,12 @@ var ( FailoverStatusConditionAcceptedUsingMeshDestinationPortReason = failover.UsingMeshDestinationPortReason ) +type WorkloadSelecting = types.WorkloadSelecting + +func ACLHooksForWorkloadSelectingType[T WorkloadSelecting]() *resource.ACLHooks { + return types.ACLHooksForWorkloadSelectingType[T]() +} + // RegisterTypes adds all resource types within the "catalog" API group // to the given type registry func RegisterTypes(r resource.Registry) { @@ -110,3 +116,15 @@ func ValidateLocalServiceRefNoSection(ref *pbresource.Reference, wrapErr func(er func ValidateSelector(sel *pbcatalog.WorkloadSelector, allowEmpty bool) error { return types.ValidateSelector(sel, allowEmpty) } + +func ValidatePortName(name string) error { + return types.ValidatePortName(name) +} + +func IsValidUnixSocketPath(host string) bool { + return types.IsValidUnixSocketPath(host) +} + +func ValidateProtocol(protocol pbcatalog.Protocol) error { + return types.ValidateProtocol(protocol) +} diff --git a/internal/catalog/internal/controllers/nodehealth/controller_test.go b/internal/catalog/internal/controllers/nodehealth/controller_test.go index 30989b479b0f..b21c52e521f8 100644 --- a/internal/catalog/internal/controllers/nodehealth/controller_test.go +++ b/internal/catalog/internal/controllers/nodehealth/controller_test.go @@ -73,7 +73,7 @@ type nodeHealthControllerTestSuite struct { } func (suite *nodeHealthControllerTestSuite) SetupTest() { - suite.resourceClient = svctest.RunResourceService(suite.T(), types.Register) + suite.resourceClient = svctest.RunResourceService(suite.T(), types.Register, types.RegisterDNSPolicy) suite.runtime = controller.Runtime{Client: suite.resourceClient, Logger: testutil.Logger(suite.T())} // The rest of the setup will be to prime the resource service with some data diff --git a/internal/catalog/internal/testhelpers/acl_hooks_test_helpers.go b/internal/catalog/internal/testhelpers/acl_hooks_test_helpers.go new file mode 100644 index 000000000000..17796a85c59a --- /dev/null +++ b/internal/catalog/internal/testhelpers/acl_hooks_test_helpers.go @@ -0,0 +1,198 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package testhelpers + +import ( + "testing" + + "google.golang.org/protobuf/proto" + + "github.com/hashicorp/consul/internal/resource" + "github.com/hashicorp/consul/internal/resource/resourcetest" + pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" + "github.com/hashicorp/consul/proto-public/pbresource" +) + +// WorkloadSelecting denotes a resource type that uses workload selectors. +type WorkloadSelecting interface { + proto.Message + GetWorkloads() *pbcatalog.WorkloadSelector +} + +func RunWorkloadSelectingTypeACLsTests[T WorkloadSelecting](t *testing.T, typ *pbresource.Type, + getData func(selector *pbcatalog.WorkloadSelector) T, + registerFunc func(registry resource.Registry), +) { + // Wire up a registry to generically invoke hooks + registry := resource.NewRegistry() + registerFunc(registry) + + cases := map[string]resourcetest.ACLTestCase{ + "no rules": { + Rules: ``, + Data: getData(&pbcatalog.WorkloadSelector{Names: []string{"workload"}}), + Typ: typ, + ReadOK: resourcetest.DENY, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "service test read": { + Rules: `service "test" { policy = "read" }`, + Data: getData(&pbcatalog.WorkloadSelector{Names: []string{"workload"}}), + Typ: typ, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "service test write with named selectors and insufficient policy": { + Rules: `service "test" { policy = "write" }`, + Data: getData(&pbcatalog.WorkloadSelector{Names: []string{"workload"}}), + Typ: typ, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "service test write with prefixed selectors and insufficient policy": { + Rules: `service "test" { policy = "write" }`, + Data: getData(&pbcatalog.WorkloadSelector{Prefixes: []string{"workload"}}), + Typ: typ, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "service test write with named selectors": { + Rules: `service "test" { policy = "write" } service "workload" { policy = "read" }`, + Data: getData(&pbcatalog.WorkloadSelector{Names: []string{"workload"}}), + Typ: typ, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.ALLOW, + ListOK: resourcetest.DEFAULT, + }, + "service test write with multiple named selectors": { + Rules: `service "test" { policy = "write" } service "workload1" { policy = "read" } service "workload2" { policy = "read" }`, + Data: getData(&pbcatalog.WorkloadSelector{Names: []string{"workload1", "workload2"}}), + Typ: typ, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.ALLOW, + ListOK: resourcetest.DEFAULT, + }, + "service test write with multiple named selectors and insufficient policy": { + Rules: `service "test" { policy = "write" } service "workload1" { policy = "read" }`, + Data: getData(&pbcatalog.WorkloadSelector{Names: []string{"workload1", "workload2"}}), + Typ: typ, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "service test write with multiple named selectors and prefixed policy": { + Rules: `service "test" { policy = "write" } service_prefix "workload" { policy = "read" }`, + Data: getData(&pbcatalog.WorkloadSelector{Names: []string{"workload1", "workload2"}}), + Typ: typ, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.ALLOW, + ListOK: resourcetest.DEFAULT, + }, + "service test write with prefixed selectors": { + Rules: `service "test" { policy = "write" } service_prefix "workload-" { policy = "read" }`, + Data: getData(&pbcatalog.WorkloadSelector{Prefixes: []string{"workload-"}}), + Typ: typ, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.ALLOW, + ListOK: resourcetest.DEFAULT, + }, + "service test write with prefixed selectors and a policy with more specific prefix than the selector": { + Rules: `service "test" { policy = "write" } service_prefix "workload-" { policy = "read" }`, + Data: getData(&pbcatalog.WorkloadSelector{Prefixes: []string{"wor"}}), + Typ: typ, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + + "service test write with prefixed selectors and a policy with less specific prefix than the selector": { + Rules: `service "test" { policy = "write" } service_prefix "wor" { policy = "read" }`, + Data: getData(&pbcatalog.WorkloadSelector{Prefixes: []string{"workload-"}}), + Typ: typ, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.ALLOW, + ListOK: resourcetest.DEFAULT, + }, + // Prefix-based selectors should not allow writes when a policy only allows + // to read a specific service from that selector. + "service test write with prefixed selectors and a policy with a specific service": { + Rules: `service "test" { policy = "write" } service "workload" { policy = "read" }`, + Data: getData(&pbcatalog.WorkloadSelector{Prefixes: []string{"workload"}}), + Typ: typ, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "service test write with multiple prefixed selectors": { + Rules: `service "test" { policy = "write" } service_prefix "workload" { policy = "read" }`, + Data: getData(&pbcatalog.WorkloadSelector{Prefixes: []string{"workload-1", "workload-2"}}), + Typ: typ, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.ALLOW, + ListOK: resourcetest.DEFAULT, + }, + "service test write with multiple prefixed selectors and insufficient policy": { + Rules: `service "test" { policy = "write" } service_prefix "workload-1" { policy = "read" }`, + Data: getData(&pbcatalog.WorkloadSelector{Prefixes: []string{"workload-1", "workload-2"}}), + Typ: typ, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "service test write with a mix of named and prefixed selectors and insufficient policy": { + Rules: `service "test" { policy = "write" } service_prefix "workload" { policy = "read" }`, + Data: getData(&pbcatalog.WorkloadSelector{ + Prefixes: []string{"workload-1", "workload-2"}, + Names: []string{"other-1", "other-2"}, + }), + Typ: typ, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "service test write with a mix of named and prefixed selectors and prefixed policy": { + Rules: `service "test" { policy = "write" } service_prefix "workload" { policy = "read" } service_prefix "other" { policy = "read" }`, + Data: getData(&pbcatalog.WorkloadSelector{ + Prefixes: []string{"workload-1", "workload-2"}, + Names: []string{"other-1", "other-2"}, + }), + Typ: typ, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.ALLOW, + ListOK: resourcetest.DEFAULT, + }, + "service test write with a mix of named and prefixed selectors and both prefixed and specific policy": { + Rules: `service "test" { policy = "write" } service_prefix "workload" { policy = "read" } service "other-1" { policy = "read" } service "other-2" { policy = "read" }`, + Data: getData(&pbcatalog.WorkloadSelector{ + Prefixes: []string{"workload-1", "workload-2"}, + Names: []string{"other-1", "other-2"}, + }), + Typ: typ, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.ALLOW, + ListOK: resourcetest.DEFAULT, + }, + "service test write with a mix of named and prefixed selectors and wildcard service read policy": { + Rules: `service "test" { policy = "write" } service_prefix "" { policy = "read" }`, + Data: getData(&pbcatalog.WorkloadSelector{ + Prefixes: []string{"workload-1", "workload-2"}, + Names: []string{"other-1", "other-2"}, + }), + Typ: typ, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.ALLOW, + ListOK: resourcetest.DEFAULT, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + resourcetest.RunACLTestCase(t, tc, registry) + }) + } +} diff --git a/internal/catalog/internal/types/acl_hooks.go b/internal/catalog/internal/types/acl_hooks.go new file mode 100644 index 000000000000..8250767f7254 --- /dev/null +++ b/internal/catalog/internal/types/acl_hooks.go @@ -0,0 +1,56 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package types + +import ( + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/internal/resource" + "github.com/hashicorp/consul/proto-public/pbresource" +) + +func aclReadHookResourceWithWorkloadSelector(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, id *pbresource.ID, _ *pbresource.Resource) error { + return authorizer.ToAllowAuthorizer().ServiceReadAllowed(id.GetName(), authzContext) +} + +func aclWriteHookResourceWithWorkloadSelector[T WorkloadSelecting](authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error { + if res == nil { + return resource.ErrNeedResource + } + + decodedService, err := resource.Decode[T](res) + if err != nil { + return resource.ErrNeedResource + } + + // First check service:write on the name. + err = authorizer.ToAllowAuthorizer().ServiceWriteAllowed(res.GetId().GetName(), authzContext) + if err != nil { + return err + } + + // Then also check whether we're allowed to select a service. + for _, name := range decodedService.GetData().GetWorkloads().GetNames() { + err = authorizer.ToAllowAuthorizer().ServiceReadAllowed(name, authzContext) + if err != nil { + return err + } + } + + for _, prefix := range decodedService.GetData().GetWorkloads().GetPrefixes() { + err = authorizer.ToAllowAuthorizer().ServiceReadPrefixAllowed(prefix, authzContext) + if err != nil { + return err + } + } + + return nil +} + +func ACLHooksForWorkloadSelectingType[T WorkloadSelecting]() *resource.ACLHooks { + return &resource.ACLHooks{ + Read: aclReadHookResourceWithWorkloadSelector, + Write: aclWriteHookResourceWithWorkloadSelector[T], + List: resource.NoOpACLListHook, + } +} diff --git a/internal/catalog/internal/types/dns_policy.go b/internal/catalog/internal/types/dns_policy.go index 809dd6f880c2..8e9dd864a957 100644 --- a/internal/catalog/internal/types/dns_policy.go +++ b/internal/catalog/internal/types/dns_policy.go @@ -19,6 +19,7 @@ func RegisterDNSPolicy(r resource.Registry) { Proto: &pbcatalog.DNSPolicy{}, Scope: resource.ScopeNamespace, Validate: ValidateDNSPolicy, + ACLs: ACLHooksForWorkloadSelectingType[*pbcatalog.DNSPolicy](), }) } diff --git a/internal/catalog/internal/types/dns_policy_test.go b/internal/catalog/internal/types/dns_policy_test.go index 3a611171070a..1303d2878cf7 100644 --- a/internal/catalog/internal/types/dns_policy_test.go +++ b/internal/catalog/internal/types/dns_policy_test.go @@ -11,6 +11,7 @@ import ( "google.golang.org/protobuf/reflect/protoreflect" "google.golang.org/protobuf/types/known/anypb" + "github.com/hashicorp/consul/internal/catalog/internal/testhelpers" "github.com/hashicorp/consul/internal/resource" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" @@ -161,3 +162,19 @@ func TestValidateDNSPolicy_EmptySelector(t *testing.T) { require.ErrorAs(t, err, &actual) require.Equal(t, expected, actual) } + +func TestDNSPolicyACLs(t *testing.T) { + // Wire up a registry to generically invoke hooks + registry := resource.NewRegistry() + RegisterDNSPolicy(registry) + + testhelpers.RunWorkloadSelectingTypeACLsTests[*pbcatalog.DNSPolicy](t, pbcatalog.DNSPolicyType, + func(selector *pbcatalog.WorkloadSelector) *pbcatalog.DNSPolicy { + return &pbcatalog.DNSPolicy{ + Workloads: selector, + Weights: &pbcatalog.Weights{Passing: 1, Warning: 0}, + } + }, + RegisterDNSPolicy, + ) +} diff --git a/internal/catalog/internal/types/failover_policy.go b/internal/catalog/internal/types/failover_policy.go index 4dc8b1bd8eb0..047bb9a95b05 100644 --- a/internal/catalog/internal/types/failover_policy.go +++ b/internal/catalog/internal/types/failover_policy.go @@ -25,7 +25,7 @@ func RegisterFailoverPolicy(r resource.Registry) { ACLs: &resource.ACLHooks{ Read: aclReadHookFailoverPolicy, Write: aclWriteHookFailoverPolicy, - List: aclListHookFailoverPolicy, + List: resource.NoOpACLListHook, }, }) } @@ -145,7 +145,7 @@ func ValidateFailoverPolicy(res *pbresource.Resource) error { Wrapped: err, } } - if portNameErr := validatePortName(portName); portNameErr != nil { + if portNameErr := ValidatePortName(portName); portNameErr != nil { merr = multierror.Append(merr, resource.ErrInvalidMapKey{ Map: "port_configs", Key: portName, @@ -245,7 +245,7 @@ func validateFailoverPolicyDestination(dest *pbcatalog.FailoverDestination, port // assumed and will be reconciled. if dest.Port != "" { if ported { - if portNameErr := validatePortName(dest.Port); portNameErr != nil { + if portNameErr := ValidatePortName(dest.Port); portNameErr != nil { merr = multierror.Append(merr, wrapErr(resource.ErrInvalidField{ Name: "port", Wrapped: portNameErr, @@ -371,9 +371,3 @@ func aclWriteHookFailoverPolicy(authorizer acl.Authorizer, authzContext *acl.Aut return nil } - -func aclListHookFailoverPolicy(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext) error { - // No-op List permission as we want to default to filtering resources - // from the list using the Read enforcement. - return nil -} diff --git a/internal/catalog/internal/types/failover_policy_test.go b/internal/catalog/internal/types/failover_policy_test.go index 8abe5d5cb74d..28029327e8d4 100644 --- a/internal/catalog/internal/types/failover_policy_test.go +++ b/internal/catalog/internal/types/failover_policy_test.go @@ -4,20 +4,20 @@ package types import ( - "strings" + "fmt" "testing" "github.com/stretchr/testify/require" "google.golang.org/protobuf/proto" "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" "github.com/hashicorp/consul/proto/private/prototest" "github.com/hashicorp/consul/sdk/testutil" + "github.com/hashicorp/consul/version/versiontest" ) func TestMutateFailoverPolicy(t *testing.T) { @@ -140,7 +140,7 @@ func TestMutateFailoverPolicy(t *testing.T) { }, }, "dest ref tenancy defaulting": { - policyTenancy: newTestTenancy("foo.bar"), + policyTenancy: resourcetest.Tenancy("foo.bar"), failover: &pbcatalog.FailoverPolicy{ Config: &pbcatalog.FailoverConfig{ Mode: pbcatalog.FailoverMode_FAILOVER_MODE_SEQUENTIAL, @@ -685,105 +685,147 @@ func TestFailoverPolicyACLs(t *testing.T) { registry := resource.NewRegistry() Register(registry) + newFailover := func(t *testing.T, name, tenancyStr string, destRefs []*pbresource.Reference) []*pbresource.Resource { + var dr []*pbcatalog.FailoverDestination + for _, destRef := range destRefs { + dr = append(dr, &pbcatalog.FailoverDestination{Ref: destRef}) + } + + res1 := resourcetest.Resource(pbcatalog.FailoverPolicyType, name). + WithTenancy(resourcetest.Tenancy(tenancyStr)). + WithData(t, &pbcatalog.FailoverPolicy{ + Config: &pbcatalog.FailoverConfig{Destinations: dr}, + }). + Build() + resourcetest.ValidateAndNormalize(t, registry, res1) + + res2 := resourcetest.Resource(pbcatalog.FailoverPolicyType, name). + WithTenancy(resourcetest.Tenancy(tenancyStr)). + WithData(t, &pbcatalog.FailoverPolicy{ + PortConfigs: map[string]*pbcatalog.FailoverConfig{ + "http": {Destinations: dr}, + }, + }). + Build() + resourcetest.ValidateAndNormalize(t, registry, res2) + + return []*pbresource.Resource{res1, res2} + } + type testcase struct { + res *pbresource.Resource rules string check func(t *testing.T, authz acl.Authorizer, res *pbresource.Resource) readOK string writeOK string - listOK string } const ( - DENY = "deny" - ALLOW = "allow" - DEFAULT = "default" + DENY = resourcetest.DENY + ALLOW = resourcetest.ALLOW + DEFAULT = resourcetest.DEFAULT ) - checkF := func(t *testing.T, expect string, got error) { - switch expect { - case ALLOW: - if acl.IsErrPermissionDenied(got) { - t.Fatal("should be allowed") - } - case DENY: - if !acl.IsErrPermissionDenied(got) { - t.Fatal("should be denied") - } - case DEFAULT: - require.Nil(t, got, "expected fallthrough decision") - default: - t.Fatalf("unexpected expectation: %q", expect) - } + serviceRef := func(tenancy, name string) *pbresource.Reference { + return newRefWithTenancy(pbcatalog.ServiceType, tenancy, name) } - reg, ok := registry.Resolve(pbcatalog.FailoverPolicyType) - require.True(t, ok) + resOneDest := func(tenancy, destTenancy string) []*pbresource.Resource { + return newFailover(t, "api", tenancy, []*pbresource.Reference{ + serviceRef(destTenancy, "dest1"), + }) + } - run := func(t *testing.T, tc testcase) { - failoverData := &pbcatalog.FailoverPolicy{ - Config: &pbcatalog.FailoverConfig{ - Destinations: []*pbcatalog.FailoverDestination{ - {Ref: newRef(pbcatalog.ServiceType, "api-backup")}, - }, - }, - } - res := resourcetest.Resource(pbcatalog.FailoverPolicyType, "api"). - WithTenancy(resource.DefaultNamespacedTenancy()). - WithData(t, failoverData). - Build() - resourcetest.ValidateAndNormalize(t, registry, res) + resTwoDests := func(tenancy, destTenancy string) []*pbresource.Resource { + return newFailover(t, "api", tenancy, []*pbresource.Reference{ + serviceRef(destTenancy, "dest1"), + serviceRef(destTenancy, "dest2"), + }) + } - config := acl.Config{ - WildcardName: structs.WildcardSpecifier, + run := func(t *testing.T, name string, tc resourcetest.ACLTestCase) { + t.Run(name, func(t *testing.T) { + resourcetest.RunACLTestCase(t, tc, registry) + }) + } + + isEnterprise := versiontest.IsEnterprise() + + serviceRead := func(partition, namespace, name string) string { + if isEnterprise { + return fmt.Sprintf(` partition %q { namespace %q { service %q { policy = "read" } } }`, partition, namespace, name) + } + return fmt.Sprintf(` service %q { policy = "read" } `, name) + } + serviceWrite := func(partition, namespace, name string) string { + if isEnterprise { + return fmt.Sprintf(` partition %q { namespace %q { service %q { policy = "write" } } }`, partition, namespace, name) } - authz, err := acl.NewAuthorizerFromRules(tc.rules, &config, nil) - require.NoError(t, err) - authz = acl.NewChainedAuthorizer([]acl.Authorizer{authz, acl.DenyAll()}) + return fmt.Sprintf(` service %q { policy = "write" } `, name) + } - t.Run("read", func(t *testing.T) { - err := reg.ACLs.Read(authz, &acl.AuthorizerContext{}, res.Id, nil) - checkF(t, tc.readOK, err) - }) - t.Run("write", func(t *testing.T) { - err := reg.ACLs.Write(authz, &acl.AuthorizerContext{}, res) - checkF(t, tc.writeOK, err) - }) - t.Run("list", func(t *testing.T) { - err := reg.ACLs.List(authz, &acl.AuthorizerContext{}) - checkF(t, tc.listOK, err) - }) + assert := func(t *testing.T, name string, rules string, resList []*pbresource.Resource, readOK, writeOK string) { + for i, res := range resList { + tc := resourcetest.ACLTestCase{ + AuthCtx: resource.AuthorizerContext(res.Id.Tenancy), + Res: res, + Rules: rules, + ReadOK: readOK, + WriteOK: writeOK, + ListOK: DEFAULT, + } + run(t, fmt.Sprintf("%s-%d", name, i), tc) + } } - cases := map[string]testcase{ - "no rules": { - rules: ``, - readOK: DENY, - writeOK: DENY, - listOK: DEFAULT, - }, - "service api read": { - rules: `service "api" { policy = "read" }`, - readOK: ALLOW, - writeOK: DENY, - listOK: DEFAULT, - }, - "service api write": { - rules: `service "api" { policy = "write" }`, - readOK: ALLOW, - writeOK: DENY, - listOK: DEFAULT, - }, - "service api write and api-backup read": { - rules: `service "api" { policy = "write" } service "api-backup" { policy = "read" }`, - readOK: ALLOW, - writeOK: ALLOW, - listOK: DEFAULT, - }, + tenancies := []string{"default.default"} + if isEnterprise { + tenancies = append(tenancies, "default.foo", "alpha.default", "alpha.foo") } - for name, tc := range cases { - t.Run(name, func(t *testing.T) { - run(t, tc) + for _, policyTenancyStr := range tenancies { + t.Run("policy tenancy: "+policyTenancyStr, func(t *testing.T) { + for _, destTenancyStr := range tenancies { + t.Run("dest tenancy: "+destTenancyStr, func(t *testing.T) { + for _, aclTenancyStr := range tenancies { + t.Run("acl tenancy: "+aclTenancyStr, func(t *testing.T) { + aclTenancy := resourcetest.Tenancy(aclTenancyStr) + + maybe := func(match string, parentOnly bool) string { + if policyTenancyStr != aclTenancyStr { + return DENY + } + if !parentOnly && destTenancyStr != aclTenancyStr { + return DENY + } + return match + } + + t.Run("no rules", func(t *testing.T) { + rules := `` + assert(t, "1dest", rules, resOneDest(policyTenancyStr, destTenancyStr), DENY, DENY) + assert(t, "2dests", rules, resTwoDests(policyTenancyStr, destTenancyStr), DENY, DENY) + }) + t.Run("api:read", func(t *testing.T) { + rules := serviceRead(aclTenancy.Partition, aclTenancy.Namespace, "api") + assert(t, "1dest", rules, resOneDest(policyTenancyStr, destTenancyStr), maybe(ALLOW, true), DENY) + assert(t, "2dests", rules, resTwoDests(policyTenancyStr, destTenancyStr), maybe(ALLOW, true), DENY) + }) + t.Run("api:write", func(t *testing.T) { + rules := serviceWrite(aclTenancy.Partition, aclTenancy.Namespace, "api") + assert(t, "1dest", rules, resOneDest(policyTenancyStr, destTenancyStr), maybe(ALLOW, true), DENY) + assert(t, "2dests", rules, resTwoDests(policyTenancyStr, destTenancyStr), maybe(ALLOW, true), DENY) + }) + t.Run("api:write dest1:read", func(t *testing.T) { + rules := serviceWrite(aclTenancy.Partition, aclTenancy.Namespace, "api") + + serviceRead(aclTenancy.Partition, aclTenancy.Namespace, "dest1") + assert(t, "1dest", rules, resOneDest(policyTenancyStr, destTenancyStr), maybe(ALLOW, true), maybe(ALLOW, false)) + assert(t, "2dests", rules, resTwoDests(policyTenancyStr, destTenancyStr), maybe(ALLOW, true), DENY) + }) + }) + } + }) + } }) } } @@ -796,7 +838,7 @@ func newRef(typ *pbresource.Type, name string) *pbresource.Reference { func newRefWithTenancy(typ *pbresource.Type, tenancyStr, name string) *pbresource.Reference { return resourcetest.Resource(typ, name). - WithTenancy(newTestTenancy(tenancyStr)). + WithTenancy(resourcetest.Tenancy(tenancyStr)). Reference("") } @@ -805,22 +847,3 @@ func newRefWithPeer(typ *pbresource.Type, name string, peer string) *pbresource. ref.Tenancy.PeerName = peer return ref } - -func newTestTenancy(s string) *pbresource.Tenancy { - parts := strings.Split(s, ".") - switch len(parts) { - case 0: - return resource.DefaultClusteredTenancy() - case 1: - v := resource.DefaultPartitionedTenancy() - v.Partition = parts[0] - return v - case 2: - v := resource.DefaultNamespacedTenancy() - v.Partition = parts[0] - v.Namespace = parts[1] - return v - default: - return &pbresource.Tenancy{Partition: "BAD", Namespace: "BAD", PeerName: "BAD"} - } -} diff --git a/internal/catalog/internal/types/health_checks.go b/internal/catalog/internal/types/health_checks.go index b470be331feb..1333e2368d88 100644 --- a/internal/catalog/internal/types/health_checks.go +++ b/internal/catalog/internal/types/health_checks.go @@ -17,6 +17,7 @@ func RegisterHealthChecks(r resource.Registry) { Proto: &pbcatalog.HealthChecks{}, Scope: resource.ScopeNamespace, Validate: ValidateHealthChecks, + ACLs: ACLHooksForWorkloadSelectingType[*pbcatalog.HealthChecks](), }) } diff --git a/internal/catalog/internal/types/health_checks_test.go b/internal/catalog/internal/types/health_checks_test.go index 8af0ffde9fac..c9cdf01ae84c 100644 --- a/internal/catalog/internal/types/health_checks_test.go +++ b/internal/catalog/internal/types/health_checks_test.go @@ -12,6 +12,7 @@ import ( "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/durationpb" + "github.com/hashicorp/consul/internal/catalog/internal/testhelpers" "github.com/hashicorp/consul/internal/resource" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" @@ -196,3 +197,12 @@ func TestValidateHealthChecks_EmptySelector(t *testing.T) { require.ErrorAs(t, err, &actual) require.Equal(t, expected, actual) } + +func TestHealthChecksACLs(t *testing.T) { + testhelpers.RunWorkloadSelectingTypeACLsTests[*pbcatalog.HealthChecks](t, pbcatalog.HealthChecksType, + func(selector *pbcatalog.WorkloadSelector) *pbcatalog.HealthChecks { + return &pbcatalog.HealthChecks{Workloads: selector} + }, + RegisterHealthChecks, + ) +} diff --git a/internal/catalog/internal/types/health_status.go b/internal/catalog/internal/types/health_status.go index 99b153895c1f..fe92e858b025 100644 --- a/internal/catalog/internal/types/health_status.go +++ b/internal/catalog/internal/types/health_status.go @@ -6,6 +6,7 @@ package types import ( "github.com/hashicorp/go-multierror" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/internal/resource" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" @@ -17,6 +18,11 @@ func RegisterHealthStatus(r resource.Registry) { Proto: &pbcatalog.HealthStatus{}, Scope: resource.ScopeNamespace, Validate: ValidateHealthStatus, + ACLs: &resource.ACLHooks{ + Read: aclReadHookHealthStatus, + Write: aclWriteHookHealthStatus, + List: resource.NoOpACLListHook, + }, }) } @@ -66,3 +72,32 @@ func ValidateHealthStatus(res *pbresource.Resource) error { return err } + +func aclReadHookHealthStatus(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, _ *pbresource.ID, res *pbresource.Resource) error { + if res == nil { + return resource.ErrNeedResource + } + // For a health status of a workload we need to check service:read perms. + if res.GetOwner() != nil && resource.EqualType(res.GetOwner().GetType(), pbcatalog.WorkloadType) { + return authorizer.ToAllowAuthorizer().ServiceReadAllowed(res.GetOwner().GetName(), authzContext) + } + + if res.GetOwner() != nil && resource.EqualType(res.GetOwner().GetType(), pbcatalog.NodeType) { + return authorizer.ToAllowAuthorizer().NodeReadAllowed(res.GetOwner().GetName(), authzContext) + } + + return acl.PermissionDenied("cannot read catalog.HealthStatus because there is no owner") +} + +func aclWriteHookHealthStatus(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error { + // For a health status of a workload we need to check service:write perms. + if res.GetOwner() != nil && resource.EqualType(res.GetOwner().GetType(), pbcatalog.WorkloadType) { + return authorizer.ToAllowAuthorizer().ServiceWriteAllowed(res.GetOwner().GetName(), authzContext) + } + + if res.GetOwner() != nil && resource.EqualType(res.GetOwner().GetType(), pbcatalog.NodeType) { + return authorizer.ToAllowAuthorizer().NodeWriteAllowed(res.GetOwner().GetName(), authzContext) + } + + return acl.PermissionDenied("cannot write catalog.HealthStatus because there is no owner") +} diff --git a/internal/catalog/internal/types/health_status_test.go b/internal/catalog/internal/types/health_status_test.go index 654573d24a53..9482e4770e40 100644 --- a/internal/catalog/internal/types/health_status_test.go +++ b/internal/catalog/internal/types/health_status_test.go @@ -11,6 +11,7 @@ import ( "google.golang.org/protobuf/types/known/anypb" "github.com/hashicorp/consul/internal/resource" + "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" ) @@ -214,3 +215,106 @@ func TestValidateHealthStatus_InvalidOwner(t *testing.T) { }) } } + +func TestHealthStatusACLs(t *testing.T) { + registry := resource.NewRegistry() + Register(registry) + + workload := resourcetest.Resource(pbcatalog.WorkloadType, "test").ID() + node := resourcetest.Resource(pbcatalog.NodeType, "test").ID() + + healthStatusData := &pbcatalog.HealthStatus{ + Type: "tcp", + Status: pbcatalog.Health_HEALTH_PASSING, + } + + cases := map[string]resourcetest.ACLTestCase{ + "no rules": { + Rules: ``, + Data: healthStatusData, + Owner: workload, + Typ: pbcatalog.HealthStatusType, + ReadOK: resourcetest.DENY, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "service test read": { + Rules: `service "test" { policy = "read" }`, + Data: healthStatusData, + Owner: workload, + Typ: pbcatalog.HealthStatusType, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "service test write": { + Rules: `service "test" { policy = "write" }`, + Data: healthStatusData, + Owner: workload, + Typ: pbcatalog.HealthStatusType, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.ALLOW, + ListOK: resourcetest.DEFAULT, + }, + "service test read with node owner": { + Rules: `service "test" { policy = "read" }`, + Data: healthStatusData, + Owner: node, + Typ: pbcatalog.HealthStatusType, + ReadOK: resourcetest.DENY, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "service test write with node owner": { + Rules: `service "test" { policy = "write" }`, + Data: healthStatusData, + Owner: node, + Typ: pbcatalog.HealthStatusType, + ReadOK: resourcetest.DENY, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "node test read with node owner": { + Rules: `node "test" { policy = "read" }`, + Data: healthStatusData, + Owner: node, + Typ: pbcatalog.HealthStatusType, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "node test write with node owner": { + Rules: `node "test" { policy = "write" }`, + Data: healthStatusData, + Owner: node, + Typ: pbcatalog.HealthStatusType, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.ALLOW, + ListOK: resourcetest.DEFAULT, + }, + "node test read with workload owner": { + Rules: `node "test" { policy = "read" }`, + Data: healthStatusData, + Owner: workload, + Typ: pbcatalog.HealthStatusType, + ReadOK: resourcetest.DENY, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "node test write with workload owner": { + Rules: `node "test" { policy = "write" }`, + Data: healthStatusData, + Owner: workload, + Typ: pbcatalog.HealthStatusType, + ReadOK: resourcetest.DENY, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + resourcetest.RunACLTestCase(t, tc, registry) + }) + } +} diff --git a/internal/catalog/internal/types/node.go b/internal/catalog/internal/types/node.go index 9c59228a49b6..42ac833c6e7d 100644 --- a/internal/catalog/internal/types/node.go +++ b/internal/catalog/internal/types/node.go @@ -6,6 +6,7 @@ package types import ( "github.com/hashicorp/go-multierror" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/internal/resource" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" @@ -22,6 +23,11 @@ func RegisterNode(r resource.Registry) { // Until that time, Node will remain namespace scoped. Scope: resource.ScopeNamespace, Validate: ValidateNode, + ACLs: &resource.ACLHooks{ + Read: aclReadHookNode, + Write: aclWriteHookNode, + List: resource.NoOpACLListHook, + }, }) } @@ -80,3 +86,11 @@ func validateNodeAddress(addr *pbcatalog.NodeAddress) error { return nil } + +func aclReadHookNode(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, id *pbresource.ID, _ *pbresource.Resource) error { + return authorizer.ToAllowAuthorizer().NodeReadAllowed(id.GetName(), authzContext) +} + +func aclWriteHookNode(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error { + return authorizer.ToAllowAuthorizer().NodeWriteAllowed(res.GetId().GetName(), authzContext) +} diff --git a/internal/catalog/internal/types/node_test.go b/internal/catalog/internal/types/node_test.go index 130551fad2b6..5a678745e3a3 100644 --- a/internal/catalog/internal/types/node_test.go +++ b/internal/catalog/internal/types/node_test.go @@ -11,6 +11,7 @@ import ( "google.golang.org/protobuf/types/known/anypb" "github.com/hashicorp/consul/internal/resource" + "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" ) @@ -127,3 +128,48 @@ func TestValidateNode_AddressMissingHost(t *testing.T) { require.ErrorAs(t, err, &actual) require.Equal(t, expected, actual) } + +func TestNodeACLs(t *testing.T) { + registry := resource.NewRegistry() + Register(registry) + + nodeData := &pbcatalog.Node{ + Addresses: []*pbcatalog.NodeAddress{ + { + Host: "1.1.1.1", + }, + }, + } + cases := map[string]resourcetest.ACLTestCase{ + "no rules": { + Rules: ``, + Data: nodeData, + Typ: pbcatalog.NodeType, + ReadOK: resourcetest.DENY, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "node test read": { + Rules: `node "test" { policy = "read" }`, + Data: nodeData, + Typ: pbcatalog.NodeType, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "node test write": { + Rules: `node "test" { policy = "write" }`, + Data: nodeData, + Typ: pbcatalog.NodeType, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.ALLOW, + ListOK: resourcetest.DEFAULT, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + resourcetest.RunACLTestCase(t, tc, registry) + }) + } +} diff --git a/internal/catalog/internal/types/service.go b/internal/catalog/internal/types/service.go index 4cefb362e78f..a91f3a7c5180 100644 --- a/internal/catalog/internal/types/service.go +++ b/internal/catalog/internal/types/service.go @@ -20,6 +20,7 @@ func RegisterService(r resource.Registry) { Scope: resource.ScopeNamespace, Validate: ValidateService, Mutate: MutateService, + ACLs: ACLHooksForWorkloadSelectingType[*pbcatalog.Service](), }) } @@ -89,7 +90,7 @@ func ValidateService(res *pbresource.Resource) error { } // validate the target port - if nameErr := validatePortName(port.TargetPort); nameErr != nil { + if nameErr := ValidatePortName(port.TargetPort); nameErr != nil { err = multierror.Append(err, resource.ErrInvalidListElement{ Name: "ports", Index: idx, @@ -100,7 +101,7 @@ func ValidateService(res *pbresource.Resource) error { }) } - if protoErr := validateProtocol(port.Protocol); protoErr != nil { + if protoErr := ValidateProtocol(port.Protocol); protoErr != nil { err = multierror.Append(err, resource.ErrInvalidListElement{ Name: "ports", Index: idx, diff --git a/internal/catalog/internal/types/service_endpoints.go b/internal/catalog/internal/types/service_endpoints.go index 8008ada845b4..1991c455ad90 100644 --- a/internal/catalog/internal/types/service_endpoints.go +++ b/internal/catalog/internal/types/service_endpoints.go @@ -8,6 +8,7 @@ import ( "github.com/hashicorp/go-multierror" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/internal/resource" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" @@ -20,6 +21,15 @@ func RegisterServiceEndpoints(r resource.Registry) { Scope: resource.ScopeNamespace, Validate: ValidateServiceEndpoints, Mutate: MutateServiceEndpoints, + ACLs: &resource.ACLHooks{ + Read: func(authorizer acl.Authorizer, context *acl.AuthorizerContext, id *pbresource.ID, _ *pbresource.Resource) error { + return authorizer.ToAllowAuthorizer().ServiceReadAllowed(id.GetName(), context) + }, + Write: func(authorizer acl.Authorizer, context *acl.AuthorizerContext, p *pbresource.Resource) error { + return authorizer.ToAllowAuthorizer().ServiceWriteAllowed(p.GetId().GetName(), context) + }, + List: resource.NoOpACLListHook, + }, }) } @@ -126,7 +136,7 @@ func validateEndpoint(endpoint *pbcatalog.Endpoint, res *pbresource.Resource) er // Validate the endpoints ports for portName, port := range endpoint.Ports { // Port names must be DNS labels - if portNameErr := validatePortName(portName); portNameErr != nil { + if portNameErr := ValidatePortName(portName); portNameErr != nil { err = multierror.Append(err, resource.ErrInvalidMapKey{ Map: "ports", Key: portName, @@ -134,7 +144,7 @@ func validateEndpoint(endpoint *pbcatalog.Endpoint, res *pbresource.Resource) er }) } - if protoErr := validateProtocol(port.Protocol); protoErr != nil { + if protoErr := ValidateProtocol(port.Protocol); protoErr != nil { err = multierror.Append(err, resource.ErrInvalidMapValue{ Map: "ports", Key: portName, diff --git a/internal/catalog/internal/types/service_endpoints_test.go b/internal/catalog/internal/types/service_endpoints_test.go index d210ba1aaafd..7a298e397949 100644 --- a/internal/catalog/internal/types/service_endpoints_test.go +++ b/internal/catalog/internal/types/service_endpoints_test.go @@ -258,3 +258,47 @@ func TestMutateServiceEndpoints_PopulateOwner(t *testing.T) { require.True(t, resource.EqualTenancy(res.Owner.Tenancy, defaultEndpointTenancy)) require.Equal(t, res.Owner.Name, res.Id.Name) } + +func TestServiceEndpointsACLs(t *testing.T) { + registry := resource.NewRegistry() + Register(registry) + + service := rtest.Resource(pbcatalog.ServiceType, "test"). + WithTenancy(resource.DefaultNamespacedTenancy()).ID() + serviceEndpointsData := &pbcatalog.ServiceEndpoints{} + cases := map[string]rtest.ACLTestCase{ + "no rules": { + Rules: ``, + Data: serviceEndpointsData, + Owner: service, + Typ: pbcatalog.ServiceEndpointsType, + ReadOK: rtest.DENY, + WriteOK: rtest.DENY, + ListOK: rtest.DEFAULT, + }, + "service test read": { + Rules: `service "test" { policy = "read" }`, + Data: serviceEndpointsData, + Owner: service, + Typ: pbcatalog.ServiceEndpointsType, + ReadOK: rtest.ALLOW, + WriteOK: rtest.DENY, + ListOK: rtest.DEFAULT, + }, + "service test write": { + Rules: `service "test" { policy = "write" }`, + Data: serviceEndpointsData, + Owner: service, + Typ: pbcatalog.ServiceEndpointsType, + ReadOK: rtest.ALLOW, + WriteOK: rtest.ALLOW, + ListOK: rtest.DEFAULT, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + rtest.RunACLTestCase(t, tc, registry) + }) + } +} diff --git a/internal/catalog/internal/types/service_test.go b/internal/catalog/internal/types/service_test.go index b47c02218405..18649dda9a0a 100644 --- a/internal/catalog/internal/types/service_test.go +++ b/internal/catalog/internal/types/service_test.go @@ -10,6 +10,7 @@ import ( "google.golang.org/protobuf/reflect/protoreflect" "google.golang.org/protobuf/types/known/anypb" + "github.com/hashicorp/consul/internal/catalog/internal/testhelpers" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" @@ -275,3 +276,12 @@ func TestValidateService_InvalidVIP(t *testing.T) { require.Error(t, err) require.ErrorIs(t, err, errNotIPAddress) } + +func TestServiceACLs(t *testing.T) { + testhelpers.RunWorkloadSelectingTypeACLsTests[*pbcatalog.Service](t, pbcatalog.ServiceType, + func(selector *pbcatalog.WorkloadSelector) *pbcatalog.Service { + return &pbcatalog.Service{Workloads: selector} + }, + RegisterService, + ) +} diff --git a/internal/catalog/internal/types/types.go b/internal/catalog/internal/types/types.go index 6ce29a265963..15ed6b148de7 100644 --- a/internal/catalog/internal/types/types.go +++ b/internal/catalog/internal/types/types.go @@ -13,8 +13,10 @@ func Register(r resource.Registry) { RegisterServiceEndpoints(r) RegisterNode(r) RegisterHealthStatus(r) - RegisterHealthChecks(r) - RegisterDNSPolicy(r) - RegisterVirtualIPs(r) RegisterFailoverPolicy(r) + + // todo (v2): re-register once these resources are implemented. + //RegisterHealthChecks(r) + //RegisterDNSPolicy(r) + //RegisterVirtualIPs(r) } diff --git a/internal/catalog/internal/types/types_test.go b/internal/catalog/internal/types/types_test.go index ba4243b62805..4facd921c368 100644 --- a/internal/catalog/internal/types/types_test.go +++ b/internal/catalog/internal/types/types_test.go @@ -24,9 +24,9 @@ func TestTypeRegistration(t *testing.T) { pbcatalog.ServiceEndpointsKind, pbcatalog.NodeKind, pbcatalog.HealthStatusKind, - pbcatalog.HealthChecksKind, - pbcatalog.DNSPolicyKind, // todo (ishustava): uncomment once we implement these + //pbcatalog.HealthChecksKind, + //pbcatalog.DNSPolicyKind, //pbcatalog.VirtualIPsKind, } diff --git a/internal/catalog/internal/types/validators.go b/internal/catalog/internal/types/validators.go index 542bb705b5aa..07dfbd356967 100644 --- a/internal/catalog/internal/types/validators.go +++ b/internal/catalog/internal/types/validators.go @@ -56,7 +56,7 @@ func isValidDNSLabel(label string) bool { return dnsLabelMatcher.Match([]byte(label)) } -func isValidUnixSocketPath(host string) bool { +func IsValidUnixSocketPath(host string) bool { if len(host) > maxUnixSocketPathLen || !strings.HasPrefix(host, "unix://") || strings.Contains(host, "\000") { return false } @@ -71,7 +71,7 @@ func validateWorkloadHost(host string) error { } // Check if the host represents an IP address, unix socket path or a DNS name - if !isValidIPAddress(host) && !isValidUnixSocketPath(host) && !isValidDNSName(host) { + if !isValidIPAddress(host) && !IsValidUnixSocketPath(host) && !isValidDNSName(host) { return errInvalidWorkloadHostFormat{Host: host} } @@ -139,7 +139,7 @@ func validateIPAddress(ip string) error { return nil } -func validatePortName(name string) error { +func ValidatePortName(name string) error { if name == "" { return resource.ErrEmpty } @@ -151,7 +151,8 @@ func validatePortName(name string) error { return nil } -func validateProtocol(protocol pbcatalog.Protocol) error { +func ValidateProtocol(protocol pbcatalog.Protocol) error { + // enumcover:pbcatalog.Protocol switch protocol { case pbcatalog.Protocol_PROTOCOL_UNSPECIFIED, // means pbcatalog.FailoverMode_FAILOVER_MODE_TCP @@ -184,7 +185,7 @@ func validateWorkloadAddress(addr *pbcatalog.WorkloadAddress, ports map[string]* // Ensure that unix sockets reference exactly 1 port. They may also indirectly reference 1 port // by the workload having only a single port and omitting any explicit port assignment. - if isValidUnixSocketPath(addr.Host) && + if IsValidUnixSocketPath(addr.Host) && (len(addr.Ports) > 1 || (len(addr.Ports) == 0 && len(ports) > 1)) { err = multierror.Append(err, errUnixSocketMultiport) } @@ -240,6 +241,7 @@ func validateReference(allowedType *pbresource.Type, allowedTenancy *pbresource. } func validateHealth(health pbcatalog.Health) error { + // enumcover:pbcatalog.Health switch health { case pbcatalog.Health_HEALTH_ANY, pbcatalog.Health_HEALTH_PASSING, diff --git a/internal/catalog/internal/types/validators_test.go b/internal/catalog/internal/types/validators_test.go index a8a8f740394d..7a334727a998 100644 --- a/internal/catalog/internal/types/validators_test.go +++ b/internal/catalog/internal/types/validators_test.go @@ -178,7 +178,7 @@ func TestIsValidUnixSocketPath(t *testing.T) { for name, tcase := range cases { t.Run(name, func(t *testing.T) { - require.Equal(t, tcase.valid, isValidUnixSocketPath(tcase.name)) + require.Equal(t, tcase.valid, IsValidUnixSocketPath(tcase.name)) }) } } @@ -361,38 +361,18 @@ func TestValidatePortName(t *testing.T) { // test for the isValidDNSLabel function. t.Run("empty", func(t *testing.T) { - require.Equal(t, resource.ErrEmpty, validatePortName("")) + require.Equal(t, resource.ErrEmpty, ValidatePortName("")) }) t.Run("invalid", func(t *testing.T) { - require.Equal(t, errNotDNSLabel, validatePortName("foo.com")) + require.Equal(t, errNotDNSLabel, ValidatePortName("foo.com")) }) t.Run("ok", func(t *testing.T) { - require.NoError(t, validatePortName("http")) + require.NoError(t, ValidatePortName("http")) }) } -func TestValidateProtocol(t *testing.T) { - // this test simply verifies that we accept all enum values specified in our proto - // in order to avoid validator drift. - for name, value := range pbcatalog.Protocol_value { - t.Run(name, func(t *testing.T) { - require.NoError(t, validateProtocol(pbcatalog.Protocol(value))) - }) - } -} - -func TestValidateHealth(t *testing.T) { - // this test simply verifies that we accept all enum values specified in our proto - // in order to avoid validator drift. - for name, value := range pbcatalog.Health_value { - t.Run(name, func(t *testing.T) { - require.NoError(t, validateHealth(pbcatalog.Health(value))) - }) - } -} - func TestValidateWorkloadAddress(t *testing.T) { type testCase struct { addr *pbcatalog.WorkloadAddress diff --git a/internal/catalog/internal/types/virtual_ips.go b/internal/catalog/internal/types/virtual_ips.go index 7a4cee276ae6..9c7a06547405 100644 --- a/internal/catalog/internal/types/virtual_ips.go +++ b/internal/catalog/internal/types/virtual_ips.go @@ -6,19 +6,28 @@ package types import ( "github.com/hashicorp/go-multierror" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/internal/resource" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" ) func RegisterVirtualIPs(r resource.Registry) { - // todo (ishustava): uncomment when we implement it - //r.Register(resource.Registration{ - // Type: pbcatalog.VirtualIPsV2Beta1Type, - // Proto: &pbcatalog.VirtualIPs{}, - // Scope: resource.ScopeNamespace, - // Validate: ValidateVirtualIPs, - //}) + r.Register(resource.Registration{ + Type: pbcatalog.VirtualIPsType, + Proto: &pbcatalog.VirtualIPs{}, + Scope: resource.ScopeNamespace, + Validate: ValidateVirtualIPs, + ACLs: &resource.ACLHooks{ + Read: func(authorizer acl.Authorizer, context *acl.AuthorizerContext, id *pbresource.ID, p *pbresource.Resource) error { + return authorizer.ToAllowAuthorizer().ServiceReadAllowed(id.GetName(), context) + }, + Write: func(authorizer acl.Authorizer, context *acl.AuthorizerContext, p *pbresource.Resource) error { + return authorizer.ToAllowAuthorizer().ServiceWriteAllowed(p.GetId().GetName(), context) + }, + List: resource.NoOpACLListHook, + }, + }) } func ValidateVirtualIPs(res *pbresource.Resource) error { diff --git a/internal/catalog/internal/types/virtual_ips_test.go b/internal/catalog/internal/types/virtual_ips_test.go index c7ed70972530..0107e1cfd94f 100644 --- a/internal/catalog/internal/types/virtual_ips_test.go +++ b/internal/catalog/internal/types/virtual_ips_test.go @@ -11,6 +11,7 @@ import ( "google.golang.org/protobuf/types/known/anypb" "github.com/hashicorp/consul/internal/resource" + rtest "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" ) @@ -81,3 +82,47 @@ func TestValidateVirtualIPs_InvalidIP(t *testing.T) { require.Error(t, err) require.ErrorIs(t, err, errNotIPAddress) } + +func TestVirtualIPsACLs(t *testing.T) { + registry := resource.NewRegistry() + RegisterVirtualIPs(registry) + + service := rtest.Resource(pbcatalog.ServiceType, "test"). + WithTenancy(resource.DefaultNamespacedTenancy()).ID() + virtualIPsData := &pbcatalog.VirtualIPs{} + cases := map[string]rtest.ACLTestCase{ + "no rules": { + Rules: ``, + Data: virtualIPsData, + Owner: service, + Typ: pbcatalog.VirtualIPsType, + ReadOK: rtest.DENY, + WriteOK: rtest.DENY, + ListOK: rtest.DEFAULT, + }, + "service test read": { + Rules: `service "test" { policy = "read" }`, + Data: virtualIPsData, + Owner: service, + Typ: pbcatalog.VirtualIPsType, + ReadOK: rtest.ALLOW, + WriteOK: rtest.DENY, + ListOK: rtest.DEFAULT, + }, + "service test write": { + Rules: `service "test" { policy = "write" }`, + Data: virtualIPsData, + Owner: service, + Typ: pbcatalog.VirtualIPsType, + ReadOK: rtest.ALLOW, + WriteOK: rtest.ALLOW, + ListOK: rtest.DEFAULT, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + rtest.RunACLTestCase(t, tc, registry) + }) + } +} diff --git a/internal/catalog/internal/types/workload.go b/internal/catalog/internal/types/workload.go index 961a85346c4f..c09513a4a5b3 100644 --- a/internal/catalog/internal/types/workload.go +++ b/internal/catalog/internal/types/workload.go @@ -9,6 +9,7 @@ import ( "github.com/hashicorp/go-multierror" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/internal/resource" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" @@ -20,6 +21,11 @@ func RegisterWorkload(r resource.Registry) { Proto: &pbcatalog.Workload{}, Scope: resource.ScopeNamespace, Validate: ValidateWorkload, + ACLs: &resource.ACLHooks{ + Read: aclReadHookWorkload, + Write: aclWriteHookWorkload, + List: resource.NoOpACLListHook, + }, }) } @@ -44,7 +50,7 @@ func ValidateWorkload(res *pbresource.Resource) error { // Validate the Workload Ports for portName, port := range workload.Ports { - if portNameErr := validatePortName(portName); portNameErr != nil { + if portNameErr := ValidatePortName(portName); portNameErr != nil { err = multierror.Append(err, resource.ErrInvalidMapKey{ Map: "ports", Key: portName, @@ -64,7 +70,7 @@ func ValidateWorkload(res *pbresource.Resource) error { }) } - if protoErr := validateProtocol(port.Protocol); protoErr != nil { + if protoErr := ValidateProtocol(port.Protocol); protoErr != nil { err = multierror.Append(err, resource.ErrInvalidMapValue{ Map: "ports", Key: portName, @@ -145,3 +151,32 @@ func ValidateWorkload(res *pbresource.Resource) error { return err } + +func aclReadHookWorkload(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, id *pbresource.ID, _ *pbresource.Resource) error { + return authorizer.ToAllowAuthorizer().ServiceReadAllowed(id.GetName(), authzContext) +} + +func aclWriteHookWorkload(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error { + decodedWorkload, err := resource.Decode[*pbcatalog.Workload](res) + if err != nil { + return resource.ErrNeedResource + } + + // First check service:write on the workload name. + err = authorizer.ToAllowAuthorizer().ServiceWriteAllowed(res.GetId().GetName(), authzContext) + if err != nil { + return err + } + + // Check node:read permissions if node is specified. + if decodedWorkload.GetData().GetNodeName() != "" { + return authorizer.ToAllowAuthorizer().NodeReadAllowed(decodedWorkload.GetData().GetNodeName(), authzContext) + } + + // Check identity:read permissions if identity is specified. + if decodedWorkload.GetData().GetIdentity() != "" { + return authorizer.ToAllowAuthorizer().IdentityReadAllowed(decodedWorkload.GetData().GetIdentity(), authzContext) + } + + return nil +} diff --git a/internal/catalog/internal/types/workload_selecting.go b/internal/catalog/internal/types/workload_selecting.go new file mode 100644 index 000000000000..6d129bfaa693 --- /dev/null +++ b/internal/catalog/internal/types/workload_selecting.go @@ -0,0 +1,16 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package types + +import ( + "google.golang.org/protobuf/proto" + + pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" +) + +// WorkloadSelecting denotes a resource type that uses workload selectors. +type WorkloadSelecting interface { + proto.Message + GetWorkloads() *pbcatalog.WorkloadSelector +} diff --git a/internal/catalog/internal/types/workload_test.go b/internal/catalog/internal/types/workload_test.go index e55d9a44fd2b..1c7f7b825594 100644 --- a/internal/catalog/internal/types/workload_test.go +++ b/internal/catalog/internal/types/workload_test.go @@ -11,6 +11,7 @@ import ( "google.golang.org/protobuf/types/known/anypb" "github.com/hashicorp/consul/internal/resource" + rtest "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" ) @@ -304,3 +305,160 @@ func TestValidateWorkload_Locality(t *testing.T) { require.ErrorAs(t, err, &actual) require.Equal(t, expected, actual) } + +func TestWorkloadACLs(t *testing.T) { + registry := resource.NewRegistry() + Register(registry) + + cases := map[string]rtest.ACLTestCase{ + "no rules": { + Rules: ``, + Data: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "1.1.1.1"}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080}, + }, + }, + Typ: pbcatalog.WorkloadType, + ReadOK: rtest.DENY, + WriteOK: rtest.DENY, + ListOK: rtest.DEFAULT, + }, + "service test read": { + Rules: `service "test" { policy = "read" }`, + Data: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "1.1.1.1"}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080}, + }, + }, + Typ: pbcatalog.WorkloadType, + ReadOK: rtest.ALLOW, + WriteOK: rtest.DENY, + ListOK: rtest.DEFAULT, + }, + "service test write": { + Rules: `service "test" { policy = "write" }`, + Data: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "1.1.1.1"}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080}, + }, + }, + Typ: pbcatalog.WorkloadType, + ReadOK: rtest.ALLOW, + WriteOK: rtest.ALLOW, + ListOK: rtest.DEFAULT, + }, + "service test write with node": { + Rules: `service "test" { policy = "write" }`, + Data: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "1.1.1.1"}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080}, + }, + NodeName: "test-node", + }, + Typ: pbcatalog.WorkloadType, + ReadOK: rtest.ALLOW, + WriteOK: rtest.DENY, + ListOK: rtest.DEFAULT, + }, + "service test write with workload identity": { + Rules: `service "test" { policy = "write" }`, + Data: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "1.1.1.1"}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080}, + }, + Identity: "test-identity", + }, + Typ: pbcatalog.WorkloadType, + ReadOK: rtest.ALLOW, + WriteOK: rtest.DENY, + ListOK: rtest.DEFAULT, + }, + "service test write with workload identity and node": { + Rules: `service "test" { policy = "write" }`, + Data: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "1.1.1.1"}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080}, + }, + NodeName: "test-node", + Identity: "test-identity", + }, + Typ: pbcatalog.WorkloadType, + ReadOK: rtest.ALLOW, + WriteOK: rtest.DENY, + ListOK: rtest.DEFAULT, + }, + "service test write with node and node policy": { + Rules: `service "test" { policy = "write" } node "test-node" { policy = "read" }`, + Data: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "1.1.1.1"}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080}, + }, + NodeName: "test-node", + }, + Typ: pbcatalog.WorkloadType, + ReadOK: rtest.ALLOW, + WriteOK: rtest.ALLOW, + ListOK: rtest.DEFAULT, + }, + "service test write with workload identity and identity policy ": { + Rules: `service "test" { policy = "write" } identity "test-identity" { policy = "read" }`, + Data: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "1.1.1.1"}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080}, + }, + Identity: "test-identity", + }, + Typ: pbcatalog.WorkloadType, + ReadOK: rtest.ALLOW, + WriteOK: rtest.ALLOW, + ListOK: rtest.DEFAULT, + }, + "service test write with workload identity and node with both node and identity policy": { + Rules: `service "test" { policy = "write" } identity "test-identity" { policy = "read" } node "test-node" { policy = "read" }`, + Data: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "1.1.1.1"}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080}, + }, + NodeName: "test-node", + Identity: "test-identity", + }, + Typ: pbcatalog.WorkloadType, + ReadOK: rtest.ALLOW, + WriteOK: rtest.ALLOW, + ListOK: rtest.DEFAULT, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + rtest.RunACLTestCase(t, tc, registry) + }) + } +} diff --git a/internal/mesh/internal/controllers/proxyconfiguration/sort_test.go b/internal/mesh/internal/controllers/proxyconfiguration/sort_test.go index 36033a47e477..1fbf8254ee60 100644 --- a/internal/mesh/internal/controllers/proxyconfiguration/sort_test.go +++ b/internal/mesh/internal/controllers/proxyconfiguration/sort_test.go @@ -99,7 +99,8 @@ func TestSortProxyConfigurations(t *testing.T) { var decProxyCfgs []*types.DecodedProxyConfiguration for i, ws := range c.selectors { proxyCfg := &pbmesh.ProxyConfiguration{ - Workloads: ws, + Workloads: ws, + DynamicConfig: &pbmesh.DynamicConfig{}, } resName := fmt.Sprintf("cfg-%d", i) proxyCfgRes := resourcetest.Resource(pbmesh.ProxyConfigurationType, resName). diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/destination_multiport_test.go b/internal/mesh/internal/controllers/sidecarproxy/builder/destination_multiport_test.go index d05887b4e71f..289c8c76548e 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/destination_multiport_test.go +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/destination_multiport_test.go @@ -41,6 +41,31 @@ func TestBuildMultiportImplicitDestinations(t *testing.T) { }, } + multiportServiceData := &pbcatalog.Service{ + Ports: []*pbcatalog.ServicePort{ + { + TargetPort: "tcp", + VirtualPort: 7070, + Protocol: pbcatalog.Protocol_PROTOCOL_TCP, + }, + { + TargetPort: "tcp2", + VirtualPort: 8081, + Protocol: pbcatalog.Protocol_PROTOCOL_TCP, + }, + { + TargetPort: "http", + VirtualPort: 8080, + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + }, + { + TargetPort: "mesh", + VirtualPort: 20000, + Protocol: pbcatalog.Protocol_PROTOCOL_MESH, + }, + }, + } + multiportEndpointsData := &pbcatalog.ServiceEndpoints{ Endpoints: []*pbcatalog.Endpoint{ { @@ -57,12 +82,12 @@ func TestBuildMultiportImplicitDestinations(t *testing.T) { } apiAppService := resourcetest.Resource(pbcatalog.ServiceType, apiApp). WithTenancy(resource.DefaultNamespacedTenancy()). - WithData(t, serviceData). + WithData(t, multiportServiceData). Build() apiApp2Service := resourcetest.Resource(pbcatalog.ServiceType, apiApp2). WithTenancy(resource.DefaultNamespacedTenancy()). - WithData(t, serviceData). + WithData(t, multiportServiceData). Build() apiAppEndpoints := resourcetest.Resource(pbcatalog.ServiceEndpointsType, apiApp). diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/destinations.go b/internal/mesh/internal/controllers/sidecarproxy/builder/destinations.go index 185f56c851c2..aea4360b8310 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/destinations.go +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/destinations.go @@ -94,7 +94,7 @@ func (b *Builder) buildDestination( if destination.Explicit != nil { routeName = lb.listener.Name } else { - routeName = DestinationResourceID(cpr.ParentRef.Ref) + routeName = DestinationResourceID(cpr.ParentRef.Ref, cpr.ParentRef.Port) } var ( @@ -143,6 +143,7 @@ func (b *Builder) buildDestination( b.addRoute(routeName, &pbproxystate.Route{ VirtualHosts: []*pbproxystate.VirtualHost{{ Name: routeName, + Domains: []string{"*"}, RouteRules: proxyRouteRules, }}, }) @@ -185,6 +186,7 @@ func (b *Builder) buildDestination( b.addRoute(routeName, &pbproxystate.Route{ VirtualHosts: []*pbproxystate.VirtualHost{{ Name: routeName, + Domains: []string{"*"}, RouteRules: proxyRouteRules, }}, }) @@ -287,7 +289,12 @@ func (b *Builder) buildDestination( ) clusterName := fmt.Sprintf("%s.%s", portName, sni) - egBase := b.newClusterEndpointGroup("", sni, portName, details.IdentityRefs, connectTimeout, loadBalancer) + egName := "" + + if details.FailoverConfig != nil { + egName = fmt.Sprintf("%s%d~%s", xdscommon.FailoverClusterNamePrefix, 0, clusterName) + } + egBase := b.newClusterEndpointGroup(egName, sni, portName, details.IdentityRefs, connectTimeout, loadBalancer) var endpointGroups []*pbproxystate.EndpointGroup @@ -319,7 +326,10 @@ func (b *Builder) buildDestination( destDC, b.trustDomain, ) - destClusterName := fmt.Sprintf("%s%d~%s", xdscommon.FailoverClusterNamePrefix, i, clusterName) + + // index 0 was already given to non-fail original + failoverGroupIndex := i + 1 + destClusterName := fmt.Sprintf("%s%d~%s", xdscommon.FailoverClusterNamePrefix, failoverGroupIndex, clusterName) egDest := b.newClusterEndpointGroup(destClusterName, destSNI, destPortName, destDetails.IdentityRefs, destConnectTimeout, destLoadBalancer) @@ -328,7 +338,7 @@ func (b *Builder) buildDestination( } } - b.addCluster(clusterName, endpointGroups, connectTimeout) + b.addCluster(clusterName, endpointGroups, connectTimeout, pbproxystate.Protocol(effectiveProtocol)) } return b @@ -350,6 +360,7 @@ func (b *Builder) addNullRouteCluster() *Builder { }, }, }, + Protocol: pbproxystate.Protocol_PROTOCOL_TCP, } b.proxyStateTemplate.ProxyState.Clusters[cluster.Name] = cluster @@ -393,6 +404,7 @@ func (b *Builder) addL4ClusterForDirect(clusterName string) *Builder { }, }, }, + Protocol: pbproxystate.Protocol_PROTOCOL_TCP, } b.proxyStateTemplate.ProxyState.Clusters[cluster.Name] = cluster @@ -450,6 +462,7 @@ func (b *ListenerBuilder) addL7Router(routeName string, statPrefix string, proto }, StatPrefix: statPrefix, StaticRoute: false, + Protocol: protocolMapCatalogToL7[protocol], }, } @@ -563,10 +576,12 @@ func (b *Builder) addCluster( clusterName string, endpointGroups []*pbproxystate.EndpointGroup, connectTimeout *durationpb.Duration, + protocol pbproxystate.Protocol, ) { cluster := &pbproxystate.Cluster{ Name: clusterName, AltStatName: clusterName, + Protocol: protocol, } switch len(endpointGroups) { case 0: diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/expose_paths.go b/internal/mesh/internal/controllers/sidecarproxy/builder/expose_paths.go index e5baaa2cba59..991d6e6c7a87 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/expose_paths.go +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/expose_paths.go @@ -21,15 +21,25 @@ func (b *Builder) buildExposePaths(workload *pbcatalog.Workload) { addExposePathsRouter(exposePath). buildListener() + var protocol pbcatalog.Protocol + switch exposePath.Protocol { + case pbmesh.ExposePathProtocol_EXPOSE_PATH_PROTOCOL_HTTP: + protocol = pbcatalog.Protocol_PROTOCOL_HTTP + case pbmesh.ExposePathProtocol_EXPOSE_PATH_PROTOCOL_HTTP2: + protocol = pbcatalog.Protocol_PROTOCOL_HTTP2 + default: + panic("unsupported expose paths protocol") + } + b.addExposePathsRoute(exposePath, clusterName). - addLocalAppCluster(clusterName). + addLocalAppCluster(clusterName, nil, pbproxystate.Protocol(protocol)). addLocalAppStaticEndpoints(clusterName, exposePath.LocalPathPort) } } } func (b *Builder) addExposePathsListener(workload *pbcatalog.Workload, exposePath *pbmesh.ExposePath) *ListenerBuilder { - listenerName := fmt.Sprintf("exposed_path_%s", exposePathName(exposePath)) + listenerName := exposePathListenerName(exposePath) listener := &pbproxystate.Listener{ Name: listenerName, @@ -44,7 +54,7 @@ func (b *Builder) addExposePathsListener(workload *pbcatalog.Workload, exposePat listener.BindAddress = &pbproxystate.Listener_HostPort{ HostPort: &pbproxystate.HostPortAddress{ Host: meshAddress.Host, - Port: exposePath.LocalPathPort, + Port: exposePath.ListenerPort, }, } @@ -55,7 +65,7 @@ func (b *ListenerBuilder) addExposePathsRouter(exposePath *pbmesh.ExposePath) *L if b.listener == nil { return b } - destinationName := exposePathDestinationName(exposePath) + destinationName := exposePathRouteName(exposePath) var l7Protocol pbproxystate.L7Protocol @@ -88,7 +98,7 @@ func (b *ListenerBuilder) addExposePathsRouter(exposePath *pbmesh.ExposePath) *L } func (b *Builder) addExposePathsRoute(exposePath *pbmesh.ExposePath, clusterName string) *Builder { - routeName := exposePathDestinationName(exposePath) + routeName := exposePathRouteName(exposePath) routeRule := &pbproxystate.RouteRule{ Match: &pbproxystate.RouteMatch{ PathMatch: &pbproxystate.PathMatch{ @@ -120,12 +130,22 @@ func (b *Builder) addExposePathsRoute(exposePath *pbmesh.ExposePath, clusterName func exposePathName(exposePath *pbmesh.ExposePath) string { r := regexp.MustCompile(`[^a-zA-Z0-9]+`) - return r.ReplaceAllString(exposePath.Path, "") + // The regex removes anything not a letter or number from the path. + path := r.ReplaceAllString(exposePath.Path, "") + return path +} + +func exposePathListenerName(exposePath *pbmesh.ExposePath) string { + // The path could be empty, so the unique name for this exposed path is the path and listener port. + pathPort := fmt.Sprintf("%s%d", exposePathName(exposePath), exposePath.ListenerPort) + listenerName := fmt.Sprintf("exposed_path_%s", pathPort) + return listenerName } -func exposePathDestinationName(exposePath *pbmesh.ExposePath) string { - path := exposePathName(exposePath) - return fmt.Sprintf("exposed_path_filter_%s_%d", path, exposePath.ListenerPort) +func exposePathRouteName(exposePath *pbmesh.ExposePath) string { + // The path could be empty, so the unique name for this exposed path is the path and listener port. + pathPort := fmt.Sprintf("%s%d", exposePathName(exposePath), exposePath.ListenerPort) + return fmt.Sprintf("exposed_path_route_%s", pathPort) } func exposePathClusterName(exposePath *pbmesh.ExposePath) string { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/local_app.go b/internal/mesh/internal/controllers/sidecarproxy/builder/local_app.go index e6ba896b68e0..871cb444bd5d 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/local_app.go +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/local_app.go @@ -6,6 +6,9 @@ package builder import ( "fmt" + pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" + "google.golang.org/protobuf/types/known/wrapperspb" + "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/envoyextensions/xdscommon" pbauth "github.com/hashicorp/consul/proto-public/pbauth/v2beta1" @@ -31,13 +34,13 @@ func (b *Builder) BuildLocalApp(workload *pbcatalog.Workload, ctp *pbauth.Comput if port.Protocol != pbcatalog.Protocol_PROTOCOL_MESH { foundInboundNonMeshPorts = true - lb.addInboundRouter(clusterName, routeName, port, portName, trafficPermissions[portName]). + lb.addInboundRouter(clusterName, routeName, port, portName, trafficPermissions[portName], b.proxyCfg.GetDynamicConfig().GetInboundConnections()). addInboundTLS() if isL7(port.Protocol) { - b.addLocalAppRoute(routeName, clusterName) + b.addLocalAppRoute(routeName, clusterName, portName) } - b.addLocalAppCluster(clusterName). + b.addLocalAppCluster(clusterName, &portName, pbproxystate.Protocol(port.Protocol)). addLocalAppStaticEndpoints(clusterName, port.GetPort()) } } @@ -264,10 +267,16 @@ func (b *Builder) addInboundListener(name string, workload *pbcatalog.Workload) // Add TLS inspection capability to be able to parse ALPN and/or SNI information from inbound connections. listener.Capabilities = append(listener.Capabilities, pbproxystate.Capability_CAPABILITY_L4_TLS_INSPECTION) + if b.proxyCfg.GetDynamicConfig() != nil && b.proxyCfg.GetDynamicConfig().InboundConnections != nil { + listener.BalanceConnections = pbproxystate.BalanceConnections(b.proxyCfg.DynamicConfig.InboundConnections.BalanceInboundConnections) + } return b.NewListenerBuilder(listener) } -func (l *ListenerBuilder) addInboundRouter(clusterName string, routeName string, port *pbcatalog.WorkloadPort, portName string, tp *pbproxystate.TrafficPermissions) *ListenerBuilder { +func (l *ListenerBuilder) addInboundRouter(clusterName string, routeName string, + port *pbcatalog.WorkloadPort, portName string, tp *pbproxystate.TrafficPermissions, + ic *pbmesh.InboundConnectionsConfig) *ListenerBuilder { + if l.listener == nil { return l } @@ -289,13 +298,22 @@ func (l *ListenerBuilder) addInboundRouter(clusterName string, routeName string, AlpnProtocols: []string{getAlpnProtocolFromPortName(portName)}, }, } + + if ic != nil { + // MaxInboundConnections is uint32 that is used on: + // - router destinations MaxInboundConnection (uint64). + // - cluster circuit breakers UpstreamLimits.MaxConnections (uint32). + // It is cast to a uint64 here similarly as it is to the proxystateconverter code. + r.GetL4().MaxInboundConnections = uint64(ic.MaxInboundConnections) + } + l.listener.Routers = append(l.listener.Routers, r) } else if isL7(port.Protocol) { r := &pbproxystate.Router{ Destination: &pbproxystate.Router_L7{ L7: &pbproxystate.L7Destination{ StatPrefix: l.listener.Name, - Protocol: protocolMap[port.Protocol], + Protocol: protocolMapCatalogToL7[port.Protocol], TrafficPermissions: tp, StaticRoute: true, // Route name for l7 local app destinations differentiates between routes for each port. @@ -308,6 +326,13 @@ func (l *ListenerBuilder) addInboundRouter(clusterName string, routeName string, AlpnProtocols: []string{getAlpnProtocolFromPortName(portName)}, }, } + + if ic != nil { + // MaxInboundConnections is cast to a uint64 here similarly as it is to the + // as the L4 case statement above and in proxystateconverter code. + r.GetL7().MaxInboundConnections = uint64(ic.MaxInboundConnections) + } + l.listener.Routers = append(l.listener.Routers, r) } return l @@ -339,7 +364,7 @@ func getAlpnProtocolFromPortName(portName string) string { return fmt.Sprintf("consul~%s", portName) } -func (b *Builder) addLocalAppRoute(routeName string, clusterName string) { +func (b *Builder) addLocalAppRoute(routeName, clusterName, portName string) { proxyRouteRule := &pbproxystate.RouteRule{ Match: &pbproxystate.RouteMatch{ PathMatch: &pbproxystate.PathMatch{ @@ -356,6 +381,18 @@ func (b *Builder) addLocalAppRoute(routeName string, clusterName string) { }, }, } + if b.proxyCfg.GetDynamicConfig() != nil && b.proxyCfg.GetDynamicConfig().LocalConnection != nil { + lc, lcOK := b.proxyCfg.GetDynamicConfig().LocalConnection[portName] + if lcOK { + proxyRouteRule.Destination.DestinationConfiguration = + &pbproxystate.DestinationConfiguration{ + TimeoutConfig: &pbproxystate.TimeoutConfig{ + Timeout: lc.RequestTimeout, + }, + } + } + } + // Each route name for the local app is listenerName:port since there is a route per port on the local app listener. b.addRoute(routeName, &pbproxystate.Route{ VirtualHosts: []*pbproxystate.VirtualHost{{ @@ -373,9 +410,9 @@ func isL7(protocol pbcatalog.Protocol) bool { return false } -func (b *Builder) addLocalAppCluster(clusterName string) *Builder { +func (b *Builder) addLocalAppCluster(clusterName string, portName *string, protocol pbproxystate.Protocol) *Builder { // Make cluster for this router destination. - b.proxyStateTemplate.ProxyState.Clusters[clusterName] = &pbproxystate.Cluster{ + cluster := &pbproxystate.Cluster{ Group: &pbproxystate.Cluster_EndpointGroup{ EndpointGroup: &pbproxystate.EndpointGroup{ Group: &pbproxystate.EndpointGroup_Static{ @@ -383,21 +420,36 @@ func (b *Builder) addLocalAppCluster(clusterName string) *Builder { }, }, }, + Protocol: protocol, + } + + // configure inbound connections or connection timeout if either is defined + if b.proxyCfg.GetDynamicConfig() != nil && portName != nil { + lc, lcOK := b.proxyCfg.DynamicConfig.LocalConnection[*portName] + + if lcOK || b.proxyCfg.DynamicConfig.InboundConnections != nil { + cluster.GetEndpointGroup().GetStatic().Config = &pbproxystate.StaticEndpointGroupConfig{} + + if lcOK { + cluster.GetEndpointGroup().GetStatic().GetConfig().ConnectTimeout = lc.ConnectTimeout + } + + if b.proxyCfg.DynamicConfig.InboundConnections != nil { + cluster.GetEndpointGroup().GetStatic().GetConfig().CircuitBreakers = &pbproxystate.CircuitBreakers{ + UpstreamLimits: &pbproxystate.UpstreamLimits{ + MaxConnections: &wrapperspb.UInt32Value{Value: b.proxyCfg.DynamicConfig.InboundConnections.MaxInboundConnections}, + }, + } + } + } } + + b.proxyStateTemplate.ProxyState.Clusters[clusterName] = cluster return b } func (b *Builder) addBlackHoleCluster() *Builder { - b.proxyStateTemplate.ProxyState.Clusters[xdscommon.BlackHoleClusterName] = &pbproxystate.Cluster{ - Group: &pbproxystate.Cluster_EndpointGroup{ - EndpointGroup: &pbproxystate.EndpointGroup{ - Group: &pbproxystate.EndpointGroup_Static{ - Static: &pbproxystate.StaticEndpointGroup{}, - }, - }, - }, - } - return b + return b.addLocalAppCluster(xdscommon.BlackHoleClusterName, nil, pbproxystate.Protocol_PROTOCOL_TCP) } func (b *Builder) addLocalAppStaticEndpoints(clusterName string, port uint32) { @@ -441,7 +493,7 @@ func (l *ListenerBuilder) addInboundTLS() *ListenerBuilder { return l } -var protocolMap = map[pbcatalog.Protocol]pbproxystate.L7Protocol{ +var protocolMapCatalogToL7 = map[pbcatalog.Protocol]pbproxystate.L7Protocol{ pbcatalog.Protocol_PROTOCOL_HTTP: pbproxystate.L7Protocol_L7_PROTOCOL_HTTP, pbcatalog.Protocol_PROTOCOL_HTTP2: pbproxystate.L7Protocol_L7_PROTOCOL_HTTP2, pbcatalog.Protocol_PROTOCOL_GRPC: pbproxystate.L7Protocol_L7_PROTOCOL_GRPC, diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/local_app_test.go b/internal/mesh/internal/controllers/sidecarproxy/builder/local_app_test.go index 785e0aab2e2e..33dcab715522 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/local_app_test.go +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/local_app_test.go @@ -4,7 +4,10 @@ package builder import ( + "google.golang.org/protobuf/types/known/durationpb" + "sort" "testing" + "time" "github.com/stretchr/testify/require" @@ -139,6 +142,55 @@ func TestBuildLocalApp_WithProxyConfiguration(t *testing.T) { }, }, }, + // source/local-and-inbound-connections shows that configuring LocalCOnnection + // and InboundConnections in DynamicConfig will set fields on standard clusters and routes, + // but will not set fields on exposed path clusters and routes. + "source/local-and-inbound-connections": { + workload: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + { + Host: "10.0.0.1", + }, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "port1": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + "port2": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + "port3": {Port: 8081, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + }, + proxyCfg: &pbmesh.ComputedProxyConfiguration{ + DynamicConfig: &pbmesh.DynamicConfig{ + LocalConnection: map[string]*pbmesh.ConnectionConfig{ + "port1": { + ConnectTimeout: durationpb.New(6 * time.Second), + RequestTimeout: durationpb.New(7 * time.Second)}, + "port3": { + ConnectTimeout: durationpb.New(8 * time.Second), + RequestTimeout: durationpb.New(9 * time.Second)}, + }, + InboundConnections: &pbmesh.InboundConnectionsConfig{ + MaxInboundConnections: 123, + BalanceInboundConnections: pbmesh.BalanceConnections(pbproxystate.BalanceConnections_BALANCE_CONNECTIONS_EXACT), + }, + ExposeConfig: &pbmesh.ExposeConfig{ + ExposePaths: []*pbmesh.ExposePath{ + { + ListenerPort: 1234, + Path: "/health", + LocalPathPort: 9090, + Protocol: pbmesh.ExposePathProtocol_EXPOSE_PATH_PROTOCOL_HTTP, + }, + { + ListenerPort: 1235, + Path: "GetHealth", + LocalPathPort: 9091, + Protocol: pbmesh.ExposePathProtocol_EXPOSE_PATH_PROTOCOL_HTTP2, + }, + }, + }, + }, + }, + }, } for name, c := range cases { @@ -146,10 +198,24 @@ func TestBuildLocalApp_WithProxyConfiguration(t *testing.T) { proxyTmpl := New(testProxyStateTemplateID(), testIdentityRef(), "foo.consul", "dc1", true, c.proxyCfg). BuildLocalApp(c.workload, nil). Build() + + // sort routers because of test flakes where order was flip flopping. + actualRouters := proxyTmpl.ProxyState.Listeners[0].Routers + sort.Slice(actualRouters, func(i, j int) bool { + return actualRouters[i].String() < actualRouters[j].String() + }) + actual := protoToJSON(t, proxyTmpl) - expected := golden.Get(t, actual, name+".golden") + expected := JSONToProxyTemplate(t, golden.GetBytes(t, actual, name+".golden")) - require.JSONEq(t, expected, actual) + // sort routers on listener from golden file + expectedRouters := expected.ProxyState.Listeners[0].Routers + sort.Slice(expectedRouters, func(i, j int) bool { + return expectedRouters[i].String() < expectedRouters[j].String() + }) + + // convert back to json after sorting so that test output does not contain extraneous fields. + require.Equal(t, protoToJSON(t, expected), protoToJSON(t, proxyTmpl)) }) } } diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/naming.go b/internal/mesh/internal/controllers/sidecarproxy/builder/naming.go index 31eba2e7ce88..13a21e4e597d 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/naming.go +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/naming.go @@ -29,7 +29,7 @@ func DestinationStatPrefix(serviceRef *pbresource.Reference, portName, datacente } func DestinationListenerName(destinationRef *pbresource.Reference, portName string, address string, port uint32) string { - name := fmt.Sprintf("%s:%s:%s", DestinationResourceID(destinationRef), portName, address) + name := fmt.Sprintf("%s:%s", DestinationResourceID(destinationRef, portName), address) if port != 0 { return fmt.Sprintf("%s:%d", name, port) } @@ -39,8 +39,8 @@ func DestinationListenerName(destinationRef *pbresource.Reference, portName stri // DestinationResourceID returns a string representation that uniquely identifies the // upstream in a canonical but human readable way. -func DestinationResourceID(destinationRef *pbresource.Reference) string { +func DestinationResourceID(destinationRef *pbresource.Reference, port string) string { tenancyPrefix := fmt.Sprintf("%s/%s/%s", destinationRef.Tenancy.Partition, destinationRef.Tenancy.PeerName, destinationRef.Tenancy.Namespace) - return fmt.Sprintf("%s/%s", tenancyPrefix, destinationRef.Name) + return fmt.Sprintf("%s/%s:%s", tenancyPrefix, destinationRef.Name, port) } diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/routes.go b/internal/mesh/internal/controllers/sidecarproxy/builder/routes.go index b5c8fafebbbb..03d68bdf081a 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/routes.go +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/routes.go @@ -473,6 +473,12 @@ func makeGRPCRouteMatch(match *pbmesh.GRPCRouteMatch) *pbproxystate.RouteMatch { default: panic(fmt.Sprintf("unknown method match type: %v", match.Method.Type)) } + } else { + em.PathMatch = &pbproxystate.PathMatch{ + PathMatch: &pbproxystate.PathMatch_Prefix{ + Prefix: "/", + }, + } } em.HeaderMatches = translateHeaderMatches(match.Headers, nil) diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-implicit-and-explicit-destinations-tproxy.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-implicit-and-explicit-destinations-tproxy.golden index 322ea928f42b..098beac1af9b 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-implicit-and-explicit-destinations-tproxy.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-implicit-and-explicit-destinations-tproxy.golden @@ -9,7 +9,8 @@ } } }, - "name": "original-destination" + "name": "original-destination", + "protocol": "PROTOCOL_TCP" }, "tcp.api-1.default.dc1.internal.foo.consul": { "altStatName": "tcp.api-1.default.dc1.internal.foo.consul", @@ -36,7 +37,8 @@ } } }, - "name": "tcp.api-1.default.dc1.internal.foo.consul" + "name": "tcp.api-1.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" }, "tcp.api-2.default.dc1.internal.foo.consul": { "altStatName": "tcp.api-2.default.dc1.internal.foo.consul", @@ -63,7 +65,8 @@ } } }, - "name": "tcp.api-2.default.dc1.internal.foo.consul" + "name": "tcp.api-2.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" } }, "identity": { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multi-destination.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multi-destination.golden index eb7c3e60fcd4..1f925e4b5a2b 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multi-destination.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multi-destination.golden @@ -9,7 +9,8 @@ } } }, - "name": "null_route_cluster" + "name": "null_route_cluster", + "protocol": "PROTOCOL_TCP" }, "tcp.api-1.default.dc1.internal.foo.consul": { "altStatName": "tcp.api-1.default.dc1.internal.foo.consul", @@ -36,7 +37,8 @@ } } }, - "name": "tcp.api-1.default.dc1.internal.foo.consul" + "name": "tcp.api-1.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" }, "tcp.api-2.default.dc1.internal.foo.consul": { "altStatName": "tcp.api-2.default.dc1.internal.foo.consul", @@ -63,7 +65,8 @@ } } }, - "name": "tcp.api-2.default.dc1.internal.foo.consul" + "name": "tcp.api-2.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" }, "tcp2.api-1.default.dc1.internal.foo.consul": { "altStatName": "tcp2.api-1.default.dc1.internal.foo.consul", @@ -90,7 +93,8 @@ } } }, - "name": "tcp2.api-1.default.dc1.internal.foo.consul" + "name": "tcp2.api-1.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" }, "tcp2.api-2.default.dc1.internal.foo.consul": { "altStatName": "tcp2.api-2.default.dc1.internal.foo.consul", @@ -117,7 +121,8 @@ } } }, - "name": "tcp2.api-2.default.dc1.internal.foo.consul" + "name": "tcp2.api-2.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" } }, "identity": { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multiple-implicit-destinations-tproxy.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multiple-implicit-destinations-tproxy.golden index 7f2fe6383d12..e00c9d08e010 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multiple-implicit-destinations-tproxy.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multiple-implicit-destinations-tproxy.golden @@ -9,7 +9,8 @@ } } }, - "name": "original-destination" + "name": "original-destination", + "protocol": "PROTOCOL_TCP" }, "tcp.api-1.default.dc1.internal.foo.consul": { "altStatName": "tcp.api-1.default.dc1.internal.foo.consul", @@ -36,7 +37,8 @@ } } }, - "name": "tcp.api-1.default.dc1.internal.foo.consul" + "name": "tcp.api-1.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" }, "tcp.api-2.default.dc1.internal.foo.consul": { "altStatName": "tcp.api-2.default.dc1.internal.foo.consul", @@ -63,7 +65,8 @@ } } }, - "name": "tcp.api-2.default.dc1.internal.foo.consul" + "name": "tcp.api-2.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" } }, "identity": { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-ip-port-bind-address.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-ip-port-bind-address.golden index 7ba711123559..ae2d99c94261 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-ip-port-bind-address.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-ip-port-bind-address.golden @@ -9,7 +9,8 @@ } } }, - "name": "null_route_cluster" + "name": "null_route_cluster", + "protocol": "PROTOCOL_TCP" }, "tcp.api-1.default.dc1.internal.foo.consul": { "altStatName": "tcp.api-1.default.dc1.internal.foo.consul", @@ -36,7 +37,8 @@ } } }, - "name": "tcp.api-1.default.dc1.internal.foo.consul" + "name": "tcp.api-1.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" }, "tcp.api-2.default.dc1.internal.foo.consul": { "altStatName": "tcp.api-2.default.dc1.internal.foo.consul", @@ -63,7 +65,8 @@ } } }, - "name": "tcp.api-2.default.dc1.internal.foo.consul" + "name": "tcp.api-2.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" } }, "identity": { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-unix-socket-bind-address.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-unix-socket-bind-address.golden index ca72e84ef73c..2af48e9f29e3 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-unix-socket-bind-address.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-unix-socket-bind-address.golden @@ -26,7 +26,8 @@ } } }, - "name": "tcp.api-2.default.dc1.internal.foo.consul" + "name": "tcp.api-2.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" } }, "identity": { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-implicit-destination-tproxy.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-implicit-destination-tproxy.golden index 719d461c27df..50e871481174 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-implicit-destination-tproxy.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-implicit-destination-tproxy.golden @@ -9,7 +9,8 @@ } } }, - "name": "original-destination" + "name": "original-destination", + "protocol": "PROTOCOL_TCP" }, "tcp.api-1.default.dc1.internal.foo.consul": { "altStatName": "tcp.api-1.default.dc1.internal.foo.consul", @@ -36,7 +37,8 @@ } } }, - "name": "tcp.api-1.default.dc1.internal.foo.consul" + "name": "tcp.api-1.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" } }, "identity": { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/mixed-multi-destination.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/mixed-multi-destination.golden index 77f4181c317f..ca69db7dfcb0 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/mixed-multi-destination.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/mixed-multi-destination.golden @@ -30,7 +30,8 @@ } } } - } + }, + "name": "failover-target~0~http.api-1.default.dc1.internal.foo.consul" }, { "dynamic": { @@ -54,11 +55,12 @@ } } }, - "name": "failover-target~0~http.api-1.default.dc1.internal.foo.consul" + "name": "failover-target~1~http.api-1.default.dc1.internal.foo.consul" } ] }, - "name": "http.api-1.default.dc1.internal.foo.consul" + "name": "http.api-1.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_HTTP" }, "http.api-2.default.dc1.internal.foo.consul": { "altStatName": "http.api-2.default.dc1.internal.foo.consul", @@ -85,7 +87,8 @@ } } }, - "name": "http.api-2.default.dc1.internal.foo.consul" + "name": "http.api-2.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_HTTP" }, "null_route_cluster": { "endpointGroup": { @@ -95,7 +98,8 @@ } } }, - "name": "null_route_cluster" + "name": "null_route_cluster", + "protocol": "PROTOCOL_TCP" }, "tcp.api-1.default.dc1.internal.foo.consul": { "altStatName": "tcp.api-1.default.dc1.internal.foo.consul", @@ -122,7 +126,8 @@ } } }, - "name": "tcp.api-1.default.dc1.internal.foo.consul" + "name": "tcp.api-1.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" }, "tcp.api-2.default.dc1.internal.foo.consul": { "altStatName": "tcp.api-2.default.dc1.internal.foo.consul", @@ -149,7 +154,8 @@ } } }, - "name": "tcp.api-2.default.dc1.internal.foo.consul" + "name": "tcp.api-2.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" } }, "identity": { @@ -238,6 +244,9 @@ "default/local/default/api-1:http:1.1.1.1:1234": { "virtualHosts": [ { + "domains": [ + "*" + ], "name": "default/local/default/api-1:http:1.1.1.1:1234", "routeRules": [ { @@ -310,7 +319,7 @@ } }, "requiredEndpoints": { - "failover-target~0~http.api-1.default.dc1.internal.foo.consul": { + "failover-target~1~http.api-1.default.dc1.internal.foo.consul": { "id": { "name": "backup-1", "tenancy": { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden index 7fe5d2850c56..3192629710d9 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden @@ -1,8 +1,8 @@ { "proxyState": { "clusters": { - "http.api-app.default.dc1.internal.foo.consul": { - "altStatName": "http.api-app.default.dc1.internal.foo.consul", + "tcp2.api-app.default.dc1.internal.foo.consul": { + "altStatName": "tcp2.api-app.default.dc1.internal.foo.consul", "endpointGroup": { "dynamic": { "config": { @@ -11,7 +11,7 @@ }, "outboundTls": { "alpnProtocols": [ - "consul~http" + "consul~tcp2" ], "outboundMesh": { "identityKey": "test-identity", @@ -26,10 +26,11 @@ } } }, - "name": "http.api-app.default.dc1.internal.foo.consul" + "name": "tcp2.api-app.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" }, - "http.api-app2.default.dc1.internal.foo.consul": { - "altStatName": "http.api-app2.default.dc1.internal.foo.consul", + "tcp2.api-app2.default.dc1.internal.foo.consul": { + "altStatName": "tcp2.api-app2.default.dc1.internal.foo.consul", "endpointGroup": { "dynamic": { "config": { @@ -38,7 +39,7 @@ }, "outboundTls": { "alpnProtocols": [ - "consul~http" + "consul~tcp2" ], "outboundMesh": { "identityKey": "test-identity", @@ -53,20 +54,11 @@ } } }, - "name": "http.api-app2.default.dc1.internal.foo.consul" + "name": "tcp2.api-app2.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" }, - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination" - }, - "tcp.api-app.default.dc1.internal.foo.consul": { - "altStatName": "tcp.api-app.default.dc1.internal.foo.consul", + "http.api-app.default.dc1.internal.foo.consul": { + "altStatName": "http.api-app.default.dc1.internal.foo.consul", "endpointGroup": { "dynamic": { "config": { @@ -75,7 +67,7 @@ }, "outboundTls": { "alpnProtocols": [ - "consul~tcp" + "consul~http" ], "outboundMesh": { "identityKey": "test-identity", @@ -90,10 +82,11 @@ } } }, - "name": "tcp.api-app.default.dc1.internal.foo.consul" + "name": "http.api-app.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_HTTP" }, - "tcp.api-app2.default.dc1.internal.foo.consul": { - "altStatName": "tcp.api-app2.default.dc1.internal.foo.consul", + "http.api-app2.default.dc1.internal.foo.consul": { + "altStatName": "http.api-app2.default.dc1.internal.foo.consul", "endpointGroup": { "dynamic": { "config": { @@ -102,7 +95,7 @@ }, "outboundTls": { "alpnProtocols": [ - "consul~tcp" + "consul~http" ], "outboundMesh": { "identityKey": "test-identity", @@ -117,10 +110,22 @@ } } }, - "name": "tcp.api-app2.default.dc1.internal.foo.consul" + "name": "http.api-app2.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_HTTP" }, - "tcp2.api-app.default.dc1.internal.foo.consul": { - "altStatName": "tcp2.api-app.default.dc1.internal.foo.consul", + "original-destination": { + "endpointGroup": { + "passthrough": { + "config": { + "connectTimeout": "5s" + } + } + }, + "name": "original-destination", + "protocol": "PROTOCOL_TCP" + }, + "tcp.api-app.default.dc1.internal.foo.consul": { + "altStatName": "tcp.api-app.default.dc1.internal.foo.consul", "endpointGroup": { "dynamic": { "config": { @@ -129,7 +134,7 @@ }, "outboundTls": { "alpnProtocols": [ - "consul~tcp2" + "consul~tcp" ], "outboundMesh": { "identityKey": "test-identity", @@ -144,10 +149,11 @@ } } }, - "name": "tcp2.api-app.default.dc1.internal.foo.consul" + "name": "tcp.api-app.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" }, - "tcp2.api-app2.default.dc1.internal.foo.consul": { - "altStatName": "tcp2.api-app2.default.dc1.internal.foo.consul", + "tcp.api-app2.default.dc1.internal.foo.consul": { + "altStatName": "tcp.api-app2.default.dc1.internal.foo.consul", "endpointGroup": { "dynamic": { "config": { @@ -156,7 +162,7 @@ }, "outboundTls": { "alpnProtocols": [ - "consul~tcp2" + "consul~tcp" ], "outboundMesh": { "identityKey": "test-identity", @@ -171,7 +177,8 @@ } } }, - "name": "tcp2.api-app2.default.dc1.internal.foo.consul" + "name": "tcp.api-app2.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" } }, "identity": { @@ -248,7 +255,7 @@ { "l7": { "route": { - "name": "default/local/default/api-app" + "name": "default/local/default/api-app:http" }, "statPrefix": "upstream." }, @@ -265,7 +272,7 @@ { "l7": { "route": { - "name": "default/local/default/api-app2" + "name": "default/local/default/api-app2:http" }, "statPrefix": "upstream." }, @@ -325,15 +332,18 @@ } ], "routes": { - "default/local/default/api-app": { + "default/local/default/api-app2:http": { "virtualHosts": [ { - "name": "default/local/default/api-app", + "domains": [ + "*" + ], + "name": "default/local/default/api-app2:http", "routeRules": [ { "destination": { "cluster": { - "name": "http.api-app.default.dc1.internal.foo.consul" + "name": "http.api-app2.default.dc1.internal.foo.consul" } }, "match": { @@ -346,15 +356,18 @@ } ] }, - "default/local/default/api-app2": { + "default/local/default/api-app:http": { "virtualHosts": [ { - "name": "default/local/default/api-app2", + "domains": [ + "*" + ], + "name": "default/local/default/api-app:http", "routeRules": [ { "destination": { "cluster": { - "name": "http.api-app2.default.dc1.internal.foo.consul" + "name": "http.api-app.default.dc1.internal.foo.consul" } }, "match": { @@ -370,7 +383,7 @@ } }, "requiredEndpoints": { - "http.api-app.default.dc1.internal.foo.consul": { + "tcp2.api-app.default.dc1.internal.foo.consul": { "id": { "name": "api-app", "tenancy": { @@ -386,7 +399,7 @@ }, "port": "mesh" }, - "http.api-app2.default.dc1.internal.foo.consul": { + "tcp2.api-app2.default.dc1.internal.foo.consul": { "id": { "name": "api-app2", "tenancy": { @@ -402,7 +415,7 @@ }, "port": "mesh" }, - "tcp.api-app.default.dc1.internal.foo.consul": { + "http.api-app.default.dc1.internal.foo.consul": { "id": { "name": "api-app", "tenancy": { @@ -418,7 +431,7 @@ }, "port": "mesh" }, - "tcp.api-app2.default.dc1.internal.foo.consul": { + "http.api-app2.default.dc1.internal.foo.consul": { "id": { "name": "api-app2", "tenancy": { @@ -434,7 +447,7 @@ }, "port": "mesh" }, - "tcp2.api-app.default.dc1.internal.foo.consul": { + "tcp.api-app.default.dc1.internal.foo.consul": { "id": { "name": "api-app", "tenancy": { @@ -450,7 +463,7 @@ }, "port": "mesh" }, - "tcp2.api-app2.default.dc1.internal.foo.consul": { + "tcp.api-app2.default.dc1.internal.foo.consul": { "id": { "name": "api-app2", "tenancy": { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden index cdf1275e0d68..2ab840e3da9b 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden @@ -1,8 +1,8 @@ { "proxyState": { "clusters": { - "http.api-app.default.dc1.internal.foo.consul": { - "altStatName": "http.api-app.default.dc1.internal.foo.consul", + "tcp2.api-app.default.dc1.internal.foo.consul": { + "altStatName": "tcp2.api-app.default.dc1.internal.foo.consul", "endpointGroup": { "dynamic": { "config": { @@ -11,7 +11,7 @@ }, "outboundTls": { "alpnProtocols": [ - "consul~http" + "consul~tcp2" ], "outboundMesh": { "identityKey": "test-identity", @@ -26,20 +26,11 @@ } } }, - "name": "http.api-app.default.dc1.internal.foo.consul" + "name": "tcp2.api-app.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" }, - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination" - }, - "tcp.api-app.default.dc1.internal.foo.consul": { - "altStatName": "tcp.api-app.default.dc1.internal.foo.consul", + "http.api-app.default.dc1.internal.foo.consul": { + "altStatName": "http.api-app.default.dc1.internal.foo.consul", "endpointGroup": { "dynamic": { "config": { @@ -48,7 +39,7 @@ }, "outboundTls": { "alpnProtocols": [ - "consul~tcp" + "consul~http" ], "outboundMesh": { "identityKey": "test-identity", @@ -63,10 +54,22 @@ } } }, - "name": "tcp.api-app.default.dc1.internal.foo.consul" + "name": "http.api-app.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_HTTP" }, - "tcp2.api-app.default.dc1.internal.foo.consul": { - "altStatName": "tcp2.api-app.default.dc1.internal.foo.consul", + "original-destination": { + "endpointGroup": { + "passthrough": { + "config": { + "connectTimeout": "5s" + } + } + }, + "name": "original-destination", + "protocol": "PROTOCOL_TCP" + }, + "tcp.api-app.default.dc1.internal.foo.consul": { + "altStatName": "tcp.api-app.default.dc1.internal.foo.consul", "endpointGroup": { "dynamic": { "config": { @@ -75,7 +78,7 @@ }, "outboundTls": { "alpnProtocols": [ - "consul~tcp2" + "consul~tcp" ], "outboundMesh": { "identityKey": "test-identity", @@ -90,7 +93,8 @@ } } }, - "name": "tcp2.api-app.default.dc1.internal.foo.consul" + "name": "tcp.api-app.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" } }, "identity": { @@ -146,7 +150,7 @@ { "l7": { "route": { - "name": "default/local/default/api-app" + "name": "default/local/default/api-app:http" }, "statPrefix": "upstream." }, @@ -181,10 +185,13 @@ } ], "routes": { - "default/local/default/api-app": { + "default/local/default/api-app:http": { "virtualHosts": [ { - "name": "default/local/default/api-app", + "domains": [ + "*" + ], + "name": "default/local/default/api-app:http", "routeRules": [ { "destination": { @@ -205,7 +212,7 @@ } }, "requiredEndpoints": { - "http.api-app.default.dc1.internal.foo.consul": { + "tcp2.api-app.default.dc1.internal.foo.consul": { "id": { "name": "api-app", "tenancy": { @@ -221,7 +228,7 @@ }, "port": "mesh" }, - "tcp.api-app.default.dc1.internal.foo.consul": { + "http.api-app.default.dc1.internal.foo.consul": { "id": { "name": "api-app", "tenancy": { @@ -237,7 +244,7 @@ }, "port": "mesh" }, - "tcp2.api-app.default.dc1.internal.foo.consul": { + "tcp.api-app.default.dc1.internal.foo.consul": { "id": { "name": "api-app", "tenancy": { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden index cdf1275e0d68..2ab840e3da9b 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden @@ -1,8 +1,8 @@ { "proxyState": { "clusters": { - "http.api-app.default.dc1.internal.foo.consul": { - "altStatName": "http.api-app.default.dc1.internal.foo.consul", + "tcp2.api-app.default.dc1.internal.foo.consul": { + "altStatName": "tcp2.api-app.default.dc1.internal.foo.consul", "endpointGroup": { "dynamic": { "config": { @@ -11,7 +11,7 @@ }, "outboundTls": { "alpnProtocols": [ - "consul~http" + "consul~tcp2" ], "outboundMesh": { "identityKey": "test-identity", @@ -26,20 +26,11 @@ } } }, - "name": "http.api-app.default.dc1.internal.foo.consul" + "name": "tcp2.api-app.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" }, - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination" - }, - "tcp.api-app.default.dc1.internal.foo.consul": { - "altStatName": "tcp.api-app.default.dc1.internal.foo.consul", + "http.api-app.default.dc1.internal.foo.consul": { + "altStatName": "http.api-app.default.dc1.internal.foo.consul", "endpointGroup": { "dynamic": { "config": { @@ -48,7 +39,7 @@ }, "outboundTls": { "alpnProtocols": [ - "consul~tcp" + "consul~http" ], "outboundMesh": { "identityKey": "test-identity", @@ -63,10 +54,22 @@ } } }, - "name": "tcp.api-app.default.dc1.internal.foo.consul" + "name": "http.api-app.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_HTTP" }, - "tcp2.api-app.default.dc1.internal.foo.consul": { - "altStatName": "tcp2.api-app.default.dc1.internal.foo.consul", + "original-destination": { + "endpointGroup": { + "passthrough": { + "config": { + "connectTimeout": "5s" + } + } + }, + "name": "original-destination", + "protocol": "PROTOCOL_TCP" + }, + "tcp.api-app.default.dc1.internal.foo.consul": { + "altStatName": "tcp.api-app.default.dc1.internal.foo.consul", "endpointGroup": { "dynamic": { "config": { @@ -75,7 +78,7 @@ }, "outboundTls": { "alpnProtocols": [ - "consul~tcp2" + "consul~tcp" ], "outboundMesh": { "identityKey": "test-identity", @@ -90,7 +93,8 @@ } } }, - "name": "tcp2.api-app.default.dc1.internal.foo.consul" + "name": "tcp.api-app.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" } }, "identity": { @@ -146,7 +150,7 @@ { "l7": { "route": { - "name": "default/local/default/api-app" + "name": "default/local/default/api-app:http" }, "statPrefix": "upstream." }, @@ -181,10 +185,13 @@ } ], "routes": { - "default/local/default/api-app": { + "default/local/default/api-app:http": { "virtualHosts": [ { - "name": "default/local/default/api-app", + "domains": [ + "*" + ], + "name": "default/local/default/api-app:http", "routeRules": [ { "destination": { @@ -205,7 +212,7 @@ } }, "requiredEndpoints": { - "http.api-app.default.dc1.internal.foo.consul": { + "tcp2.api-app.default.dc1.internal.foo.consul": { "id": { "name": "api-app", "tenancy": { @@ -221,7 +228,7 @@ }, "port": "mesh" }, - "tcp.api-app.default.dc1.internal.foo.consul": { + "http.api-app.default.dc1.internal.foo.consul": { "id": { "name": "api-app", "tenancy": { @@ -237,7 +244,7 @@ }, "port": "mesh" }, - "tcp2.api-app.default.dc1.internal.foo.consul": { + "tcp.api-app.default.dc1.internal.foo.consul": { "id": { "name": "api-app", "tenancy": { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l4-multiple-workload-addresses-with-specific-ports.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l4-multiple-workload-addresses-with-specific-ports.golden index 8551d50dcc88..95ee222f3d26 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l4-multiple-workload-addresses-with-specific-ports.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l4-multiple-workload-addresses-with-specific-ports.golden @@ -5,7 +5,8 @@ "endpointGroup": { "static": {} }, - "name": "local_app:port1" + "name": "local_app:port1", + "protocol": "PROTOCOL_TCP" } }, "endpoints": { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l4-multiple-workload-addresses-without-ports.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l4-multiple-workload-addresses-without-ports.golden index 1c7d58988f6d..0cb52d992155 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l4-multiple-workload-addresses-without-ports.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l4-multiple-workload-addresses-without-ports.golden @@ -5,7 +5,8 @@ "endpointGroup": { "static": {} }, - "name": "local_app:port1" + "name": "local_app:port1", + "protocol": "PROTOCOL_TCP" } }, "endpoints": { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l4-single-workload-address-without-ports.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l4-single-workload-address-without-ports.golden index 1c7d58988f6d..0cb52d992155 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l4-single-workload-address-without-ports.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l4-single-workload-address-without-ports.golden @@ -5,7 +5,8 @@ "endpointGroup": { "static": {} }, - "name": "local_app:port1" + "name": "local_app:port1", + "protocol": "PROTOCOL_TCP" } }, "endpoints": { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l7-expose-paths.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l7-expose-paths.golden index df8af168212d..2af5ce9c06d4 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l7-expose-paths.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l7-expose-paths.golden @@ -5,19 +5,22 @@ "endpointGroup": { "static": {} }, - "name": "exposed_cluster_9090" + "name": "exposed_cluster_9090", + "protocol": "PROTOCOL_HTTP" }, "exposed_cluster_9091": { "endpointGroup": { "static": {} }, - "name": "exposed_cluster_9091" + "name": "exposed_cluster_9091", + "protocol": "PROTOCOL_HTTP2" }, "local_app:port1": { "endpointGroup": { "static": {} }, - "name": "local_app:port1" + "name": "local_app:port1", + "protocol": "PROTOCOL_TCP" } }, "endpoints": { @@ -107,16 +110,16 @@ "direction": "DIRECTION_INBOUND", "hostPort": { "host": "10.0.0.1", - "port": 9090 + "port": 1234 }, - "name": "exposed_path_health", + "name": "exposed_path_health1234", "routers": [ { "l7": { "route": { - "name": "exposed_path_filter_health_1234" + "name": "exposed_path_route_health1234" }, - "statPrefix": "exposed_path_filter_health_1234", + "statPrefix": "exposed_path_route_health1234", "staticRoute": true } } @@ -126,17 +129,17 @@ "direction": "DIRECTION_INBOUND", "hostPort": { "host": "10.0.0.1", - "port": 9091 + "port": 1235 }, - "name": "exposed_path_GetHealth", + "name": "exposed_path_GetHealth1235", "routers": [ { "l7": { "protocol": "L7_PROTOCOL_HTTP2", "route": { - "name": "exposed_path_filter_GetHealth_1235" + "name": "exposed_path_route_GetHealth1235" }, - "statPrefix": "exposed_path_filter_GetHealth_1235", + "statPrefix": "exposed_path_route_GetHealth1235", "staticRoute": true } } @@ -144,13 +147,13 @@ } ], "routes": { - "exposed_path_filter_GetHealth_1235": { + "exposed_path_route_GetHealth1235": { "virtualHosts": [ { "domains": [ "*" ], - "name": "exposed_path_filter_GetHealth_1235", + "name": "exposed_path_route_GetHealth1235", "routeRules": [ { "destination": { @@ -168,13 +171,13 @@ } ] }, - "exposed_path_filter_health_1234": { + "exposed_path_route_health1234": { "virtualHosts": [ { "domains": [ "*" ], - "name": "exposed_path_filter_health_1234", + "name": "exposed_path_route_health1234", "routeRules": [ { "destination": { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections.golden new file mode 100644 index 000000000000..299b051ef69d --- /dev/null +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections.golden @@ -0,0 +1,304 @@ +{ + "proxyState": { + "clusters": { + "exposed_cluster_9090": { + "endpointGroup": { + "static": {} + }, + "name": "exposed_cluster_9090", + "protocol": "PROTOCOL_HTTP" + }, + "exposed_cluster_9091": { + "endpointGroup": { + "static": {} + }, + "name": "exposed_cluster_9091", + "protocol": "PROTOCOL_HTTP2" + }, + "local_app:port1": { + "endpointGroup": { + "static": { + "config": { + "circuitBreakers": { + "upstreamLimits": { + "maxConnections": 123 + } + }, + "connectTimeout": "6s" + } + } + }, + "name": "local_app:port1", + "protocol": "PROTOCOL_TCP" + }, + "local_app:port3": { + "endpointGroup": { + "static": { + "config": { + "circuitBreakers": { + "upstreamLimits": { + "maxConnections": 123 + } + }, + "connectTimeout": "8s" + } + } + }, + "name": "local_app:port3", + "protocol": "PROTOCOL_HTTP" + } + }, + "endpoints": { + "exposed_cluster_9090": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 9090 + } + } + ] + }, + "exposed_cluster_9091": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 9091 + } + } + ] + }, + "local_app:port1": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 8080 + } + } + ] + }, + "local_app:port3": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 8081 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "listeners": [ + { + "balanceConnections": "BALANCE_CONNECTIONS_EXACT", + "capabilities": [ + "CAPABILITY_L4_TLS_INSPECTION" + ], + "direction": "DIRECTION_INBOUND", + "hostPort": { + "host": "10.0.0.1", + "port": 20000 + }, + "name": "public_listener", + "routers": [ + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l4": { + "cluster": { + "name": "local_app:port1" + }, + "maxInboundConnections": "123", + "statPrefix": "public_listener", + "trafficPermissions": {} + }, + "match": { + "alpnProtocols": [ + "consul~port1" + ] + } + }, + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l7": { + "maxInboundConnections": "123", + "route": { + "name": "public_listener:port3" + }, + "statPrefix": "public_listener", + "staticRoute": true, + "trafficPermissions": {} + }, + "match": { + "alpnProtocols": [ + "consul~port3" + ] + } + } + ] + }, + { + "direction": "DIRECTION_INBOUND", + "hostPort": { + "host": "10.0.0.1", + "port": 1234 + }, + "name": "exposed_path_health1234", + "routers": [ + { + "l7": { + "route": { + "name": "exposed_path_route_health1234" + }, + "statPrefix": "exposed_path_route_health1234", + "staticRoute": true + } + } + ] + }, + { + "direction": "DIRECTION_INBOUND", + "hostPort": { + "host": "10.0.0.1", + "port": 1235 + }, + "name": "exposed_path_GetHealth1235", + "routers": [ + { + "l7": { + "protocol": "L7_PROTOCOL_HTTP2", + "route": { + "name": "exposed_path_route_GetHealth1235" + }, + "statPrefix": "exposed_path_route_GetHealth1235", + "staticRoute": true + } + } + ] + } + ], + "routes": { + "exposed_path_route_GetHealth1235": { + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "exposed_path_route_GetHealth1235", + "routeRules": [ + { + "destination": { + "cluster": { + "name": "exposed_cluster_9091" + } + }, + "match": { + "pathMatch": { + "exact": "GetHealth" + } + } + } + ] + } + ] + }, + "exposed_path_route_health1234": { + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "exposed_path_route_health1234", + "routeRules": [ + { + "destination": { + "cluster": { + "name": "exposed_cluster_9090" + } + }, + "match": { + "pathMatch": { + "exact": "/health" + } + } + } + ] + } + ] + }, + "public_listener:port3": { + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "public_listener:port3", + "routeRules": [ + { + "destination": { + "cluster": { + "name": "local_app:port3" + }, + "destinationConfiguration": { + "timeoutConfig": { + "timeout": "9s" + } + } + }, + "match": { + "pathMatch": { + "prefix": "/" + } + } + } + ] + } + ] + } + } + }, + "requiredLeafCertificates": { + "test-identity": { + "name": "test-identity", + "namespace": "default", + "partition": "default" + } + }, + "requiredTrustBundles": { + "local": { + "peer": "local" + } + } +} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-with-specific-ports.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-with-specific-ports.golden index b4ef8b93dd1d..93a69b2bb033 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-with-specific-ports.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-with-specific-ports.golden @@ -5,13 +5,15 @@ "endpointGroup": { "static": {} }, - "name": "local_app:admin-port" + "name": "local_app:admin-port", + "protocol": "PROTOCOL_TCP" }, "local_app:api-port": { "endpointGroup": { "static": {} }, - "name": "local_app:api-port" + "name": "local_app:api-port", + "protocol": "PROTOCOL_TCP" } }, "endpoints": { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-without-ports.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-without-ports.golden index 9df4452174b5..3831349ccdbd 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-without-ports.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-without-ports.golden @@ -5,13 +5,15 @@ "endpointGroup": { "static": {} }, - "name": "local_app:admin-port" + "name": "local_app:admin-port", + "protocol": "PROTOCOL_TCP" }, "local_app:api-port": { "endpointGroup": { "static": {} }, - "name": "local_app:api-port" + "name": "local_app:api-port", + "protocol": "PROTOCOL_TCP" } }, "endpoints": { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-single-workload-address-without-ports.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-single-workload-address-without-ports.golden index 9df4452174b5..3831349ccdbd 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-single-workload-address-without-ports.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-single-workload-address-without-ports.golden @@ -5,13 +5,15 @@ "endpointGroup": { "static": {} }, - "name": "local_app:admin-port" + "name": "local_app:admin-port", + "protocol": "PROTOCOL_TCP" }, "local_app:api-port": { "endpointGroup": { "static": {} }, - "name": "local_app:api-port" + "name": "local_app:api-port", + "protocol": "PROTOCOL_TCP" } }, "endpoints": { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-workload-with-only-mesh-port.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-workload-with-only-mesh-port.golden index eb3b84dd9839..dc9afc44fa43 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-workload-with-only-mesh-port.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-workload-with-only-mesh-port.golden @@ -5,7 +5,8 @@ "endpointGroup": { "static": {} }, - "name": "black-hole-cluster" + "name": "black-hole-cluster", + "protocol": "PROTOCOL_TCP" } }, "identity": { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden index 7afae2c4d3b9..dcba1dc58150 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden @@ -5,13 +5,15 @@ "endpointGroup": { "static": {} }, - "name": "local_app:admin-port" + "name": "local_app:admin-port", + "protocol": "PROTOCOL_HTTP" }, "local_app:api-port": { "endpointGroup": { "static": {} }, - "name": "local_app:api-port" + "name": "local_app:api-port", + "protocol": "PROTOCOL_HTTP2" } }, "endpoints": { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-without-ports.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-without-ports.golden index d65cc6eb2dd3..08d9faa234ea 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-without-ports.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-without-ports.golden @@ -5,19 +5,22 @@ "endpointGroup": { "static": {} }, - "name": "local_app:admin-port" + "name": "local_app:admin-port", + "protocol": "PROTOCOL_HTTP" }, "local_app:api-port": { "endpointGroup": { "static": {} }, - "name": "local_app:api-port" + "name": "local_app:api-port", + "protocol": "PROTOCOL_HTTP2" }, "local_app:grpc-port": { "endpointGroup": { "static": {} }, - "name": "local_app:grpc-port" + "name": "local_app:grpc-port", + "protocol": "PROTOCOL_GRPC" } }, "endpoints": { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-single-workload-address-without-ports.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-single-workload-address-without-ports.golden index d65cc6eb2dd3..08d9faa234ea 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-single-workload-address-without-ports.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-single-workload-address-without-ports.golden @@ -5,19 +5,22 @@ "endpointGroup": { "static": {} }, - "name": "local_app:admin-port" + "name": "local_app:admin-port", + "protocol": "PROTOCOL_HTTP" }, "local_app:api-port": { "endpointGroup": { "static": {} }, - "name": "local_app:api-port" + "name": "local_app:api-port", + "protocol": "PROTOCOL_HTTP2" }, "local_app:grpc-port": { "endpointGroup": { "static": {} }, - "name": "local_app:grpc-port" + "name": "local_app:grpc-port", + "protocol": "PROTOCOL_GRPC" } }, "endpoints": { diff --git a/internal/mesh/internal/controllers/sidecarproxy/controller_test.go b/internal/mesh/internal/controllers/sidecarproxy/controller_test.go index 883984f1615d..0d6684f0ef54 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/controller_test.go +++ b/internal/mesh/internal/controllers/sidecarproxy/controller_test.go @@ -553,7 +553,7 @@ func (suite *controllerTestSuite) TestController() { }).Write(suite.T(), suite.client) testutil.RunStep(suite.T(), "add explicit destinations and check that new proxy state is generated", func(t *testing.T) { - webProxyStateTemplate = suite.client.WaitForNewVersion(t, webProxyStateTemplateID, webProxyStateTemplate.Version) + webProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), webProxyStateTemplateID, webProxyStateTemplate.Version) requireExplicitDestinationsFound(t, "api", webProxyStateTemplate) }) @@ -613,7 +613,7 @@ func (suite *controllerTestSuite) TestController() { }) // We should get a new web proxy template resource because this destination should be removed. - webProxyStateTemplate = suite.client.WaitForNewVersion(t, webProxyStateTemplateID, webProxyStateTemplate.Version) + webProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), webProxyStateTemplateID, webProxyStateTemplate.Version) requireExplicitDestinationsNotFound(t, "api", webProxyStateTemplate) }) diff --git a/internal/mesh/internal/controllers/xds/controller_test.go b/internal/mesh/internal/controllers/xds/controller_test.go index 6bb5f85c9908..e1dd0ebb6171 100644 --- a/internal/mesh/internal/controllers/xds/controller_test.go +++ b/internal/mesh/internal/controllers/xds/controller_test.go @@ -7,10 +7,14 @@ import ( "context" "crypto/x509" "encoding/pem" + "fmt" + "strings" "testing" + "github.com/hashicorp/consul/internal/testing/golden" "github.com/stretchr/testify/require" "github.com/stretchr/testify/suite" + "google.golang.org/protobuf/encoding/protojson" svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing" "github.com/hashicorp/consul/agent/leafcert" @@ -995,3 +999,167 @@ func (suite *xdsControllerTestSuite) TestReconcile_prevWatchesToCancel() { func TestXdsController(t *testing.T) { suite.Run(t, new(xdsControllerTestSuite)) } + +// TestReconcile_SidecarProxyGoldenFileInputs tests the Reconcile() by using +// the golden test output/expected files from the sidecar proxy tests as inputs +// to the XDS controller reconciliation. +// XDS controller reconciles the full ProxyStateTemplate object. The fields +// that things that it focuses on are leaf certs, endpoints, and trust bundles, +// which is just a subset of the ProxyStateTemplate struct. Prior to XDS controller +// reconciliation, the sidecar proxy controller will have reconciled the other parts +// of the ProxyStateTemplate. +// Since the XDS controller does act on the ProxyStateTemplate, the tests +// utilize that entire object rather than just the parts that XDS controller +// internals reconciles. Namely, by using checking the full ProxyStateTemplate +// rather than just endpoints, leaf certs, and trust bundles, the test also ensures +// side effects or change in scope to XDS controller are not introduce mistakenly. +func (suite *xdsControllerTestSuite) TestReconcile_SidecarProxyGoldenFileInputs() { + path := "../sidecarproxy/builder/testdata" + cases := []string{ + // destinations - please add in alphabetical order + "destination/l4-single-destination-ip-port-bind-address", + "destination/l4-single-destination-unix-socket-bind-address", + "destination/l4-single-implicit-destination-tproxy", + "destination/l4-multi-destination", + "destination/l4-multiple-implicit-destinations-tproxy", + "destination/l4-implicit-and-explicit-destinations-tproxy", + "destination/mixed-multi-destination", + "destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy", + "destination/multiport-l4-and-l7-single-implicit-destination-tproxy", + "destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy", + + //sources - please add in alphabetical order + "source/l4-multiple-workload-addresses-with-specific-ports", + "source/l4-multiple-workload-addresses-without-ports", + "source/l4-single-workload-address-without-ports", + "source/l7-expose-paths", + "source/local-and-inbound-connections", + "source/multiport-l4-multiple-workload-addresses-with-specific-ports", + "source/multiport-l4-multiple-workload-addresses-without-ports", + "source/multiport-l4-workload-with-only-mesh-port", + "source/multiport-l7-multiple-workload-addresses-with-specific-ports", + "source/multiport-l7-multiple-workload-addresses-without-ports", + } + + for _, name := range cases { + suite.Run(name, func() { + // Create ProxyStateTemplate from the golden file. + pst := JSONToProxyTemplate(suite.T(), + golden.GetBytesAtFilePath(suite.T(), fmt.Sprintf("%s/%s.golden", path, name))) + + // Destinations will need endpoint refs set up. + if strings.Split(name, "/")[0] == "destination" && len(pst.ProxyState.Endpoints) == 0 { + suite.addRequiredEndpointsAndRefs(pst) + } + + // Store the initial ProxyStateTemplate. + proxyStateTemplate := resourcetest.Resource(pbmesh.ProxyStateTemplateType, "test"). + WithData(suite.T(), pst). + Write(suite.T(), suite.client) + + // Check with resource service that it exists. + retry.Run(suite.T(), func(r *retry.R) { + suite.client.RequireResourceExists(r, proxyStateTemplate.Id) + }) + + // Track it in the mapper. + suite.mapper.TrackItem(proxyStateTemplate.Id, []resource.ReferenceOrID{}) + + // Run the reconcile, and since no ProxyStateTemplate is stored, this simulates a deletion. + err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: proxyStateTemplate.Id, + }) + require.NoError(suite.T(), err) + require.NotNil(suite.T(), proxyStateTemplate) + + // Get the reconciled proxyStateTemplate to check the reconcile results. + reconciledPS := suite.updater.Get(proxyStateTemplate.Id.Name) + + // Verify leaf cert contents then hard code them for comparison + // and downstream tests since they change from test run to test run. + require.NotEmpty(suite.T(), reconciledPS.LeafCertificates) + reconciledPS.LeafCertificates = map[string]*pbproxystate.LeafCertificate{ + "test-identity": { + Cert: "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + Key: "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n", + }, + } + + // Compare actual vs expected. + actual := prototest.ProtoToJSON(suite.T(), reconciledPS) + expected := golden.Get(suite.T(), actual, name+".golden") + require.JSONEq(suite.T(), expected, actual) + }) + } +} + +func (suite *xdsControllerTestSuite) addRequiredEndpointsAndRefs(pst *pbmesh.ProxyStateTemplate) { + //get service data + serviceData := &pbcatalog.Service{} + var vp uint32 = 7000 + requiredEps := make(map[string]*pbproxystate.EndpointRef) + + // iterate through clusters and set up endpoints for cluster/mesh port. + for clusterName := range pst.ProxyState.Clusters { + if clusterName == "null_route_cluster" || clusterName == "original-destination" { + continue + } + + //increment the random port number. + vp++ + clusterNameSplit := strings.Split(clusterName, ".") + port := clusterNameSplit[0] + svcName := clusterNameSplit[1] + + // set up service data with port info. + serviceData.Ports = append(serviceData.Ports, &pbcatalog.ServicePort{ + TargetPort: port, + VirtualPort: vp, + Protocol: pbcatalog.Protocol_PROTOCOL_TCP, + }) + + // create service. + svc := resourcetest.Resource(pbcatalog.ServiceType, svcName). + WithData(suite.T(), &pbcatalog.Service{}). + Write(suite.T(), suite.client) + + // create endpoints with svc as owner. + eps := resourcetest.Resource(pbcatalog.ServiceEndpointsType, svcName). + WithData(suite.T(), &pbcatalog.ServiceEndpoints{Endpoints: []*pbcatalog.Endpoint{ + { + Ports: map[string]*pbcatalog.WorkloadPort{ + "mesh": { + Port: 20000, + Protocol: pbcatalog.Protocol_PROTOCOL_MESH, + }, + }, + Addresses: []*pbcatalog.WorkloadAddress{ + { + Host: "10.1.1.1", + Ports: []string{"mesh"}, + }, + }, + }, + }}). + WithOwner(svc.Id). + Write(suite.T(), suite.client) + + // add to working list of required endpoints. + requiredEps[clusterName] = &pbproxystate.EndpointRef{ + Id: eps.Id, + Port: "mesh", + } + } + + // set working list of required endpoints as proxy state's RequiredEndpoints. + pst.RequiredEndpoints = requiredEps +} + +func JSONToProxyTemplate(t *testing.T, json []byte) *pbmesh.ProxyStateTemplate { + t.Helper() + proxyTemplate := &pbmesh.ProxyStateTemplate{} + m := protojson.UnmarshalOptions{} + err := m.Unmarshal(json, proxyTemplate) + require.NoError(t, err) + return proxyTemplate +} diff --git a/internal/mesh/internal/controllers/xds/testdata/destination/l4-implicit-and-explicit-destinations-tproxy.golden b/internal/mesh/internal/controllers/xds/testdata/destination/l4-implicit-and-explicit-destinations-tproxy.golden new file mode 100644 index 000000000000..dd425312053b --- /dev/null +++ b/internal/mesh/internal/controllers/xds/testdata/destination/l4-implicit-and-explicit-destinations-tproxy.golden @@ -0,0 +1,185 @@ +{ + "clusters": { + "original-destination": { + "endpointGroup": { + "passthrough": { + "config": { + "connectTimeout": "5s" + } + } + }, + "name": "original-destination", + "protocol": "PROTOCOL_TCP" + }, + "tcp.api-1.default.dc1.internal.foo.consul": { + "altStatName": "tcp.api-1.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~tcp" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-1.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "tcp.api-1.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" + }, + "tcp.api-2.default.dc1.internal.foo.consul": { + "altStatName": "tcp.api-2.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~tcp" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-2.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "tcp.api-2.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" + } + }, + "endpoints": { + "tcp.api-1.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + }, + "tcp.api-2.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "leafCertificates": { + "test-identity": { + "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + }, + "listeners": [ + { + "direction": "DIRECTION_OUTBOUND", + "hostPort": { + "host": "1.1.1.1", + "port": 1234 + }, + "name": "default/local/default/api-1:tcp:1.1.1.1:1234", + "routers": [ + { + "l4": { + "cluster": { + "name": "tcp.api-1.default.dc1.internal.foo.consul" + }, + "statPrefix": "upstream.tcp.api-1.default.default.dc1" + } + } + ] + }, + { + "capabilities": [ + "CAPABILITY_TRANSPARENT" + ], + "defaultRouter": { + "l4": { + "cluster": { + "name": "original-destination" + }, + "statPrefix": "upstream.original-destination" + } + }, + "direction": "DIRECTION_OUTBOUND", + "hostPort": { + "host": "127.0.0.1", + "port": 15001 + }, + "name": "outbound_listener", + "routers": [ + { + "l4": { + "cluster": { + "name": "tcp.api-2.default.dc1.internal.foo.consul" + }, + "statPrefix": "upstream.tcp.api-2.default.default.dc1" + }, + "match": { + "destinationPort": 7070, + "prefixRanges": [ + { + "addressPrefix": "2.2.2.2", + "prefixLen": 32 + }, + { + "addressPrefix": "3.3.3.3", + "prefixLen": 32 + } + ] + } + } + ] + } + ], + "trustBundles": { + "local": { + "roots": [ + "some-root", + "some-other-root" + ], + "trustDomain": "some-trust-domain" + } + } +} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/xds/testdata/destination/l4-multi-destination.golden b/internal/mesh/internal/controllers/xds/testdata/destination/l4-multi-destination.golden new file mode 100644 index 000000000000..70448ca45048 --- /dev/null +++ b/internal/mesh/internal/controllers/xds/testdata/destination/l4-multi-destination.golden @@ -0,0 +1,301 @@ +{ + "clusters": { + "null_route_cluster": { + "endpointGroup": { + "static": { + "config": { + "connectTimeout": "10s" + } + } + }, + "name": "null_route_cluster", + "protocol": "PROTOCOL_TCP" + }, + "tcp.api-1.default.dc1.internal.foo.consul": { + "altStatName": "tcp.api-1.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~tcp" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-1.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "tcp.api-1.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" + }, + "tcp.api-2.default.dc1.internal.foo.consul": { + "altStatName": "tcp.api-2.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~tcp" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-2.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "tcp.api-2.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" + }, + "tcp2.api-1.default.dc1.internal.foo.consul": { + "altStatName": "tcp2.api-1.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~tcp2" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-1.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "tcp2.api-1.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" + }, + "tcp2.api-2.default.dc1.internal.foo.consul": { + "altStatName": "tcp2.api-2.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~tcp2" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-2.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "tcp2.api-2.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" + } + }, + "endpoints": { + "tcp.api-1.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + }, + "tcp.api-2.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + }, + "tcp2.api-1.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + }, + "tcp2.api-2.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "leafCertificates": { + "test-identity": { + "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + }, + "listeners": [ + { + "direction": "DIRECTION_OUTBOUND", + "hostPort": { + "host": "1.1.1.1", + "port": 1234 + }, + "name": "default/local/default/api-1:tcp:1.1.1.1:1234", + "routers": [ + { + "l4": { + "statPrefix": "upstream.tcp.api-1.default.default.dc1", + "weightedClusters": { + "clusters": [ + { + "name": "tcp.api-2.default.dc1.internal.foo.consul", + "weight": 60 + }, + { + "name": "tcp.api-1.default.dc1.internal.foo.consul", + "weight": 40 + }, + { + "name": "null_route_cluster", + "weight": 10 + } + ] + } + } + } + ] + }, + { + "direction": "DIRECTION_OUTBOUND", + "name": "default/local/default/api-2:tcp:/path/to/socket", + "routers": [ + { + "l4": { + "cluster": { + "name": "tcp.api-2.default.dc1.internal.foo.consul" + }, + "statPrefix": "upstream.tcp.api-2.default.default.dc1" + } + } + ], + "unixSocket": { + "mode": "0666", + "path": "/path/to/socket" + } + }, + { + "direction": "DIRECTION_OUTBOUND", + "hostPort": { + "host": "1.1.1.1", + "port": 2345 + }, + "name": "default/local/default/api-1:tcp2:1.1.1.1:2345", + "routers": [ + { + "l4": { + "statPrefix": "upstream.tcp2.api-1.default.default.dc1", + "weightedClusters": { + "clusters": [ + { + "name": "tcp2.api-2.default.dc1.internal.foo.consul", + "weight": 60 + }, + { + "name": "tcp2.api-1.default.dc1.internal.foo.consul", + "weight": 40 + }, + { + "name": "null_route_cluster", + "weight": 10 + } + ] + } + } + } + ] + }, + { + "direction": "DIRECTION_OUTBOUND", + "name": "default/local/default/api-2:tcp2:/path/to/socket", + "routers": [ + { + "l4": { + "cluster": { + "name": "tcp2.api-2.default.dc1.internal.foo.consul" + }, + "statPrefix": "upstream.tcp2.api-2.default.default.dc1" + } + } + ], + "unixSocket": { + "mode": "0666", + "path": "/path/to/socket" + } + } + ], + "trustBundles": { + "local": { + "roots": [ + "some-root", + "some-other-root" + ], + "trustDomain": "some-trust-domain" + } + } +} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/xds/testdata/destination/l4-multiple-implicit-destinations-tproxy.golden b/internal/mesh/internal/controllers/xds/testdata/destination/l4-multiple-implicit-destinations-tproxy.golden new file mode 100644 index 000000000000..24c917a4d338 --- /dev/null +++ b/internal/mesh/internal/controllers/xds/testdata/destination/l4-multiple-implicit-destinations-tproxy.golden @@ -0,0 +1,184 @@ +{ + "clusters": { + "original-destination": { + "endpointGroup": { + "passthrough": { + "config": { + "connectTimeout": "5s" + } + } + }, + "name": "original-destination", + "protocol": "PROTOCOL_TCP" + }, + "tcp.api-1.default.dc1.internal.foo.consul": { + "altStatName": "tcp.api-1.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~tcp" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-1.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "tcp.api-1.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" + }, + "tcp.api-2.default.dc1.internal.foo.consul": { + "altStatName": "tcp.api-2.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~tcp" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-2.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "tcp.api-2.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" + } + }, + "endpoints": { + "tcp.api-1.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + }, + "tcp.api-2.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "leafCertificates": { + "test-identity": { + "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + }, + "listeners": [ + { + "capabilities": [ + "CAPABILITY_TRANSPARENT" + ], + "defaultRouter": { + "l4": { + "cluster": { + "name": "original-destination" + }, + "statPrefix": "upstream.original-destination" + } + }, + "direction": "DIRECTION_OUTBOUND", + "hostPort": { + "host": "127.0.0.1", + "port": 15001 + }, + "name": "outbound_listener", + "routers": [ + { + "l4": { + "cluster": { + "name": "tcp.api-1.default.dc1.internal.foo.consul" + }, + "statPrefix": "upstream.tcp.api-1.default.default.dc1" + }, + "match": { + "destinationPort": 7070, + "prefixRanges": [ + { + "addressPrefix": "1.1.1.1", + "prefixLen": 32 + } + ] + } + }, + { + "l4": { + "cluster": { + "name": "tcp.api-2.default.dc1.internal.foo.consul" + }, + "statPrefix": "upstream.tcp.api-2.default.default.dc1" + }, + "match": { + "destinationPort": 7070, + "prefixRanges": [ + { + "addressPrefix": "2.2.2.2", + "prefixLen": 32 + }, + { + "addressPrefix": "3.3.3.3", + "prefixLen": 32 + } + ] + } + } + ] + } + ], + "trustBundles": { + "local": { + "roots": [ + "some-root", + "some-other-root" + ], + "trustDomain": "some-trust-domain" + } + } +} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/xds/testdata/destination/l4-single-destination-ip-port-bind-address.golden b/internal/mesh/internal/controllers/xds/testdata/destination/l4-single-destination-ip-port-bind-address.golden new file mode 100644 index 000000000000..d3657463fde9 --- /dev/null +++ b/internal/mesh/internal/controllers/xds/testdata/destination/l4-single-destination-ip-port-bind-address.golden @@ -0,0 +1,156 @@ +{ + "clusters": { + "null_route_cluster": { + "endpointGroup": { + "static": { + "config": { + "connectTimeout": "10s" + } + } + }, + "name": "null_route_cluster", + "protocol": "PROTOCOL_TCP" + }, + "tcp.api-1.default.dc1.internal.foo.consul": { + "altStatName": "tcp.api-1.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~tcp" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-1.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "tcp.api-1.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" + }, + "tcp.api-2.default.dc1.internal.foo.consul": { + "altStatName": "tcp.api-2.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~tcp" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-2.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "tcp.api-2.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" + } + }, + "endpoints": { + "tcp.api-1.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + }, + "tcp.api-2.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "leafCertificates": { + "test-identity": { + "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + }, + "listeners": [ + { + "direction": "DIRECTION_OUTBOUND", + "hostPort": { + "host": "1.1.1.1", + "port": 1234 + }, + "name": "default/local/default/api-1:tcp:1.1.1.1:1234", + "routers": [ + { + "l4": { + "statPrefix": "upstream.tcp.api-1.default.default.dc1", + "weightedClusters": { + "clusters": [ + { + "name": "tcp.api-2.default.dc1.internal.foo.consul", + "weight": 60 + }, + { + "name": "tcp.api-1.default.dc1.internal.foo.consul", + "weight": 40 + }, + { + "name": "null_route_cluster", + "weight": 10 + } + ] + } + } + } + ] + } + ], + "trustBundles": { + "local": { + "roots": [ + "some-root", + "some-other-root" + ], + "trustDomain": "some-trust-domain" + } + } +} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/xds/testdata/destination/l4-single-destination-unix-socket-bind-address.golden b/internal/mesh/internal/controllers/xds/testdata/destination/l4-single-destination-unix-socket-bind-address.golden new file mode 100644 index 000000000000..19ca75501d5b --- /dev/null +++ b/internal/mesh/internal/controllers/xds/testdata/destination/l4-single-destination-unix-socket-bind-address.golden @@ -0,0 +1,93 @@ +{ + "clusters": { + "tcp.api-2.default.dc1.internal.foo.consul": { + "altStatName": "tcp.api-2.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~tcp" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-2.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "tcp.api-2.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" + } + }, + "endpoints": { + "tcp.api-2.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "leafCertificates": { + "test-identity": { + "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + }, + "listeners": [ + { + "direction": "DIRECTION_OUTBOUND", + "name": "default/local/default/api-2:tcp:/path/to/socket", + "routers": [ + { + "l4": { + "cluster": { + "name": "tcp.api-2.default.dc1.internal.foo.consul" + }, + "statPrefix": "upstream.tcp.api-2.default.default.dc1" + } + } + ], + "unixSocket": { + "mode": "0666", + "path": "/path/to/socket" + } + } + ], + "trustBundles": { + "local": { + "roots": [ + "some-root", + "some-other-root" + ], + "trustDomain": "some-trust-domain" + } + } +} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/xds/testdata/destination/l4-single-implicit-destination-tproxy.golden b/internal/mesh/internal/controllers/xds/testdata/destination/l4-single-implicit-destination-tproxy.golden new file mode 100644 index 000000000000..780d2a6f49a8 --- /dev/null +++ b/internal/mesh/internal/controllers/xds/testdata/destination/l4-single-implicit-destination-tproxy.golden @@ -0,0 +1,124 @@ +{ + "clusters": { + "original-destination": { + "endpointGroup": { + "passthrough": { + "config": { + "connectTimeout": "5s" + } + } + }, + "name": "original-destination", + "protocol": "PROTOCOL_TCP" + }, + "tcp.api-1.default.dc1.internal.foo.consul": { + "altStatName": "tcp.api-1.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~tcp" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-1.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "tcp.api-1.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" + } + }, + "endpoints": { + "tcp.api-1.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "leafCertificates": { + "test-identity": { + "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + }, + "listeners": [ + { + "capabilities": [ + "CAPABILITY_TRANSPARENT" + ], + "defaultRouter": { + "l4": { + "cluster": { + "name": "original-destination" + }, + "statPrefix": "upstream.original-destination" + } + }, + "direction": "DIRECTION_OUTBOUND", + "hostPort": { + "host": "127.0.0.1", + "port": 15001 + }, + "name": "outbound_listener", + "routers": [ + { + "l4": { + "cluster": { + "name": "tcp.api-1.default.dc1.internal.foo.consul" + }, + "statPrefix": "upstream.tcp.api-1.default.default.dc1" + }, + "match": { + "destinationPort": 7070, + "prefixRanges": [ + { + "addressPrefix": "1.1.1.1", + "prefixLen": 32 + } + ] + } + } + ] + } + ], + "trustBundles": { + "local": { + "roots": [ + "some-root", + "some-other-root" + ], + "trustDomain": "some-trust-domain" + } + } +} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/xds/testdata/destination/mixed-multi-destination.golden b/internal/mesh/internal/controllers/xds/testdata/destination/mixed-multi-destination.golden new file mode 100644 index 000000000000..16b1841296ed --- /dev/null +++ b/internal/mesh/internal/controllers/xds/testdata/destination/mixed-multi-destination.golden @@ -0,0 +1,380 @@ +{ + "clusters": { + "http.api-1.default.dc1.internal.foo.consul": { + "altStatName": "http.api-1.default.dc1.internal.foo.consul", + "failoverGroup": { + "config": { + "connectTimeout": "55s", + "useAltStatName": true + }, + "endpointGroups": [ + { + "dynamic": { + "config": { + "connectTimeout": "55s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~http" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-1.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + }, + "name": "failover-target~0~http.api-1.default.dc1.internal.foo.consul" + }, + { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~http" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "backup-1.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/backup1-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + }, + "name": "failover-target~1~http.api-1.default.dc1.internal.foo.consul" + } + ] + }, + "name": "http.api-1.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_HTTP" + }, + "http.api-2.default.dc1.internal.foo.consul": { + "altStatName": "http.api-2.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~http" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-2.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "http.api-2.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_HTTP" + }, + "null_route_cluster": { + "endpointGroup": { + "static": { + "config": { + "connectTimeout": "10s" + } + } + }, + "name": "null_route_cluster", + "protocol": "PROTOCOL_TCP" + }, + "tcp.api-1.default.dc1.internal.foo.consul": { + "altStatName": "tcp.api-1.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~tcp" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-1.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "tcp.api-1.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" + }, + "tcp.api-2.default.dc1.internal.foo.consul": { + "altStatName": "tcp.api-2.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~tcp" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-2.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "tcp.api-2.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" + } + }, + "endpoints": { + "http.api-1.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + }, + "http.api-2.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + }, + "tcp.api-1.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + }, + "tcp.api-2.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "leafCertificates": { + "test-identity": { + "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + }, + "listeners": [ + { + "direction": "DIRECTION_OUTBOUND", + "hostPort": { + "host": "1.1.1.1", + "port": 1234 + }, + "name": "default/local/default/api-1:tcp:1.1.1.1:1234", + "routers": [ + { + "l4": { + "statPrefix": "upstream.tcp.api-1.default.default.dc1", + "weightedClusters": { + "clusters": [ + { + "name": "tcp.api-2.default.dc1.internal.foo.consul", + "weight": 60 + }, + { + "name": "tcp.api-1.default.dc1.internal.foo.consul", + "weight": 40 + }, + { + "name": "null_route_cluster", + "weight": 10 + } + ] + } + } + } + ] + }, + { + "direction": "DIRECTION_OUTBOUND", + "name": "default/local/default/api-2:tcp:/path/to/socket", + "routers": [ + { + "l4": { + "cluster": { + "name": "tcp.api-2.default.dc1.internal.foo.consul" + }, + "statPrefix": "upstream.tcp.api-2.default.default.dc1" + } + } + ], + "unixSocket": { + "mode": "0666", + "path": "/path/to/socket" + } + }, + { + "direction": "DIRECTION_OUTBOUND", + "hostPort": { + "host": "1.1.1.1", + "port": 1234 + }, + "name": "default/local/default/api-1:http:1.1.1.1:1234", + "routers": [ + { + "l7": { + "route": { + "name": "default/local/default/api-1:http:1.1.1.1:1234" + }, + "statPrefix": "upstream." + } + } + ] + } + ], + "routes": { + "default/local/default/api-1:http:1.1.1.1:1234": { + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "default/local/default/api-1:http:1.1.1.1:1234", + "routeRules": [ + { + "destination": { + "destinationConfiguration": { + "timeoutConfig": { + "timeout": "77s" + } + }, + "weightedClusters": { + "clusters": [ + { + "name": "http.api-2.default.dc1.internal.foo.consul", + "weight": 60 + }, + { + "name": "http.api-1.default.dc1.internal.foo.consul", + "weight": 40 + }, + { + "name": "null_route_cluster", + "weight": 10 + } + ] + } + }, + "match": { + "pathMatch": { + "prefix": "/split" + } + } + }, + { + "destination": { + "cluster": { + "name": "http.api-1.default.dc1.internal.foo.consul" + }, + "destinationConfiguration": { + "retryPolicy": { + "numRetries": 4, + "retryOn": "connect-failure" + }, + "timeoutConfig": { + "timeout": "606s" + } + } + }, + "match": { + "pathMatch": { + "prefix": "/" + } + } + }, + { + "destination": { + "cluster": { + "name": "null_route_cluster" + } + }, + "match": { + "pathMatch": { + "prefix": "/" + } + } + } + ] + } + ] + } + }, + "trustBundles": { + "local": { + "roots": [ + "some-root", + "some-other-root" + ], + "trustDomain": "some-trust-domain" + } + } +} diff --git a/internal/mesh/internal/controllers/xds/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden b/internal/mesh/internal/controllers/xds/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden new file mode 100644 index 000000000000..7ac1ec80710b --- /dev/null +++ b/internal/mesh/internal/controllers/xds/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden @@ -0,0 +1,466 @@ +{ + "clusters": { + "http.api-app.default.dc1.internal.foo.consul": { + "altStatName": "http.api-app.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~http" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-app.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "http.api-app.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_HTTP" + }, + "http.api-app2.default.dc1.internal.foo.consul": { + "altStatName": "http.api-app2.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~http" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-app2.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api-app2-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "http.api-app2.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_HTTP" + }, + "original-destination": { + "endpointGroup": { + "passthrough": { + "config": { + "connectTimeout": "5s" + } + } + }, + "name": "original-destination", + "protocol": "PROTOCOL_TCP" + }, + "tcp.api-app.default.dc1.internal.foo.consul": { + "altStatName": "tcp.api-app.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~tcp" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-app.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "tcp.api-app.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" + }, + "tcp.api-app2.default.dc1.internal.foo.consul": { + "altStatName": "tcp.api-app2.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~tcp" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-app2.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api-app2-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "tcp.api-app2.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" + }, + "tcp2.api-app.default.dc1.internal.foo.consul": { + "altStatName": "tcp2.api-app.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~tcp2" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-app.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "tcp2.api-app.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" + }, + "tcp2.api-app2.default.dc1.internal.foo.consul": { + "altStatName": "tcp2.api-app2.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~tcp2" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-app2.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api-app2-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "tcp2.api-app2.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" + } + }, + "endpoints": { + "http.api-app.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + }, + "http.api-app2.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + }, + "tcp.api-app.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + }, + "tcp.api-app2.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + }, + "tcp2.api-app.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + }, + "tcp2.api-app2.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "leafCertificates": { + "test-identity": { + "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + }, + "listeners": [ + { + "capabilities": [ + "CAPABILITY_TRANSPARENT" + ], + "defaultRouter": { + "l4": { + "cluster": { + "name": "original-destination" + }, + "statPrefix": "upstream.original-destination" + } + }, + "direction": "DIRECTION_OUTBOUND", + "hostPort": { + "host": "127.0.0.1", + "port": 15001 + }, + "name": "outbound_listener", + "routers": [ + { + "l4": { + "cluster": { + "name": "tcp.api-app.default.dc1.internal.foo.consul" + }, + "statPrefix": "upstream.tcp.api-app.default.default.dc1" + }, + "match": { + "destinationPort": 7070, + "prefixRanges": [ + { + "addressPrefix": "1.1.1.1", + "prefixLen": 32 + } + ] + } + }, + { + "l4": { + "cluster": { + "name": "tcp.api-app2.default.dc1.internal.foo.consul" + }, + "statPrefix": "upstream.tcp.api-app2.default.default.dc1" + }, + "match": { + "destinationPort": 7070, + "prefixRanges": [ + { + "addressPrefix": "2.2.2.2", + "prefixLen": 32 + }, + { + "addressPrefix": "3.3.3.3", + "prefixLen": 32 + } + ] + } + }, + { + "l7": { + "route": { + "name": "default/local/default/api-app:http" + }, + "statPrefix": "upstream." + }, + "match": { + "destinationPort": 8080, + "prefixRanges": [ + { + "addressPrefix": "1.1.1.1", + "prefixLen": 32 + } + ] + } + }, + { + "l7": { + "route": { + "name": "default/local/default/api-app2:http" + }, + "statPrefix": "upstream." + }, + "match": { + "destinationPort": 8080, + "prefixRanges": [ + { + "addressPrefix": "2.2.2.2", + "prefixLen": 32 + }, + { + "addressPrefix": "3.3.3.3", + "prefixLen": 32 + } + ] + } + }, + { + "l4": { + "cluster": { + "name": "tcp2.api-app.default.dc1.internal.foo.consul" + }, + "statPrefix": "upstream.tcp2.api-app.default.default.dc1" + }, + "match": { + "destinationPort": 8081, + "prefixRanges": [ + { + "addressPrefix": "1.1.1.1", + "prefixLen": 32 + } + ] + } + }, + { + "l4": { + "cluster": { + "name": "tcp2.api-app2.default.dc1.internal.foo.consul" + }, + "statPrefix": "upstream.tcp2.api-app2.default.default.dc1" + }, + "match": { + "destinationPort": 8081, + "prefixRanges": [ + { + "addressPrefix": "2.2.2.2", + "prefixLen": 32 + }, + { + "addressPrefix": "3.3.3.3", + "prefixLen": 32 + } + ] + } + } + ] + } + ], + "routes": { + "default/local/default/api-app2:http": { + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "default/local/default/api-app2:http", + "routeRules": [ + { + "destination": { + "cluster": { + "name": "http.api-app2.default.dc1.internal.foo.consul" + } + }, + "match": { + "pathMatch": { + "prefix": "/" + } + } + } + ] + } + ] + }, + "default/local/default/api-app:http": { + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "default/local/default/api-app:http", + "routeRules": [ + { + "destination": { + "cluster": { + "name": "http.api-app.default.dc1.internal.foo.consul" + } + }, + "match": { + "pathMatch": { + "prefix": "/" + } + } + } + ] + } + ] + } + }, + "trustBundles": { + "local": { + "roots": [ + "some-root", + "some-other-root" + ], + "trustDomain": "some-trust-domain" + } + } +} diff --git a/internal/mesh/internal/controllers/xds/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden b/internal/mesh/internal/controllers/xds/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden new file mode 100644 index 000000000000..8f5e73c92ee5 --- /dev/null +++ b/internal/mesh/internal/controllers/xds/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden @@ -0,0 +1,262 @@ +{ + "clusters": { + "http.api-app.default.dc1.internal.foo.consul": { + "altStatName": "http.api-app.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~http" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-app.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "http.api-app.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_HTTP" + }, + "original-destination": { + "endpointGroup": { + "passthrough": { + "config": { + "connectTimeout": "5s" + } + } + }, + "name": "original-destination", + "protocol": "PROTOCOL_TCP" + }, + "tcp.api-app.default.dc1.internal.foo.consul": { + "altStatName": "tcp.api-app.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~tcp" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-app.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "tcp.api-app.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" + }, + "tcp2.api-app.default.dc1.internal.foo.consul": { + "altStatName": "tcp2.api-app.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~tcp2" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-app.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "tcp2.api-app.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" + } + }, + "endpoints": { + "http.api-app.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + }, + "tcp.api-app.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + }, + "tcp2.api-app.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "leafCertificates": { + "test-identity": { + "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + }, + "listeners": [ + { + "capabilities": [ + "CAPABILITY_TRANSPARENT" + ], + "defaultRouter": { + "l4": { + "cluster": { + "name": "original-destination" + }, + "statPrefix": "upstream.original-destination" + } + }, + "direction": "DIRECTION_OUTBOUND", + "hostPort": { + "host": "127.0.0.1", + "port": 15001 + }, + "name": "outbound_listener", + "routers": [ + { + "l4": { + "cluster": { + "name": "tcp.api-app.default.dc1.internal.foo.consul" + }, + "statPrefix": "upstream.tcp.api-app.default.default.dc1" + }, + "match": { + "destinationPort": 7070, + "prefixRanges": [ + { + "addressPrefix": "1.1.1.1", + "prefixLen": 32 + } + ] + } + }, + { + "l7": { + "route": { + "name": "default/local/default/api-app:http" + }, + "statPrefix": "upstream." + }, + "match": { + "destinationPort": 8080, + "prefixRanges": [ + { + "addressPrefix": "1.1.1.1", + "prefixLen": 32 + } + ] + } + }, + { + "l4": { + "cluster": { + "name": "tcp2.api-app.default.dc1.internal.foo.consul" + }, + "statPrefix": "upstream.tcp2.api-app.default.default.dc1" + }, + "match": { + "destinationPort": 8081, + "prefixRanges": [ + { + "addressPrefix": "1.1.1.1", + "prefixLen": 32 + } + ] + } + } + ] + } + ], + "routes": { + "default/local/default/api-app:http": { + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "default/local/default/api-app:http", + "routeRules": [ + { + "destination": { + "cluster": { + "name": "http.api-app.default.dc1.internal.foo.consul" + } + }, + "match": { + "pathMatch": { + "prefix": "/" + } + } + } + ] + } + ] + } + }, + "trustBundles": { + "local": { + "roots": [ + "some-root", + "some-other-root" + ], + "trustDomain": "some-trust-domain" + } + } +} diff --git a/internal/mesh/internal/controllers/xds/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden b/internal/mesh/internal/controllers/xds/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden new file mode 100644 index 000000000000..8f5e73c92ee5 --- /dev/null +++ b/internal/mesh/internal/controllers/xds/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden @@ -0,0 +1,262 @@ +{ + "clusters": { + "http.api-app.default.dc1.internal.foo.consul": { + "altStatName": "http.api-app.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~http" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-app.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "http.api-app.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_HTTP" + }, + "original-destination": { + "endpointGroup": { + "passthrough": { + "config": { + "connectTimeout": "5s" + } + } + }, + "name": "original-destination", + "protocol": "PROTOCOL_TCP" + }, + "tcp.api-app.default.dc1.internal.foo.consul": { + "altStatName": "tcp.api-app.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~tcp" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-app.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "tcp.api-app.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" + }, + "tcp2.api-app.default.dc1.internal.foo.consul": { + "altStatName": "tcp2.api-app.default.dc1.internal.foo.consul", + "endpointGroup": { + "dynamic": { + "config": { + "connectTimeout": "5s", + "disablePanicThreshold": true + }, + "outboundTls": { + "alpnProtocols": [ + "consul~tcp2" + ], + "outboundMesh": { + "identityKey": "test-identity", + "sni": "api-app.default.dc1.internal.foo.consul", + "validationContext": { + "spiffeIds": [ + "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + ], + "trustBundlePeerNameKey": "local" + } + } + } + } + }, + "name": "tcp2.api-app.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" + } + }, + "endpoints": { + "http.api-app.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + }, + "tcp.api-app.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + }, + "tcp2.api-app.default.dc1.internal.foo.consul": { + "endpoints": [ + { + "healthStatus": "HEALTH_STATUS_HEALTHY", + "hostPort": { + "host": "10.1.1.1", + "port": 20000 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "leafCertificates": { + "test-identity": { + "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + }, + "listeners": [ + { + "capabilities": [ + "CAPABILITY_TRANSPARENT" + ], + "defaultRouter": { + "l4": { + "cluster": { + "name": "original-destination" + }, + "statPrefix": "upstream.original-destination" + } + }, + "direction": "DIRECTION_OUTBOUND", + "hostPort": { + "host": "127.0.0.1", + "port": 15001 + }, + "name": "outbound_listener", + "routers": [ + { + "l4": { + "cluster": { + "name": "tcp.api-app.default.dc1.internal.foo.consul" + }, + "statPrefix": "upstream.tcp.api-app.default.default.dc1" + }, + "match": { + "destinationPort": 7070, + "prefixRanges": [ + { + "addressPrefix": "1.1.1.1", + "prefixLen": 32 + } + ] + } + }, + { + "l7": { + "route": { + "name": "default/local/default/api-app:http" + }, + "statPrefix": "upstream." + }, + "match": { + "destinationPort": 8080, + "prefixRanges": [ + { + "addressPrefix": "1.1.1.1", + "prefixLen": 32 + } + ] + } + }, + { + "l4": { + "cluster": { + "name": "tcp2.api-app.default.dc1.internal.foo.consul" + }, + "statPrefix": "upstream.tcp2.api-app.default.default.dc1" + }, + "match": { + "destinationPort": 8081, + "prefixRanges": [ + { + "addressPrefix": "1.1.1.1", + "prefixLen": 32 + } + ] + } + } + ] + } + ], + "routes": { + "default/local/default/api-app:http": { + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "default/local/default/api-app:http", + "routeRules": [ + { + "destination": { + "cluster": { + "name": "http.api-app.default.dc1.internal.foo.consul" + } + }, + "match": { + "pathMatch": { + "prefix": "/" + } + } + } + ] + } + ] + } + }, + "trustBundles": { + "local": { + "roots": [ + "some-root", + "some-other-root" + ], + "trustDomain": "some-trust-domain" + } + } +} diff --git a/internal/mesh/internal/controllers/xds/testdata/source/l4-multiple-workload-addresses-with-specific-ports.golden b/internal/mesh/internal/controllers/xds/testdata/source/l4-multiple-workload-addresses-with-specific-ports.golden new file mode 100644 index 000000000000..c88a05495613 --- /dev/null +++ b/internal/mesh/internal/controllers/xds/testdata/source/l4-multiple-workload-addresses-with-specific-ports.golden @@ -0,0 +1,102 @@ +{ + "clusters": { + "local_app:port1": { + "endpointGroup": { + "static": {} + }, + "name": "local_app:port1", + "protocol": "PROTOCOL_TCP" + } + }, + "endpoints": { + "local_app:port1": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 8080 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "leafCertificates": { + "test-identity": { + "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + }, + "listeners": [ + { + "capabilities": [ + "CAPABILITY_L4_TLS_INSPECTION" + ], + "direction": "DIRECTION_INBOUND", + "hostPort": { + "host": "10.0.0.2", + "port": 20000 + }, + "name": "public_listener", + "routers": [ + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l4": { + "cluster": { + "name": "local_app:port1" + }, + "statPrefix": "public_listener", + "trafficPermissions": { + "allowPermissions": [ + { + "principals": [ + { + "spiffe": { + "regex": "^spiffe://foo.consul/ap/default/ns/default/identity/foo$" + } + } + ] + } + ] + } + }, + "match": { + "alpnProtocols": [ + "consul~port1" + ] + } + } + ] + } + ], + "trustBundles": { + "local": { + "roots": [ + "some-root", + "some-other-root" + ], + "trustDomain": "some-trust-domain" + } + } +} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/xds/testdata/source/l4-multiple-workload-addresses-without-ports.golden b/internal/mesh/internal/controllers/xds/testdata/source/l4-multiple-workload-addresses-without-ports.golden new file mode 100644 index 000000000000..439c536fdc3b --- /dev/null +++ b/internal/mesh/internal/controllers/xds/testdata/source/l4-multiple-workload-addresses-without-ports.golden @@ -0,0 +1,90 @@ +{ + "clusters": { + "local_app:port1": { + "endpointGroup": { + "static": {} + }, + "name": "local_app:port1", + "protocol": "PROTOCOL_TCP" + } + }, + "endpoints": { + "local_app:port1": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 8080 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "leafCertificates": { + "test-identity": { + "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + }, + "listeners": [ + { + "capabilities": [ + "CAPABILITY_L4_TLS_INSPECTION" + ], + "direction": "DIRECTION_INBOUND", + "hostPort": { + "host": "10.0.0.1", + "port": 20000 + }, + "name": "public_listener", + "routers": [ + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l4": { + "cluster": { + "name": "local_app:port1" + }, + "statPrefix": "public_listener", + "trafficPermissions": {} + }, + "match": { + "alpnProtocols": [ + "consul~port1" + ] + } + } + ] + } + ], + "trustBundles": { + "local": { + "roots": [ + "some-root", + "some-other-root" + ], + "trustDomain": "some-trust-domain" + } + } +} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/xds/testdata/source/l4-single-workload-address-without-ports.golden b/internal/mesh/internal/controllers/xds/testdata/source/l4-single-workload-address-without-ports.golden new file mode 100644 index 000000000000..439c536fdc3b --- /dev/null +++ b/internal/mesh/internal/controllers/xds/testdata/source/l4-single-workload-address-without-ports.golden @@ -0,0 +1,90 @@ +{ + "clusters": { + "local_app:port1": { + "endpointGroup": { + "static": {} + }, + "name": "local_app:port1", + "protocol": "PROTOCOL_TCP" + } + }, + "endpoints": { + "local_app:port1": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 8080 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "leafCertificates": { + "test-identity": { + "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + }, + "listeners": [ + { + "capabilities": [ + "CAPABILITY_L4_TLS_INSPECTION" + ], + "direction": "DIRECTION_INBOUND", + "hostPort": { + "host": "10.0.0.1", + "port": 20000 + }, + "name": "public_listener", + "routers": [ + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l4": { + "cluster": { + "name": "local_app:port1" + }, + "statPrefix": "public_listener", + "trafficPermissions": {} + }, + "match": { + "alpnProtocols": [ + "consul~port1" + ] + } + } + ] + } + ], + "trustBundles": { + "local": { + "roots": [ + "some-root", + "some-other-root" + ], + "trustDomain": "some-trust-domain" + } + } +} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/xds/testdata/source/l7-expose-paths.golden b/internal/mesh/internal/controllers/xds/testdata/source/l7-expose-paths.golden new file mode 100644 index 000000000000..994b00f41514 --- /dev/null +++ b/internal/mesh/internal/controllers/xds/testdata/source/l7-expose-paths.golden @@ -0,0 +1,213 @@ +{ + "clusters": { + "exposed_cluster_9090": { + "endpointGroup": { + "static": {} + }, + "name": "exposed_cluster_9090", + "protocol": "PROTOCOL_HTTP" + }, + "exposed_cluster_9091": { + "endpointGroup": { + "static": {} + }, + "name": "exposed_cluster_9091", + "protocol": "PROTOCOL_HTTP2" + }, + "local_app:port1": { + "endpointGroup": { + "static": {} + }, + "name": "local_app:port1", + "protocol": "PROTOCOL_TCP" + } + }, + "endpoints": { + "exposed_cluster_9090": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 9090 + } + } + ] + }, + "exposed_cluster_9091": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 9091 + } + } + ] + }, + "local_app:port1": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 8080 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "leafCertificates": { + "test-identity": { + "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + }, + "listeners": [ + { + "capabilities": [ + "CAPABILITY_L4_TLS_INSPECTION" + ], + "direction": "DIRECTION_INBOUND", + "hostPort": { + "host": "10.0.0.1", + "port": 20000 + }, + "name": "public_listener", + "routers": [ + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l4": { + "cluster": { + "name": "local_app:port1" + }, + "statPrefix": "public_listener", + "trafficPermissions": {} + }, + "match": { + "alpnProtocols": [ + "consul~port1" + ] + } + } + ] + }, + { + "direction": "DIRECTION_INBOUND", + "hostPort": { + "host": "10.0.0.1", + "port": 1234 + }, + "name": "exposed_path_health1234", + "routers": [ + { + "l7": { + "route": { + "name": "exposed_path_route_health1234" + }, + "statPrefix": "exposed_path_route_health1234", + "staticRoute": true + } + } + ] + }, + { + "direction": "DIRECTION_INBOUND", + "hostPort": { + "host": "10.0.0.1", + "port": 1235 + }, + "name": "exposed_path_GetHealth1235", + "routers": [ + { + "l7": { + "protocol": "L7_PROTOCOL_HTTP2", + "route": { + "name": "exposed_path_route_GetHealth1235" + }, + "statPrefix": "exposed_path_route_GetHealth1235", + "staticRoute": true + } + } + ] + } + ], + "routes": { + "exposed_path_route_GetHealth1235": { + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "exposed_path_route_GetHealth1235", + "routeRules": [ + { + "destination": { + "cluster": { + "name": "exposed_cluster_9091" + } + }, + "match": { + "pathMatch": { + "exact": "GetHealth" + } + } + } + ] + } + ] + }, + "exposed_path_route_health1234": { + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "exposed_path_route_health1234", + "routeRules": [ + { + "destination": { + "cluster": { + "name": "exposed_cluster_9090" + } + }, + "match": { + "pathMatch": { + "exact": "/health" + } + } + } + ] + } + ] + } + }, + "trustBundles": { + "local": { + "roots": [ + "some-root", + "some-other-root" + ], + "trustDomain": "some-trust-domain" + } + } +} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/xds/testdata/source/local-and-inbound-connections.golden b/internal/mesh/internal/controllers/xds/testdata/source/local-and-inbound-connections.golden new file mode 100644 index 000000000000..f75354038bf4 --- /dev/null +++ b/internal/mesh/internal/controllers/xds/testdata/source/local-and-inbound-connections.golden @@ -0,0 +1,305 @@ +{ + "clusters": { + "exposed_cluster_9090": { + "endpointGroup": { + "static": {} + }, + "name": "exposed_cluster_9090", + "protocol": "PROTOCOL_HTTP" + }, + "exposed_cluster_9091": { + "endpointGroup": { + "static": {} + }, + "name": "exposed_cluster_9091", + "protocol": "PROTOCOL_HTTP2" + }, + "local_app:port1": { + "endpointGroup": { + "static": { + "config": { + "circuitBreakers": { + "upstreamLimits": { + "maxConnections": 123 + } + }, + "connectTimeout": "6s" + } + } + }, + "name": "local_app:port1", + "protocol": "PROTOCOL_TCP" + }, + "local_app:port3": { + "endpointGroup": { + "static": { + "config": { + "circuitBreakers": { + "upstreamLimits": { + "maxConnections": 123 + } + }, + "connectTimeout": "8s" + } + } + }, + "name": "local_app:port3", + "protocol": "PROTOCOL_HTTP" + } + }, + "endpoints": { + "exposed_cluster_9090": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 9090 + } + } + ] + }, + "exposed_cluster_9091": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 9091 + } + } + ] + }, + "local_app:port1": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 8080 + } + } + ] + }, + "local_app:port3": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 8081 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "leafCertificates": { + "test-identity": { + "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + }, + "listeners": [ + { + "balanceConnections": "BALANCE_CONNECTIONS_EXACT", + "capabilities": [ + "CAPABILITY_L4_TLS_INSPECTION" + ], + "direction": "DIRECTION_INBOUND", + "hostPort": { + "host": "10.0.0.1", + "port": 20000 + }, + "name": "public_listener", + "routers": [ + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l4": { + "cluster": { + "name": "local_app:port1" + }, + "maxInboundConnections": "123", + "statPrefix": "public_listener", + "trafficPermissions": {} + }, + "match": { + "alpnProtocols": [ + "consul~port1" + ] + } + }, + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l7": { + "maxInboundConnections": "123", + "route": { + "name": "public_listener:port3" + }, + "statPrefix": "public_listener", + "staticRoute": true, + "trafficPermissions": {} + }, + "match": { + "alpnProtocols": [ + "consul~port3" + ] + } + } + ] + }, + { + "direction": "DIRECTION_INBOUND", + "hostPort": { + "host": "10.0.0.1", + "port": 1234 + }, + "name": "exposed_path_health1234", + "routers": [ + { + "l7": { + "route": { + "name": "exposed_path_route_health1234" + }, + "statPrefix": "exposed_path_route_health1234", + "staticRoute": true + } + } + ] + }, + { + "direction": "DIRECTION_INBOUND", + "hostPort": { + "host": "10.0.0.1", + "port": 1235 + }, + "name": "exposed_path_GetHealth1235", + "routers": [ + { + "l7": { + "protocol": "L7_PROTOCOL_HTTP2", + "route": { + "name": "exposed_path_route_GetHealth1235" + }, + "statPrefix": "exposed_path_route_GetHealth1235", + "staticRoute": true + } + } + ] + } + ], + "routes": { + "exposed_path_route_GetHealth1235": { + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "exposed_path_route_GetHealth1235", + "routeRules": [ + { + "destination": { + "cluster": { + "name": "exposed_cluster_9091" + } + }, + "match": { + "pathMatch": { + "exact": "GetHealth" + } + } + } + ] + } + ] + }, + "exposed_path_route_health1234": { + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "exposed_path_route_health1234", + "routeRules": [ + { + "destination": { + "cluster": { + "name": "exposed_cluster_9090" + } + }, + "match": { + "pathMatch": { + "exact": "/health" + } + } + } + ] + } + ] + }, + "public_listener:port3": { + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "public_listener:port3", + "routeRules": [ + { + "destination": { + "cluster": { + "name": "local_app:port3" + }, + "destinationConfiguration": { + "timeoutConfig": { + "timeout": "9s" + } + } + }, + "match": { + "pathMatch": { + "prefix": "/" + } + } + } + ] + } + ] + } + }, + "trustBundles": { + "local": { + "roots": [ + "some-root", + "some-other-root" + ], + "trustDomain": "some-trust-domain" + } + } +} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/xds/testdata/source/multiport-l4-multiple-workload-addresses-with-specific-ports.golden b/internal/mesh/internal/controllers/xds/testdata/source/multiport-l4-multiple-workload-addresses-with-specific-ports.golden new file mode 100644 index 000000000000..e2798c8d4e49 --- /dev/null +++ b/internal/mesh/internal/controllers/xds/testdata/source/multiport-l4-multiple-workload-addresses-with-specific-ports.golden @@ -0,0 +1,131 @@ +{ + "clusters": { + "local_app:admin-port": { + "endpointGroup": { + "static": {} + }, + "name": "local_app:admin-port", + "protocol": "PROTOCOL_TCP" + }, + "local_app:api-port": { + "endpointGroup": { + "static": {} + }, + "name": "local_app:api-port", + "protocol": "PROTOCOL_TCP" + } + }, + "endpoints": { + "local_app:admin-port": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 8080 + } + } + ] + }, + "local_app:api-port": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 9090 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "leafCertificates": { + "test-identity": { + "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + }, + "listeners": [ + { + "capabilities": [ + "CAPABILITY_L4_TLS_INSPECTION" + ], + "direction": "DIRECTION_INBOUND", + "hostPort": { + "host": "10.0.0.3", + "port": 20000 + }, + "name": "public_listener", + "routers": [ + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l4": { + "cluster": { + "name": "local_app:admin-port" + }, + "statPrefix": "public_listener", + "trafficPermissions": {} + }, + "match": { + "alpnProtocols": [ + "consul~admin-port" + ] + } + }, + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l4": { + "cluster": { + "name": "local_app:api-port" + }, + "statPrefix": "public_listener", + "trafficPermissions": {} + }, + "match": { + "alpnProtocols": [ + "consul~api-port" + ] + } + } + ] + } + ], + "trustBundles": { + "local": { + "roots": [ + "some-root", + "some-other-root" + ], + "trustDomain": "some-trust-domain" + } + } +} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/xds/testdata/source/multiport-l4-multiple-workload-addresses-without-ports.golden b/internal/mesh/internal/controllers/xds/testdata/source/multiport-l4-multiple-workload-addresses-without-ports.golden new file mode 100644 index 000000000000..21402c187b5e --- /dev/null +++ b/internal/mesh/internal/controllers/xds/testdata/source/multiport-l4-multiple-workload-addresses-without-ports.golden @@ -0,0 +1,131 @@ +{ + "clusters": { + "local_app:admin-port": { + "endpointGroup": { + "static": {} + }, + "name": "local_app:admin-port", + "protocol": "PROTOCOL_TCP" + }, + "local_app:api-port": { + "endpointGroup": { + "static": {} + }, + "name": "local_app:api-port", + "protocol": "PROTOCOL_TCP" + } + }, + "endpoints": { + "local_app:admin-port": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 8080 + } + } + ] + }, + "local_app:api-port": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 9090 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "leafCertificates": { + "test-identity": { + "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + }, + "listeners": [ + { + "capabilities": [ + "CAPABILITY_L4_TLS_INSPECTION" + ], + "direction": "DIRECTION_INBOUND", + "hostPort": { + "host": "10.0.0.1", + "port": 20000 + }, + "name": "public_listener", + "routers": [ + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l4": { + "cluster": { + "name": "local_app:admin-port" + }, + "statPrefix": "public_listener", + "trafficPermissions": {} + }, + "match": { + "alpnProtocols": [ + "consul~admin-port" + ] + } + }, + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l4": { + "cluster": { + "name": "local_app:api-port" + }, + "statPrefix": "public_listener", + "trafficPermissions": {} + }, + "match": { + "alpnProtocols": [ + "consul~api-port" + ] + } + } + ] + } + ], + "trustBundles": { + "local": { + "roots": [ + "some-root", + "some-other-root" + ], + "trustDomain": "some-trust-domain" + } + } +} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/xds/testdata/source/multiport-l4-single-workload-address-without-ports.golden b/internal/mesh/internal/controllers/xds/testdata/source/multiport-l4-single-workload-address-without-ports.golden new file mode 100644 index 000000000000..1487da213341 --- /dev/null +++ b/internal/mesh/internal/controllers/xds/testdata/source/multiport-l4-single-workload-address-without-ports.golden @@ -0,0 +1,129 @@ +{ + "clusters": { + "local_app:admin-port": { + "endpointGroup": { + "static": {} + }, + "name": "local_app:admin-port" + }, + "local_app:api-port": { + "endpointGroup": { + "static": {} + }, + "name": "local_app:api-port" + } + }, + "endpoints": { + "local_app:admin-port": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 8080 + } + } + ] + }, + "local_app:api-port": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 9090 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "listeners": [ + { + "capabilities": [ + "CAPABILITY_L4_TLS_INSPECTION" + ], + "direction": "DIRECTION_INBOUND", + "hostPort": { + "host": "10.0.0.1", + "port": 20000 + }, + "name": "public_listener", + "routers": [ + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l4": { + "cluster": { + "name": "local_app:admin-port" + }, + "statPrefix": "public_listener", + "trafficPermissions": {} + }, + "match": { + "alpnProtocols": [ + "consul~admin-port" + ] + } + }, + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l4": { + "cluster": { + "name": "local_app:api-port" + }, + "statPrefix": "public_listener", + "trafficPermissions": {} + }, + "match": { + "alpnProtocols": [ + "consul~api-port" + ] + } + } + ] + } + ], + "trustBundles": { + "local": { + "roots": [ + "some-root", + "some-other-root" + ], + "trustDomain": "some-trust-domain" + } + }, + "leafCertificates": { + "test-identity": { + "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } +} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/xds/testdata/source/multiport-l4-workload-with-only-mesh-port.golden b/internal/mesh/internal/controllers/xds/testdata/source/multiport-l4-workload-with-only-mesh-port.golden new file mode 100644 index 000000000000..92f491e9e04d --- /dev/null +++ b/internal/mesh/internal/controllers/xds/testdata/source/multiport-l4-workload-with-only-mesh-port.golden @@ -0,0 +1,62 @@ +{ + "clusters": { + "black-hole-cluster": { + "endpointGroup": { + "static": {} + }, + "name": "black-hole-cluster", + "protocol": "PROTOCOL_TCP" + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "leafCertificates": { + "test-identity": { + "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + }, + "listeners": [ + { + "capabilities": [ + "CAPABILITY_L4_TLS_INSPECTION" + ], + "direction": "DIRECTION_INBOUND", + "hostPort": { + "host": "10.0.0.1", + "port": 20000 + }, + "name": "public_listener", + "routers": [ + { + "l4": { + "cluster": { + "name": "black-hole-cluster" + }, + "statPrefix": "public_listener" + } + } + ] + } + ], + "trustBundles": { + "local": { + "roots": [ + "some-root", + "some-other-root" + ], + "trustDomain": "some-trust-domain" + } + } +} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/xds/testdata/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden b/internal/mesh/internal/controllers/xds/testdata/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden new file mode 100644 index 000000000000..fdab88cd7c18 --- /dev/null +++ b/internal/mesh/internal/controllers/xds/testdata/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden @@ -0,0 +1,184 @@ +{ + "clusters": { + "local_app:admin-port": { + "endpointGroup": { + "static": {} + }, + "name": "local_app:admin-port", + "protocol": "PROTOCOL_HTTP" + }, + "local_app:api-port": { + "endpointGroup": { + "static": {} + }, + "name": "local_app:api-port", + "protocol": "PROTOCOL_HTTP2" + } + }, + "endpoints": { + "local_app:admin-port": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 8080 + } + } + ] + }, + "local_app:api-port": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 9090 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "leafCertificates": { + "test-identity": { + "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + }, + "listeners": [ + { + "capabilities": [ + "CAPABILITY_L4_TLS_INSPECTION" + ], + "direction": "DIRECTION_INBOUND", + "hostPort": { + "host": "10.0.0.3", + "port": 20000 + }, + "name": "public_listener", + "routers": [ + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l7": { + "route": { + "name": "public_listener:admin-port" + }, + "statPrefix": "public_listener", + "staticRoute": true, + "trafficPermissions": {} + }, + "match": { + "alpnProtocols": [ + "consul~admin-port" + ] + } + }, + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l7": { + "protocol": "L7_PROTOCOL_HTTP2", + "route": { + "name": "public_listener:api-port" + }, + "statPrefix": "public_listener", + "staticRoute": true, + "trafficPermissions": {} + }, + "match": { + "alpnProtocols": [ + "consul~api-port" + ] + } + } + ] + } + ], + "routes": { + "public_listener:admin-port": { + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "public_listener:admin-port", + "routeRules": [ + { + "destination": { + "cluster": { + "name": "local_app:admin-port" + } + }, + "match": { + "pathMatch": { + "prefix": "/" + } + } + } + ] + } + ] + }, + "public_listener:api-port": { + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "public_listener:api-port", + "routeRules": [ + { + "destination": { + "cluster": { + "name": "local_app:api-port" + } + }, + "match": { + "pathMatch": { + "prefix": "/" + } + } + } + ] + } + ] + } + }, + "trustBundles": { + "local": { + "roots": [ + "some-root", + "some-other-root" + ], + "trustDomain": "some-trust-domain" + } + } +} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/xds/testdata/source/multiport-l7-multiple-workload-addresses-without-ports.golden b/internal/mesh/internal/controllers/xds/testdata/source/multiport-l7-multiple-workload-addresses-without-ports.golden new file mode 100644 index 000000000000..3403eed7a864 --- /dev/null +++ b/internal/mesh/internal/controllers/xds/testdata/source/multiport-l7-multiple-workload-addresses-without-ports.golden @@ -0,0 +1,251 @@ +{ + "clusters": { + "local_app:admin-port": { + "endpointGroup": { + "static": {} + }, + "name": "local_app:admin-port", + "protocol": "PROTOCOL_HTTP" + }, + "local_app:api-port": { + "endpointGroup": { + "static": {} + }, + "name": "local_app:api-port", + "protocol": "PROTOCOL_HTTP2" + }, + "local_app:grpc-port": { + "endpointGroup": { + "static": {} + }, + "name": "local_app:grpc-port", + "protocol": "PROTOCOL_GRPC" + } + }, + "endpoints": { + "local_app:admin-port": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 8080 + } + } + ] + }, + "local_app:api-port": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 9090 + } + } + ] + }, + "local_app:grpc-port": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 9091 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "leafCertificates": { + "test-identity": { + "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + }, + "listeners": [ + { + "capabilities": [ + "CAPABILITY_L4_TLS_INSPECTION" + ], + "direction": "DIRECTION_INBOUND", + "hostPort": { + "host": "10.0.0.1", + "port": 20000 + }, + "name": "public_listener", + "routers": [ + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l7": { + "route": { + "name": "public_listener:admin-port" + }, + "statPrefix": "public_listener", + "staticRoute": true, + "trafficPermissions": {} + }, + "match": { + "alpnProtocols": [ + "consul~admin-port" + ] + } + }, + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l7": { + "protocol": "L7_PROTOCOL_HTTP2", + "route": { + "name": "public_listener:api-port" + }, + "statPrefix": "public_listener", + "staticRoute": true, + "trafficPermissions": {} + }, + "match": { + "alpnProtocols": [ + "consul~api-port" + ] + } + }, + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l7": { + "protocol": "L7_PROTOCOL_GRPC", + "route": { + "name": "public_listener:grpc-port" + }, + "statPrefix": "public_listener", + "staticRoute": true, + "trafficPermissions": {} + }, + "match": { + "alpnProtocols": [ + "consul~grpc-port" + ] + } + } + ] + } + ], + "routes": { + "public_listener:admin-port": { + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "public_listener:admin-port", + "routeRules": [ + { + "destination": { + "cluster": { + "name": "local_app:admin-port" + } + }, + "match": { + "pathMatch": { + "prefix": "/" + } + } + } + ] + } + ] + }, + "public_listener:api-port": { + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "public_listener:api-port", + "routeRules": [ + { + "destination": { + "cluster": { + "name": "local_app:api-port" + } + }, + "match": { + "pathMatch": { + "prefix": "/" + } + } + } + ] + } + ] + }, + "public_listener:grpc-port": { + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "public_listener:grpc-port", + "routeRules": [ + { + "destination": { + "cluster": { + "name": "local_app:grpc-port" + } + }, + "match": { + "pathMatch": { + "prefix": "/" + } + } + } + ] + } + ] + } + }, + "trustBundles": { + "local": { + "roots": [ + "some-root", + "some-other-root" + ], + "trustDomain": "some-trust-domain" + } + } +} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/xds/testdata/source/multiport-l7-single-workload-address-without-ports.golden b/internal/mesh/internal/controllers/xds/testdata/source/multiport-l7-single-workload-address-without-ports.golden new file mode 100644 index 000000000000..460ede98100a --- /dev/null +++ b/internal/mesh/internal/controllers/xds/testdata/source/multiport-l7-single-workload-address-without-ports.golden @@ -0,0 +1,248 @@ +{ + "clusters": { + "local_app:admin-port": { + "endpointGroup": { + "static": {} + }, + "name": "local_app:admin-port" + }, + "local_app:api-port": { + "endpointGroup": { + "static": {} + }, + "name": "local_app:api-port" + }, + "local_app:grpc-port": { + "endpointGroup": { + "static": {} + }, + "name": "local_app:grpc-port" + } + }, + "endpoints": { + "local_app:admin-port": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 8080 + } + } + ] + }, + "local_app:api-port": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 9090 + } + } + ] + }, + "local_app:grpc-port": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 9091 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "listeners": [ + { + "capabilities": [ + "CAPABILITY_L4_TLS_INSPECTION" + ], + "direction": "DIRECTION_INBOUND", + "hostPort": { + "host": "10.0.0.1", + "port": 20000 + }, + "name": "public_listener", + "routers": [ + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l7": { + "route": { + "name": "public_listener:admin-port" + }, + "statPrefix": "public_listener", + "staticRoute": true, + "trafficPermissions": {} + }, + "match": { + "alpnProtocols": [ + "consul~admin-port" + ] + } + }, + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l7": { + "protocol": "L7_PROTOCOL_HTTP2", + "route": { + "name": "public_listener:api-port" + }, + "statPrefix": "public_listener", + "staticRoute": true, + "trafficPermissions": {} + }, + "match": { + "alpnProtocols": [ + "consul~api-port" + ] + } + }, + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l7": { + "protocol": "L7_PROTOCOL_GRPC", + "route": { + "name": "public_listener:grpc-port" + }, + "statPrefix": "public_listener", + "staticRoute": true, + "trafficPermissions": {} + }, + "match": { + "alpnProtocols": [ + "consul~grpc-port" + ] + } + } + ] + } + ], + "routes": { + "public_listener:admin-port": { + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "public_listener:admin-port", + "routeRules": [ + { + "destination": { + "cluster": { + "name": "local_app:admin-port" + } + }, + "match": { + "pathMatch": { + "prefix": "/" + } + } + } + ] + } + ] + }, + "public_listener:api-port": { + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "public_listener:api-port", + "routeRules": [ + { + "destination": { + "cluster": { + "name": "local_app:api-port" + } + }, + "match": { + "pathMatch": { + "prefix": "/" + } + } + } + ] + } + ] + }, + "public_listener:grpc-port": { + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "public_listener:grpc-port", + "routeRules": [ + { + "destination": { + "cluster": { + "name": "local_app:grpc-port" + } + }, + "match": { + "pathMatch": { + "prefix": "/" + } + } + } + ] + } + ] + } + }, + "trustBundles": { + "local": { + "roots": [ + "some-root", + "some-other-root" + ], + "trustDomain": "some-trust-domain" + } + }, + "leafCertificates": { + "test-identity": { + "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } +} \ No newline at end of file diff --git a/internal/mesh/internal/mappers/workloadselectionmapper/workload_selection_mapper.go b/internal/mesh/internal/mappers/workloadselectionmapper/workload_selection_mapper.go index 533474e6522a..7b064248414b 100644 --- a/internal/mesh/internal/mappers/workloadselectionmapper/workload_selection_mapper.go +++ b/internal/mesh/internal/mappers/workloadselectionmapper/workload_selection_mapper.go @@ -6,29 +6,21 @@ package workloadselectionmapper import ( "context" - "google.golang.org/protobuf/proto" - + "github.com/hashicorp/consul/internal/catalog" "github.com/hashicorp/consul/internal/controller" "github.com/hashicorp/consul/internal/mesh/internal/mappers/common" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/mappers/selectiontracker" "github.com/hashicorp/consul/lib/stringslice" - pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" ) -// WorkloadSelecting denotes a resource type that uses workload selectors. -type WorkloadSelecting interface { - proto.Message - GetWorkloads() *pbcatalog.WorkloadSelector -} - -type Mapper[T WorkloadSelecting] struct { +type Mapper[T catalog.WorkloadSelecting] struct { workloadSelectionTracker *selectiontracker.WorkloadSelectionTracker computedType *pbresource.Type } -func New[T WorkloadSelecting](computedType *pbresource.Type) *Mapper[T] { +func New[T catalog.WorkloadSelecting](computedType *pbresource.Type) *Mapper[T] { if computedType == nil { panic("computed type is required") } diff --git a/internal/mesh/internal/types/destination_policy.go b/internal/mesh/internal/types/destination_policy.go index 75a6b9f18fb0..68b37345baf3 100644 --- a/internal/mesh/internal/types/destination_policy.go +++ b/internal/mesh/internal/types/destination_policy.go @@ -24,7 +24,7 @@ func RegisterDestinationPolicy(r resource.Registry) { ACLs: &resource.ACLHooks{ Read: aclReadHookDestinationPolicy, Write: aclWriteHookDestinationPolicy, - List: aclListHookDestinationPolicy, + List: resource.NoOpACLListHook, }, }) } @@ -233,9 +233,3 @@ func aclWriteHookDestinationPolicy(authorizer acl.Authorizer, authzContext *acl. // Check service:write permissions on the service this is controlling. return authorizer.ToAllowAuthorizer().ServiceWriteAllowed(serviceName, authzContext) } - -func aclListHookDestinationPolicy(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext) error { - // No-op List permission as we want to default to filtering resources - // from the list using the Read enforcement. - return nil -} diff --git a/internal/mesh/internal/types/destination_policy_test.go b/internal/mesh/internal/types/destination_policy_test.go index c2f89eeb0a9f..edbcd4c42653 100644 --- a/internal/mesh/internal/types/destination_policy_test.go +++ b/internal/mesh/internal/types/destination_policy_test.go @@ -4,20 +4,20 @@ package types import ( + "fmt" "testing" "time" "github.com/stretchr/testify/require" "google.golang.org/protobuf/types/known/durationpb" - "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/resourcetest" pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" "github.com/hashicorp/consul/proto/private/prototest" "github.com/hashicorp/consul/sdk/testutil" + "github.com/hashicorp/consul/version/versiontest" ) func TestValidateDestinationPolicy(t *testing.T) { @@ -518,99 +518,92 @@ func TestDestinationPolicyACLs(t *testing.T) { registry := resource.NewRegistry() Register(registry) - type testcase struct { - rules string - check func(t *testing.T, authz acl.Authorizer, res *pbresource.Resource) - readOK string - writeOK string - listOK string + newPolicy := func(t *testing.T, tenancyStr string) *pbresource.Resource { + res := resourcetest.Resource(pbmesh.DestinationPolicyType, "api"). + WithTenancy(resourcetest.Tenancy(tenancyStr)). + WithData(t, &pbmesh.DestinationPolicy{ + PortConfigs: map[string]*pbmesh.DestinationConfig{ + "http": { + ConnectTimeout: durationpb.New(55 * time.Second), + }, + }, + }). + Build() + resourcetest.ValidateAndNormalize(t, registry, res) + return res } const ( - DENY = "deny" - ALLOW = "allow" - DEFAULT = "default" + DENY = resourcetest.DENY + ALLOW = resourcetest.ALLOW + DEFAULT = resourcetest.DEFAULT ) - checkF := func(t *testing.T, expect string, got error) { - switch expect { - case ALLOW: - if acl.IsErrPermissionDenied(got) { - t.Fatal("should be allowed") - } - case DENY: - if !acl.IsErrPermissionDenied(got) { - t.Fatal("should be denied") - } - case DEFAULT: - require.Nil(t, got, "expected fallthrough decision") - default: - t.Fatalf("unexpected expectation: %q", expect) - } + run := func(t *testing.T, name string, tc resourcetest.ACLTestCase) { + t.Run(name, func(t *testing.T) { + resourcetest.RunACLTestCase(t, tc, registry) + }) } - reg, ok := registry.Resolve(pbmesh.DestinationPolicyType) - require.True(t, ok) + isEnterprise := versiontest.IsEnterprise() - run := func(t *testing.T, tc testcase) { - destData := &pbmesh.DestinationPolicy{ - PortConfigs: map[string]*pbmesh.DestinationConfig{ - "http": { - ConnectTimeout: durationpb.New(55 * time.Second), - }, - }, + serviceRead := func(partition, namespace, name string) string { + if isEnterprise { + return fmt.Sprintf(` partition %q { namespace %q { service %q { policy = "read" } } }`, partition, namespace, name) } - res := resourcetest.Resource(pbmesh.DestinationPolicyType, "api"). - WithTenancy(resource.DefaultNamespacedTenancy()). - WithData(t, destData). - Build() - resourcetest.ValidateAndNormalize(t, registry, res) - - config := acl.Config{ - WildcardName: structs.WildcardSpecifier, + return fmt.Sprintf(` service %q { policy = "read" } `, name) + } + serviceWrite := func(partition, namespace, name string) string { + if isEnterprise { + return fmt.Sprintf(` partition %q { namespace %q { service %q { policy = "write" } } }`, partition, namespace, name) } - authz, err := acl.NewAuthorizerFromRules(tc.rules, &config, nil) - require.NoError(t, err) - authz = acl.NewChainedAuthorizer([]acl.Authorizer{authz, acl.DenyAll()}) + return fmt.Sprintf(` service %q { policy = "write" } `, name) + } - t.Run("read", func(t *testing.T) { - err := reg.ACLs.Read(authz, &acl.AuthorizerContext{}, res.Id, nil) - checkF(t, tc.readOK, err) - }) - t.Run("write", func(t *testing.T) { - err := reg.ACLs.Write(authz, &acl.AuthorizerContext{}, res) - checkF(t, tc.writeOK, err) - }) - t.Run("list", func(t *testing.T) { - err := reg.ACLs.List(authz, &acl.AuthorizerContext{}) - checkF(t, tc.listOK, err) - }) + assert := func(t *testing.T, name string, rules string, res *pbresource.Resource, readOK, writeOK string) { + tc := resourcetest.ACLTestCase{ + AuthCtx: resource.AuthorizerContext(res.Id.Tenancy), + Rules: rules, + Res: res, + ReadOK: readOK, + WriteOK: writeOK, + ListOK: DEFAULT, + } + run(t, name, tc) } - cases := map[string]testcase{ - "no rules": { - rules: ``, - readOK: DENY, - writeOK: DENY, - listOK: DEFAULT, - }, - "service api read": { - rules: `service "api" { policy = "read" }`, - readOK: ALLOW, - writeOK: DENY, - listOK: DEFAULT, - }, - "service api write": { - rules: `service "api" { policy = "write" }`, - readOK: ALLOW, - writeOK: ALLOW, - listOK: DEFAULT, - }, + tenancies := []string{"default.default"} + if isEnterprise { + tenancies = append(tenancies, "default.foo", "alpha.default", "alpha.foo") } - for name, tc := range cases { - t.Run(name, func(t *testing.T) { - run(t, tc) + for _, policyTenancyStr := range tenancies { + t.Run("policy tenancy: "+policyTenancyStr, func(t *testing.T) { + for _, aclTenancyStr := range tenancies { + t.Run("acl tenancy: "+aclTenancyStr, func(t *testing.T) { + aclTenancy := resourcetest.Tenancy(aclTenancyStr) + + maybe := func(match string) string { + if policyTenancyStr != aclTenancyStr { + return DENY + } + return match + } + + t.Run("no rules", func(t *testing.T) { + rules := `` + assert(t, "any", rules, newPolicy(t, policyTenancyStr), DENY, DENY) + }) + t.Run("api:read", func(t *testing.T) { + rules := serviceRead(aclTenancy.Partition, aclTenancy.Namespace, "api") + assert(t, "any", rules, newPolicy(t, policyTenancyStr), maybe(ALLOW), DENY) + }) + t.Run("api:write", func(t *testing.T) { + rules := serviceWrite(aclTenancy.Partition, aclTenancy.Namespace, "api") + assert(t, "any", rules, newPolicy(t, policyTenancyStr), maybe(ALLOW), maybe(ALLOW)) + }) + }) + } }) } } diff --git a/internal/mesh/internal/types/destinations.go b/internal/mesh/internal/types/destinations.go index 657aa33cb0a0..34287e627ab7 100644 --- a/internal/mesh/internal/types/destinations.go +++ b/internal/mesh/internal/types/destinations.go @@ -4,6 +4,8 @@ package types import ( + "net" + "github.com/hashicorp/go-multierror" "google.golang.org/protobuf/proto" @@ -20,6 +22,7 @@ func RegisterDestinations(r resource.Registry) { Scope: resource.ScopeNamespace, Mutate: MutateDestinations, Validate: ValidateDestinations, + ACLs: catalog.ACLHooksForWorkloadSelectingType[*pbmesh.Destinations](), }) } @@ -73,7 +76,6 @@ func ValidateDestinations(res *pbresource.Resource) error { var merr error - // Validate the workload selector if selErr := catalog.ValidateSelector(destinations.Workloads, false); selErr != nil { merr = multierror.Append(merr, resource.ErrInvalidField{ Name: "workloads", @@ -81,10 +83,17 @@ func ValidateDestinations(res *pbresource.Resource) error { }) } + if destinations.GetPqDestinations() != nil { + merr = multierror.Append(merr, resource.ErrInvalidField{ + Name: "pq_destinations", + Wrapped: resource.ErrUnsupported, + }) + } + for i, dest := range destinations.Destinations { wrapDestErr := func(err error) error { return resource.ErrInvalidListElement{ - Name: "upstreams", + Name: "destinations", Index: i, Wrapped: err, } @@ -101,8 +110,73 @@ func ValidateDestinations(res *pbresource.Resource) error { merr = multierror.Append(merr, refErr) } - // TODO(v2): validate port name using catalog validator - // TODO(v2): validate ListenAddr + if portErr := catalog.ValidatePortName(dest.DestinationPort); portErr != nil { + merr = multierror.Append(merr, wrapDestErr(resource.ErrInvalidField{ + Name: "destination_port", + Wrapped: portErr, + })) + } + + if dest.GetDatacenter() != "" { + merr = multierror.Append(merr, wrapDestErr(resource.ErrInvalidField{ + Name: "datacenter", + Wrapped: resource.ErrUnsupported, + })) + } + + if listenAddrErr := validateListenAddr(dest); listenAddrErr != nil { + merr = multierror.Append(merr, wrapDestErr(listenAddrErr)) + } + } + + return merr +} + +func validateListenAddr(dest *pbmesh.Destination) error { + var merr error + + if dest.GetListenAddr() == nil { + return multierror.Append(merr, resource.ErrInvalidFields{ + Names: []string{"ip_port", "unix"}, + Wrapped: resource.ErrMissingOneOf, + }) + } + + switch listenAddr := dest.GetListenAddr().(type) { + case *pbmesh.Destination_IpPort: + if ipPortErr := validateIPPort(listenAddr.IpPort); ipPortErr != nil { + merr = multierror.Append(merr, resource.ErrInvalidField{ + Name: "ip_port", + Wrapped: ipPortErr, + }) + } + case *pbmesh.Destination_Unix: + if !catalog.IsValidUnixSocketPath(listenAddr.Unix.GetPath()) { + merr = multierror.Append(merr, resource.ErrInvalidField{ + Name: "unix", + Wrapped: resource.ErrInvalidField{ + Name: "path", + Wrapped: errInvalidUnixSocketPath, + }, + }) + } + } + + return merr +} + +func validateIPPort(ipPort *pbmesh.IPPortAddress) error { + var merr error + + if listenPortErr := validatePort(ipPort.GetPort(), "port"); listenPortErr != nil { + merr = multierror.Append(merr, listenPortErr) + } + + if net.ParseIP(ipPort.GetIp()) == nil { + merr = multierror.Append(merr, resource.ErrInvalidField{ + Name: "ip", + Wrapped: errInvalidIP, + }) } return merr diff --git a/internal/mesh/internal/types/destinations_configuration.go b/internal/mesh/internal/types/destinations_configuration.go index b5de19d029b5..fedbe40df48c 100644 --- a/internal/mesh/internal/types/destinations_configuration.go +++ b/internal/mesh/internal/types/destinations_configuration.go @@ -7,17 +7,19 @@ import ( "github.com/hashicorp/go-multierror" "github.com/hashicorp/consul/internal/catalog" + "github.com/hashicorp/consul/internal/resource" pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" ) -func RegisterUpstreamsConfiguration(r resource.Registry) { +func RegisterDestinationsConfiguration(r resource.Registry) { r.Register(resource.Registration{ Type: pbmesh.DestinationsConfigurationType, Proto: &pbmesh.DestinationsConfiguration{}, Scope: resource.ScopeNamespace, Validate: ValidateDestinationsConfiguration, + ACLs: catalog.ACLHooksForWorkloadSelectingType[*pbmesh.DestinationsConfiguration](), }) } diff --git a/internal/mesh/internal/types/destinations_configuration_test.go b/internal/mesh/internal/types/destinations_configuration_test.go index 29c7c7cae0f1..11af0732d5d9 100644 --- a/internal/mesh/internal/types/destinations_configuration_test.go +++ b/internal/mesh/internal/types/destinations_configuration_test.go @@ -8,6 +8,7 @@ import ( "github.com/stretchr/testify/require" + catalogtesthelpers "github.com/hashicorp/consul/internal/catalog/catalogtest/helpers" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" @@ -16,6 +17,15 @@ import ( "github.com/hashicorp/consul/sdk/testutil" ) +func TestDestinationsConfigurationACLs(t *testing.T) { + catalogtesthelpers.RunWorkloadSelectingTypeACLsTests[*pbmesh.DestinationsConfiguration](t, pbmesh.DestinationsConfigurationType, + func(selector *pbcatalog.WorkloadSelector) *pbmesh.DestinationsConfiguration { + return &pbmesh.DestinationsConfiguration{Workloads: selector} + }, + RegisterDestinationsConfiguration, + ) +} + func TestValidateDestinationsConfiguration(t *testing.T) { type testcase struct { data *pbmesh.DestinationsConfiguration diff --git a/internal/mesh/internal/types/destinations_test.go b/internal/mesh/internal/types/destinations_test.go index 2601e884df07..55624a6316f4 100644 --- a/internal/mesh/internal/types/destinations_test.go +++ b/internal/mesh/internal/types/destinations_test.go @@ -8,6 +8,7 @@ import ( "github.com/stretchr/testify/require" + catalogtesthelpers "github.com/hashicorp/consul/internal/catalog/catalogtest/helpers" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" @@ -17,7 +18,7 @@ import ( "github.com/hashicorp/consul/sdk/testutil" ) -func TestMutateUpstreams(t *testing.T) { +func TestMutateDestinations(t *testing.T) { type testcase struct { tenancy *pbresource.Tenancy data *pbmesh.Destinations @@ -86,7 +87,7 @@ func TestMutateUpstreams(t *testing.T) { } } -func TestValidateUpstreams(t *testing.T) { +func TestValidateDestinations(t *testing.T) { type testcase struct { data *pbmesh.Destinations skipMutate bool @@ -151,7 +152,7 @@ func TestValidateUpstreams(t *testing.T) { {DestinationRef: nil}, }, }, - expectErr: `invalid element at index 0 of list "upstreams": invalid "destination_ref" field: missing required field`, + expectErr: `invalid element at index 0 of list "destinations": invalid "destination_ref" field: missing required field`, }, "dest/bad type": { skipMutate: true, @@ -163,7 +164,7 @@ func TestValidateUpstreams(t *testing.T) { {DestinationRef: newRefWithTenancy(pbcatalog.WorkloadType, "default.default", "api")}, }, }, - expectErr: `invalid element at index 0 of list "upstreams": invalid "destination_ref" field: invalid "type" field: reference must have type catalog.v2beta1.Service`, + expectErr: `invalid element at index 0 of list "destinations": invalid "destination_ref" field: invalid "type" field: reference must have type catalog.v2beta1.Service`, }, "dest/nil tenancy": { skipMutate: true, @@ -175,7 +176,7 @@ func TestValidateUpstreams(t *testing.T) { {DestinationRef: &pbresource.Reference{Type: pbcatalog.ServiceType, Name: "api"}}, }, }, - expectErr: `invalid element at index 0 of list "upstreams": invalid "destination_ref" field: invalid "tenancy" field: missing required field`, + expectErr: `invalid element at index 0 of list "destinations": invalid "destination_ref" field: invalid "tenancy" field: missing required field`, }, "dest/bad dest tenancy/partition": { skipMutate: true, @@ -187,7 +188,7 @@ func TestValidateUpstreams(t *testing.T) { {DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, ".bar", "api")}, }, }, - expectErr: `invalid element at index 0 of list "upstreams": invalid "destination_ref" field: invalid "tenancy" field: invalid "partition" field: cannot be empty`, + expectErr: `invalid element at index 0 of list "destinations": invalid "destination_ref" field: invalid "tenancy" field: invalid "partition" field: cannot be empty`, }, "dest/bad dest tenancy/namespace": { skipMutate: true, @@ -199,7 +200,7 @@ func TestValidateUpstreams(t *testing.T) { {DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo", "api")}, }, }, - expectErr: `invalid element at index 0 of list "upstreams": invalid "destination_ref" field: invalid "tenancy" field: invalid "namespace" field: cannot be empty`, + expectErr: `invalid element at index 0 of list "destinations": invalid "destination_ref" field: invalid "tenancy" field: invalid "namespace" field: cannot be empty`, }, "dest/bad dest tenancy/peer_name": { skipMutate: true, @@ -213,17 +214,158 @@ func TestValidateUpstreams(t *testing.T) { Reference("")}, }, }, - expectErr: `invalid element at index 0 of list "upstreams": invalid "destination_ref" field: invalid "tenancy" field: invalid "peer_name" field: must be set to "local"`, + expectErr: `invalid element at index 0 of list "destinations": invalid "destination_ref" field: invalid "tenancy" field: invalid "peer_name" field: must be set to "local"`, }, - "normal": { + "unsupported pq_destinations": { + skipMutate: true, data: &pbmesh.Destinations{ - Workloads: &pbcatalog.WorkloadSelector{ - Names: []string{"blah"}, + Workloads: &pbcatalog.WorkloadSelector{Names: []string{"foo"}}, + PqDestinations: []*pbmesh.PreparedQueryDestination{ + {Name: "foo-query"}, }, + }, + expectErr: `invalid "pq_destinations" field: field is currently not supported`, + }, + "missing destination port": { + skipMutate: true, + data: &pbmesh.Destinations{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{"foo"}}, Destinations: []*pbmesh.Destination{ - {DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.bar", "api")}, - {DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.zim", "api")}, - {DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "gir.zim", "api")}, + { + DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.bar", "api"), + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{ + Ip: "127.0.0.1", + Port: 1234, + }, + }, + }, + }, + }, + expectErr: `invalid element at index 0 of list "destinations": invalid "destination_port" field: cannot be empty`, + }, + "unsupported datacenter": { + skipMutate: true, + data: &pbmesh.Destinations{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{"foo"}}, + Destinations: []*pbmesh.Destination{ + { + DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.bar", "api"), + DestinationPort: "p1", + Datacenter: "dc2", + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{ + Ip: "127.0.0.1", + Port: 1234, + }, + }, + }, + }, + }, + expectErr: `invalid element at index 0 of list "destinations": invalid "datacenter" field: field is currently not supported`, + }, + "missing listen addr": { + skipMutate: true, + data: &pbmesh.Destinations{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{"foo"}}, + Destinations: []*pbmesh.Destination{ + { + DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.bar", "api"), + DestinationPort: "p1", + }, + }, + }, + expectErr: `invalid "ip_port,unix" fields: missing one of the required fields`, + }, + "invalid ip for listen addr": { + skipMutate: true, + data: &pbmesh.Destinations{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{"foo"}}, + Destinations: []*pbmesh.Destination{ + { + DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.bar", "api"), + DestinationPort: "p1", + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{ + Ip: "invalid", + Port: 1234, + }, + }, + }, + }, + }, + expectErr: `invalid "ip" field: IP address is not valid`, + }, + "invalid port for listen addr": { + skipMutate: true, + data: &pbmesh.Destinations{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{"foo"}}, + Destinations: []*pbmesh.Destination{ + { + DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.bar", "api"), + DestinationPort: "p1", + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{ + Ip: "127.0.0.1", + Port: 0, + }, + }, + }, + }, + }, + expectErr: `invalid "port" field: port number is outside the range 1 to 65535`, + }, + "invalid unix path for listen addr": { + skipMutate: true, + data: &pbmesh.Destinations{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{"foo"}}, + Destinations: []*pbmesh.Destination{ + { + DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.bar", "api"), + DestinationPort: "p1", + ListenAddr: &pbmesh.Destination_Unix{ + Unix: &pbmesh.UnixSocketAddress{ + Path: "foo", + }, + }, + }, + }, + }, + expectErr: `invalid "unix" field: invalid "path" field: unix socket path is not valid`, + }, + "normal": { + data: &pbmesh.Destinations{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{"foo"}}, + Destinations: []*pbmesh.Destination{ + { + DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.bar", "api"), + DestinationPort: "p1", + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{ + Ip: "127.0.0.1", + Port: 1234, + }, + }, + }, + { + DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.zim", "api"), + DestinationPort: "p2", + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{ + Ip: "127.0.0.1", + Port: 1235, + }, + }, + }, + { + DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "gir.zim", "api"), + DestinationPort: "p3", + ListenAddr: &pbmesh.Destination_Unix{ + Unix: &pbmesh.UnixSocketAddress{ + Path: "unix://foo/bar", + }, + }, + }, }, }, }, @@ -234,9 +376,35 @@ func TestValidateUpstreams(t *testing.T) { Filter: "metadata.foo == bar", }, Destinations: []*pbmesh.Destination{ - {DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.bar", "api")}, - {DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.zim", "api")}, - {DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "gir.zim", "api")}, + { + DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.bar", "api"), + DestinationPort: "p1", + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{ + Ip: "127.0.0.1", + Port: 1234, + }, + }, + }, + { + DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.zim", "api"), + DestinationPort: "p2", + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{ + Ip: "127.0.0.1", + Port: 1235, + }, + }, + }, + { + DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "gir.zim", "api"), + DestinationPort: "p3", + ListenAddr: &pbmesh.Destination_Unix{ + Unix: &pbmesh.UnixSocketAddress{ + Path: "unix://foo/bar", + }, + }, + }, }, }, }, @@ -248,3 +416,12 @@ func TestValidateUpstreams(t *testing.T) { }) } } + +func TestDestinationsACLs(t *testing.T) { + catalogtesthelpers.RunWorkloadSelectingTypeACLsTests[*pbmesh.Destinations](t, pbmesh.DestinationsType, + func(selector *pbcatalog.WorkloadSelector) *pbmesh.Destinations { + return &pbmesh.Destinations{Workloads: selector} + }, + RegisterDestinations, + ) +} diff --git a/internal/mesh/internal/types/errors.go b/internal/mesh/internal/types/errors.go new file mode 100644 index 000000000000..bc9dacbbf0c4 --- /dev/null +++ b/internal/mesh/internal/types/errors.go @@ -0,0 +1,16 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package types + +import ( + "errors" +) + +var ( + errInvalidPort = errors.New("port number is outside the range 1 to 65535") + errInvalidIP = errors.New("IP address is not valid") + errInvalidUnixSocketPath = errors.New("unix socket path is not valid") + errInvalidExposePathProtocol = errors.New("invalid protocol: only HTTP and HTTP2 protocols are allowed") + errMissingProxyConfigData = errors.New("at least one of \"bootstrap_config\" or \"dynamic_config\" fields must be set") +) diff --git a/internal/mesh/internal/types/proxy_configuration.go b/internal/mesh/internal/types/proxy_configuration.go index 590ee27aeb1b..081324d72167 100644 --- a/internal/mesh/internal/types/proxy_configuration.go +++ b/internal/mesh/internal/types/proxy_configuration.go @@ -4,9 +4,12 @@ package types import ( - "github.com/hashicorp/go-multierror" + "math" "github.com/hashicorp/consul/internal/catalog" + + "github.com/hashicorp/go-multierror" + "github.com/hashicorp/consul/internal/resource" pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" @@ -20,6 +23,7 @@ func RegisterProxyConfiguration(r resource.Registry) { Scope: resource.ScopeNamespace, Mutate: MutateProxyConfiguration, Validate: ValidateProxyConfiguration, + ACLs: catalog.ACLHooksForWorkloadSelectingType[*pbmesh.ProxyConfiguration](), }) } @@ -53,23 +57,174 @@ func MutateProxyConfiguration(res *pbresource.Resource) error { } func ValidateProxyConfiguration(res *pbresource.Resource) error { - var cfg pbmesh.ProxyConfiguration - - if err := res.Data.UnmarshalTo(&cfg); err != nil { - return resource.NewErrDataParse(&cfg, err) + decodedProxyCfg, decodeErr := resource.Decode[*pbmesh.ProxyConfiguration](res) + if decodeErr != nil { + return resource.NewErrDataParse(decodedProxyCfg.GetData(), decodeErr) } + proxyCfg := decodedProxyCfg.GetData() - var merr error + var err error - // Validate the workload selector - if selErr := catalog.ValidateSelector(cfg.Workloads, false); selErr != nil { - merr = multierror.Append(merr, resource.ErrInvalidField{ + if selErr := catalog.ValidateSelector(proxyCfg.Workloads, false); selErr != nil { + err = multierror.Append(err, resource.ErrInvalidField{ Name: "workloads", Wrapped: selErr, }) } - // TODO(rb): add more validation for proxy configuration + if proxyCfg.GetDynamicConfig() == nil && proxyCfg.GetBootstrapConfig() == nil { + err = multierror.Append(err, resource.ErrInvalidFields{ + Names: []string{"dynamic_config", "bootstrap_config"}, + Wrapped: errMissingProxyConfigData, + }) + } + + // nolint:staticcheck + if proxyCfg.GetOpaqueConfig() != nil { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "opaque_config", + Wrapped: resource.ErrUnsupported, + }) + } + + if dynamicCfgErr := validateDynamicProxyConfiguration(proxyCfg.GetDynamicConfig()); dynamicCfgErr != nil { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "dynamic_config", + Wrapped: dynamicCfgErr, + }) + } + + return err +} + +func validateDynamicProxyConfiguration(cfg *pbmesh.DynamicConfig) error { + if cfg == nil { + return nil + } + + var err error + + // Error if any of the currently unsupported fields is set. + if cfg.GetMutualTlsMode() != pbmesh.MutualTLSMode_MUTUAL_TLS_MODE_DEFAULT { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "mutual_tls_mode", + Wrapped: resource.ErrUnsupported, + }) + } + + if cfg.GetMeshGatewayMode() != pbmesh.MeshGatewayMode_MESH_GATEWAY_MODE_UNSPECIFIED { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "mesh_gateway_mode", + Wrapped: resource.ErrUnsupported, + }) + } + + if cfg.GetAccessLogs() != nil { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "access_logs", + Wrapped: resource.ErrUnsupported, + }) + } + + if cfg.GetPublicListenerJson() != "" { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "public_listener_json", + Wrapped: resource.ErrUnsupported, + }) + } - return merr + if cfg.GetListenerTracingJson() != "" { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "listener_tracing_json", + Wrapped: resource.ErrUnsupported, + }) + } + + if cfg.GetLocalClusterJson() != "" { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "local_cluster_json", + Wrapped: resource.ErrUnsupported, + }) + } + + // nolint:staticcheck + if cfg.GetLocalWorkloadAddress() != "" { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "local_workload_address", + Wrapped: resource.ErrUnsupported, + }) + } + + // nolint:staticcheck + if cfg.GetLocalWorkloadPort() != 0 { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "local_workload_port", + Wrapped: resource.ErrUnsupported, + }) + } + + // nolint:staticcheck + if cfg.GetLocalWorkloadSocketPath() != "" { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "local_workload_socket_path", + Wrapped: resource.ErrUnsupported, + }) + } + + if tproxyCfg := cfg.GetTransparentProxy(); tproxyCfg != nil { + if tproxyCfg.DialedDirectly { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "transparent_proxy", + Wrapped: resource.ErrInvalidField{ + Name: "dialed_directly", + Wrapped: resource.ErrUnsupported, + }, + }) + } + + if outboundListenerPortErr := validatePort(tproxyCfg.OutboundListenerPort, "outbound_listener_port"); outboundListenerPortErr != nil { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "transparent_proxy", + Wrapped: outboundListenerPortErr, + }) + } + } + + if exposeCfg := cfg.GetExposeConfig(); exposeCfg != nil { + for i, path := range exposeCfg.GetExposePaths() { + if listenerPortErr := validatePort(path.ListenerPort, "listener_port"); listenerPortErr != nil { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "expose_config", + Wrapped: resource.ErrInvalidListElement{ + Name: "expose_paths", + Index: i, + Wrapped: listenerPortErr, + }, + }) + } + + if localPathPortErr := validatePort(path.LocalPathPort, "local_path_port"); localPathPortErr != nil { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "expose_config", + Wrapped: resource.ErrInvalidListElement{ + Name: "expose_paths", + Index: i, + Wrapped: localPathPortErr, + }, + }) + } + } + } + + return err +} + +func validatePort(port uint32, fieldName string) error { + if port < 1 || port > math.MaxUint16 { + return resource.ErrInvalidField{ + Name: fieldName, + Wrapped: errInvalidPort, + } + } + return nil } diff --git a/internal/mesh/internal/types/proxy_configuration_test.go b/internal/mesh/internal/types/proxy_configuration_test.go index 44d8b8820af4..f5c52d474c35 100644 --- a/internal/mesh/internal/types/proxy_configuration_test.go +++ b/internal/mesh/internal/types/proxy_configuration_test.go @@ -4,10 +4,14 @@ package types import ( + "math" "testing" + "github.com/hashicorp/go-multierror" "github.com/stretchr/testify/require" + "google.golang.org/protobuf/types/known/structpb" + catalogtesthelpers "github.com/hashicorp/consul/internal/catalog/catalogtest/helpers" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" @@ -17,6 +21,18 @@ import ( "github.com/hashicorp/consul/sdk/testutil" ) +func TestProxyConfigurationACLs(t *testing.T) { + catalogtesthelpers.RunWorkloadSelectingTypeACLsTests[*pbmesh.ProxyConfiguration](t, pbmesh.ProxyConfigurationType, + func(selector *pbcatalog.WorkloadSelector) *pbmesh.ProxyConfiguration { + return &pbmesh.ProxyConfiguration{ + Workloads: selector, + DynamicConfig: &pbmesh.DynamicConfig{}, + } + }, + RegisterProxyConfiguration, + ) +} + func TestMutateProxyConfiguration(t *testing.T) { cases := map[string]struct { data *pbmesh.ProxyConfiguration @@ -86,7 +102,194 @@ func TestMutateProxyConfiguration(t *testing.T) { } } -func TestValidateProxyConfiguration(t *testing.T) { +func TestValidateProxyConfiguration_MissingBothDynamicAndBootstrapConfig(t *testing.T) { + proxyCfg := &pbmesh.ProxyConfiguration{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{"foo"}}, + } + + res := resourcetest.Resource(pbmesh.ProxyConfigurationType, "test"). + WithData(t, proxyCfg). + Build() + + err := ValidateProxyConfiguration(res) + + var expError error + expError = multierror.Append(expError, + resource.ErrInvalidFields{ + Names: []string{"dynamic_config", "bootstrap_config"}, + Wrapped: errMissingProxyConfigData, + }, + ) + require.Equal(t, err, expError) +} + +func TestValidateProxyConfiguration_AllFieldsInvalid(t *testing.T) { + proxyCfg := &pbmesh.ProxyConfiguration{ + // Omit workload selector. + + DynamicConfig: &pbmesh.DynamicConfig{ + // Set unsupported fields. + MutualTlsMode: pbmesh.MutualTLSMode_MUTUAL_TLS_MODE_PERMISSIVE, + MeshGatewayMode: pbmesh.MeshGatewayMode_MESH_GATEWAY_MODE_LOCAL, + AccessLogs: &pbmesh.AccessLogsConfig{}, + PublicListenerJson: "listener-json", + ListenerTracingJson: "tracing-json", + LocalClusterJson: "cluster-json", + LocalWorkloadAddress: "1.1.1.1", + LocalWorkloadPort: 1234, + LocalWorkloadSocketPath: "/foo/bar", + + TransparentProxy: &pbmesh.TransparentProxy{ + DialedDirectly: true, // unsupported + OutboundListenerPort: math.MaxUint16 + 1, // invalid + }, + + // Create invalid expose paths config. + ExposeConfig: &pbmesh.ExposeConfig{ + ExposePaths: []*pbmesh.ExposePath{ + { + ListenerPort: 0, + LocalPathPort: math.MaxUint16 + 1, + }, + }, + }, + }, + + OpaqueConfig: &structpb.Struct{}, + } + + res := resourcetest.Resource(pbmesh.ProxyConfigurationType, "test"). + WithData(t, proxyCfg). + Build() + + err := ValidateProxyConfiguration(res) + + var dynamicCfgErr error + unsupportedFields := []string{ + "mutual_tls_mode", + "mesh_gateway_mode", + "access_logs", + "public_listener_json", + "listener_tracing_json", + "local_cluster_json", + "local_workload_address", + "local_workload_port", + "local_workload_socket_path", + } + for _, f := range unsupportedFields { + dynamicCfgErr = multierror.Append(dynamicCfgErr, + resource.ErrInvalidField{ + Name: f, + Wrapped: resource.ErrUnsupported, + }, + ) + } + dynamicCfgErr = multierror.Append(dynamicCfgErr, + resource.ErrInvalidField{ + Name: "transparent_proxy", + Wrapped: resource.ErrInvalidField{ + Name: "dialed_directly", + Wrapped: resource.ErrUnsupported, + }, + }, + resource.ErrInvalidField{ + Name: "transparent_proxy", + Wrapped: resource.ErrInvalidField{ + Name: "outbound_listener_port", + Wrapped: errInvalidPort, + }, + }, + resource.ErrInvalidField{ + Name: "expose_config", + Wrapped: resource.ErrInvalidListElement{ + Name: "expose_paths", + Wrapped: resource.ErrInvalidField{ + Name: "listener_port", + Wrapped: errInvalidPort, + }, + }, + }, + resource.ErrInvalidField{ + Name: "expose_config", + Wrapped: resource.ErrInvalidListElement{ + Name: "expose_paths", + Wrapped: resource.ErrInvalidField{ + Name: "local_path_port", + Wrapped: errInvalidPort, + }, + }, + }, + ) + + var expError error + expError = multierror.Append(expError, + resource.ErrInvalidField{ + Name: "workloads", + Wrapped: resource.ErrEmpty, + }, + resource.ErrInvalidField{ + Name: "opaque_config", + Wrapped: resource.ErrUnsupported, + }, + resource.ErrInvalidField{ + Name: "dynamic_config", + Wrapped: dynamicCfgErr, + }, + ) + + require.Equal(t, err, expError) +} + +func TestValidateProxyConfiguration_AllFieldsValid(t *testing.T) { + proxyCfg := &pbmesh.ProxyConfiguration{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{"foo"}}, + + DynamicConfig: &pbmesh.DynamicConfig{ + MutualTlsMode: pbmesh.MutualTLSMode_MUTUAL_TLS_MODE_DEFAULT, + MeshGatewayMode: pbmesh.MeshGatewayMode_MESH_GATEWAY_MODE_UNSPECIFIED, + + TransparentProxy: &pbmesh.TransparentProxy{ + DialedDirectly: false, + OutboundListenerPort: 15500, + }, + + ExposeConfig: &pbmesh.ExposeConfig{ + ExposePaths: []*pbmesh.ExposePath{ + { + ListenerPort: 1234, + LocalPathPort: 1235, + }, + }, + }, + }, + + BootstrapConfig: &pbmesh.BootstrapConfig{ + StatsdUrl: "stats-url", + DogstatsdUrl: "dogstats-url", + StatsTags: []string{"tags"}, + PrometheusBindAddr: "prom-bind-addr", + StatsBindAddr: "stats-bind-addr", + ReadyBindAddr: "ready-bind-addr", + OverrideJsonTpl: "override-json-tpl", + StaticClustersJson: "static-clusters-json", + StaticListenersJson: "static-listeners-json", + StatsSinksJson: "stats-sinks-json", + StatsConfigJson: "stats-config-json", + StatsFlushInterval: "stats-flush-interval", + TracingConfigJson: "tracing-config-json", + TelemetryCollectorBindSocketDir: "telemetry-collector-bind-socket-dir", + }, + } + + res := resourcetest.Resource(pbmesh.ProxyConfigurationType, "test"). + WithData(t, proxyCfg). + Build() + + err := ValidateProxyConfiguration(res) + require.NoError(t, err) +} + +func TestValidateProxyConfiguration_WorkloadSelector(t *testing.T) { type testcase struct { data *pbmesh.ProxyConfiguration expectErr string @@ -146,6 +349,7 @@ func TestValidateProxyConfiguration(t *testing.T) { Names: []string{"blah"}, Filter: "metadata.foo == bar", }, + DynamicConfig: &pbmesh.DynamicConfig{}, }, }, } diff --git a/internal/mesh/internal/types/proxy_state_template.go b/internal/mesh/internal/types/proxy_state_template.go index 010d0f9591b3..7db3dbaf55fd 100644 --- a/internal/mesh/internal/types/proxy_state_template.go +++ b/internal/mesh/internal/types/proxy_state_template.go @@ -5,7 +5,8 @@ package types import ( "fmt" - + "github.com/hashicorp/consul/internal/catalog" + pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/go-multierror" "github.com/hashicorp/consul/acl" @@ -44,11 +45,7 @@ func RegisterProxyStateTemplate(r resource.Registry) { // managed by a controller. return authorizer.ToAllowAuthorizer().OperatorWriteAllowed(authzContext) }, - List: func(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext) error { - // No-op List permission as we want to default to filtering resources - // from the list using the Read enforcement. - return nil - }, + List: resource.NoOpACLListHook, }, }) } @@ -96,6 +93,28 @@ func ValidateProxyStateTemplate(res *pbresource.Resource) error { })) } + if portErr := catalog.ValidateProtocol(pbcatalog.Protocol(cluster.Protocol)); portErr != nil { + merr = multierror.Append(merr, wrapClusterErr(resource.ErrInvalidField{ + Name: "protocol", + Wrapped: portErr, + })) + } + + if pbcatalog.Protocol(cluster.Protocol) == pbcatalog.Protocol_PROTOCOL_UNSPECIFIED { + merr = multierror.Append(merr, wrapClusterErr(resource.ErrInvalidField{ + Name: "protocol", + Wrapped: resource.ErrMissing, + })) + } + + if pbcatalog.Protocol(cluster.Protocol) == pbcatalog.Protocol_PROTOCOL_MESH { + merr = multierror.Append(merr, wrapClusterErr(resource.ErrInvalidField{ + Name: "protocol", + Wrapped: fmt.Errorf("protocol %q is not a valid cluster traffic protocol", + cluster.Protocol.String()), + })) + } + wrapGroupErr := func(err error) error { return wrapClusterErr(resource.ErrInvalidField{ Name: "group", diff --git a/internal/mesh/internal/types/proxy_state_template_test.go b/internal/mesh/internal/types/proxy_state_template_test.go index 3f0216436f4e..d562a9c43a29 100644 --- a/internal/mesh/internal/types/proxy_state_template_test.go +++ b/internal/mesh/internal/types/proxy_state_template_test.go @@ -51,7 +51,8 @@ func TestValidateProxyStateTemplate(t *testing.T) { clusterForGroups := func(name string, groups ...*pbproxystate.EndpointGroup) *pbproxystate.Cluster { cluster := &pbproxystate.Cluster{ - Name: name, + Name: name, + Protocol: pbproxystate.Protocol_PROTOCOL_TCP, } require.NotEmpty(t, groups) @@ -83,6 +84,27 @@ func TestValidateProxyStateTemplate(t *testing.T) { // also empty map keys cases := map[string]testcase{ // ============== COMMON ============== + "cluster with invalid protocol": { + pst: pstForCluster("api-cluster", &pbproxystate.Cluster{ + Name: "api-cluster", + Protocol: 100, + }), + expectErr: `invalid value of key "api-cluster" within clusters: invalid "protocol" field: not a supported enum value: 100`, + }, + "cluster with mesh protocol": { + pst: pstForCluster("api-cluster", &pbproxystate.Cluster{ + Name: "api-cluster", + Protocol: pbproxystate.Protocol_PROTOCOL_MESH, + }), + expectErr: `invalid value of key "api-cluster" within clusters: invalid "protocol" field: protocol "PROTOCOL_MESH" is not a valid cluster traffic protocol`, + }, + "cluster with missing protocol": { + pst: pstForCluster("api-cluster", &pbproxystate.Cluster{ + Name: "api-cluster", + Protocol: pbproxystate.Protocol_PROTOCOL_UNSPECIFIED, + }), + expectErr: `invalid value of key "api-cluster" within clusters: invalid "protocol" field: missing required field`, + }, "cluster with missing cluster group": { pst: pstForCluster("api-cluster", &pbproxystate.Cluster{ Name: "api-cluster", diff --git a/internal/mesh/internal/types/types.go b/internal/mesh/internal/types/types.go index 20b23604fc6e..cf1443aabf18 100644 --- a/internal/mesh/internal/types/types.go +++ b/internal/mesh/internal/types/types.go @@ -12,11 +12,12 @@ func Register(r resource.Registry) { RegisterComputedProxyConfiguration(r) RegisterDestinations(r) RegisterComputedExplicitDestinations(r) - RegisterUpstreamsConfiguration(r) RegisterProxyStateTemplate(r) RegisterHTTPRoute(r) RegisterTCPRoute(r) RegisterGRPCRoute(r) RegisterDestinationPolicy(r) RegisterComputedRoutes(r) + // todo (v2): uncomment once we implement it. + //RegisterDestinationsConfiguration(r) } diff --git a/internal/mesh/internal/types/types_test.go b/internal/mesh/internal/types/types_test.go index 631e1b4be8d0..801d3de01846 100644 --- a/internal/mesh/internal/types/types_test.go +++ b/internal/mesh/internal/types/types_test.go @@ -21,13 +21,14 @@ func TestTypeRegistration(t *testing.T) { requiredKinds := []string{ pbmesh.ProxyConfigurationKind, pbmesh.DestinationsKind, - pbmesh.DestinationsConfigurationKind, pbmesh.ProxyStateTemplateKind, pbmesh.HTTPRouteKind, pbmesh.TCPRouteKind, pbmesh.GRPCRouteKind, pbmesh.DestinationPolicyKind, pbmesh.ComputedRoutesKind, + // todo (v2): re-enable once we implement it. + //pbmesh.DestinationsConfigurationKind, } r := resource.NewRegistry() diff --git a/internal/mesh/internal/types/xroute.go b/internal/mesh/internal/types/xroute.go index 1c60bdcb1c54..619c9cb68243 100644 --- a/internal/mesh/internal/types/xroute.go +++ b/internal/mesh/internal/types/xroute.go @@ -290,7 +290,7 @@ func xRouteACLHooks[R XRouteData]() *resource.ACLHooks { hooks := &resource.ACLHooks{ Read: aclReadHookXRoute[R], Write: aclWriteHookXRoute[R], - List: aclListHookXRoute[R], + List: resource.NoOpACLListHook, } return hooks @@ -298,7 +298,7 @@ func xRouteACLHooks[R XRouteData]() *resource.ACLHooks { func aclReadHookXRoute[R XRouteData](authorizer acl.Authorizer, _ *acl.AuthorizerContext, _ *pbresource.ID, res *pbresource.Resource) error { if res == nil { - return resource.ErrNeedData + return resource.ErrNeedResource } dec, err := resource.Decode[R](res) @@ -351,9 +351,3 @@ func aclWriteHookXRoute[R XRouteData](authorizer acl.Authorizer, _ *acl.Authoriz return nil } - -func aclListHookXRoute[R XRouteData](authorizer acl.Authorizer, authzContext *acl.AuthorizerContext) error { - // No-op List permission as we want to default to filtering resources - // from the list using the Read enforcement. - return nil -} diff --git a/internal/mesh/internal/types/xroute_test.go b/internal/mesh/internal/types/xroute_test.go index 09806bea8c7e..4b861909b0c8 100644 --- a/internal/mesh/internal/types/xroute_test.go +++ b/internal/mesh/internal/types/xroute_test.go @@ -12,13 +12,12 @@ import ( "google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/wrapperspb" - "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" + "github.com/hashicorp/consul/version/versiontest" ) type xRouteParentRefMutateTestcase struct { @@ -114,6 +113,7 @@ func getXRouteParentRefTestCases() map[string]xRouteParentRefTestcase { Port: port, } } + return map[string]xRouteParentRefTestcase{ "no parent refs": { routeTenancy: resource.DefaultNamespacedTenancy(), @@ -372,145 +372,160 @@ func testXRouteACLs[R XRouteData](t *testing.T, newRoute func(t *testing.T, pare userNewRoute := newRoute newRoute = func(t *testing.T, parentRefs, backendRefs []*pbresource.Reference) *pbresource.Resource { + require.NotEmpty(t, parentRefs) + require.NotEmpty(t, backendRefs) res := userNewRoute(t, parentRefs, backendRefs) + res.Id.Tenancy = parentRefs[0].Tenancy resourcetest.ValidateAndNormalize(t, registry, res) return res } - type testcase struct { - res *pbresource.Resource - rules string - check func(t *testing.T, authz acl.Authorizer, res *pbresource.Resource) - readOK string - writeOK string - } - const ( - DENY = "deny" - ALLOW = "allow" - DEFAULT = "default" + DENY = resourcetest.DENY + ALLOW = resourcetest.ALLOW + DEFAULT = resourcetest.DEFAULT ) - checkF := func(t *testing.T, name string, expect string, got error) { - switch expect { - case ALLOW: - if acl.IsErrPermissionDenied(got) { - t.Fatal(name + " should be allowed") - } - case DENY: - if !acl.IsErrPermissionDenied(got) { - t.Fatal(name + " should be denied") - } - case DEFAULT: - require.Nil(t, got, name+" expected fallthrough decision") - default: - t.Fatalf(name+" unexpected expectation: %q", expect) - } + serviceRef := func(tenancy, name string) *pbresource.Reference { + return newRefWithTenancy(pbcatalog.ServiceType, tenancy, name) } - resOneParentOneBackend := newRoute(t, - []*pbresource.Reference{ - newRef(pbcatalog.ServiceType, "api1"), - }, - []*pbresource.Reference{ - newRef(pbcatalog.ServiceType, "backend1"), - }, - ) - resTwoParentsOneBackend := newRoute(t, - []*pbresource.Reference{ - newRef(pbcatalog.ServiceType, "api1"), - newRef(pbcatalog.ServiceType, "api2"), - }, - []*pbresource.Reference{ - newRef(pbcatalog.ServiceType, "backend1"), - }, - ) - resOneParentTwoBackends := newRoute(t, - []*pbresource.Reference{ - newRef(pbcatalog.ServiceType, "api1"), - }, - []*pbresource.Reference{ - newRef(pbcatalog.ServiceType, "backend1"), - newRef(pbcatalog.ServiceType, "backend2"), - }, - ) - resTwoParentsTwoBackends := newRoute(t, - []*pbresource.Reference{ - newRef(pbcatalog.ServiceType, "api1"), - newRef(pbcatalog.ServiceType, "api2"), - }, - []*pbresource.Reference{ - newRef(pbcatalog.ServiceType, "backend1"), - newRef(pbcatalog.ServiceType, "backend2"), - }, - ) + resOneParentOneBackend := func(parentTenancy, backendTenancy string) *pbresource.Resource { + return newRoute(t, + []*pbresource.Reference{ + serviceRef(parentTenancy, "api1"), + }, + []*pbresource.Reference{ + serviceRef(backendTenancy, "backend1"), + }, + ) + } + resTwoParentsOneBackend := func(parentTenancy, backendTenancy string) *pbresource.Resource { + return newRoute(t, + []*pbresource.Reference{ + serviceRef(parentTenancy, "api1"), + serviceRef(parentTenancy, "api2"), + }, + []*pbresource.Reference{ + serviceRef(backendTenancy, "backend1"), + }, + ) + } + resOneParentTwoBackends := func(parentTenancy, backendTenancy string) *pbresource.Resource { + return newRoute(t, + []*pbresource.Reference{ + serviceRef(parentTenancy, "api1"), + }, + []*pbresource.Reference{ + serviceRef(backendTenancy, "backend1"), + serviceRef(backendTenancy, "backend2"), + }, + ) + } + resTwoParentsTwoBackends := func(parentTenancy, backendTenancy string) *pbresource.Resource { + return newRoute(t, + []*pbresource.Reference{ + serviceRef(parentTenancy, "api1"), + serviceRef(parentTenancy, "api2"), + }, + []*pbresource.Reference{ + serviceRef(backendTenancy, "backend1"), + serviceRef(backendTenancy, "backend2"), + }, + ) + } - run := func(t *testing.T, name string, tc testcase) { + run := func(t *testing.T, name string, tc resourcetest.ACLTestCase) { t.Run(name, func(t *testing.T) { - config := acl.Config{ - WildcardName: structs.WildcardSpecifier, - } - authz, err := acl.NewAuthorizerFromRules(tc.rules, &config, nil) - require.NoError(t, err) - authz = acl.NewChainedAuthorizer([]acl.Authorizer{authz, acl.DenyAll()}) - - reg, ok := registry.Resolve(tc.res.Id.GetType()) - require.True(t, ok) - - err = reg.ACLs.Read(authz, &acl.AuthorizerContext{}, tc.res.Id, nil) - require.ErrorIs(t, err, resource.ErrNeedData, "read hook should require the data payload") - - checkF(t, "read", tc.readOK, reg.ACLs.Read(authz, &acl.AuthorizerContext{}, tc.res.Id, tc.res)) - checkF(t, "write", tc.writeOK, reg.ACLs.Write(authz, &acl.AuthorizerContext{}, tc.res)) - checkF(t, "list", DEFAULT, reg.ACLs.List(authz, &acl.AuthorizerContext{})) + resourcetest.RunACLTestCase(t, tc, registry) }) } - serviceRead := func(name string) string { + isEnterprise := versiontest.IsEnterprise() + + serviceRead := func(partition, namespace, name string) string { + if isEnterprise { + return fmt.Sprintf(` partition %q { namespace %q { service %q { policy = "read" } } }`, partition, namespace, name) + } return fmt.Sprintf(` service %q { policy = "read" } `, name) } - serviceWrite := func(name string) string { + serviceWrite := func(partition, namespace, name string) string { + if isEnterprise { + return fmt.Sprintf(` partition %q { namespace %q { service %q { policy = "write" } } }`, partition, namespace, name) + } return fmt.Sprintf(` service %q { policy = "write" } `, name) } assert := func(t *testing.T, name string, rules string, res *pbresource.Resource, readOK, writeOK string) { - tc := testcase{ - res: res, - rules: rules, - readOK: readOK, - writeOK: writeOK, + tc := resourcetest.ACLTestCase{ + Rules: rules, + Res: res, + ReadOK: readOK, + WriteOK: writeOK, + ListOK: DEFAULT, + ReadHookRequiresResource: true, } run(t, name, tc) } - t.Run("no rules", func(t *testing.T) { - rules := `` - assert(t, "1parent 1backend", rules, resOneParentOneBackend, DENY, DENY) - assert(t, "1parent 2backends", rules, resOneParentTwoBackends, DENY, DENY) - assert(t, "2parents 1backend", rules, resTwoParentsOneBackend, DENY, DENY) - assert(t, "2parents 2backends", rules, resTwoParentsTwoBackends, DENY, DENY) - }) - t.Run("api1:read", func(t *testing.T) { - rules := serviceRead("api1") - assert(t, "1parent 1backend", rules, resOneParentOneBackend, ALLOW, DENY) - assert(t, "1parent 2backends", rules, resOneParentTwoBackends, ALLOW, DENY) - assert(t, "2parents 1backend", rules, resTwoParentsOneBackend, DENY, DENY) - assert(t, "2parents 2backends", rules, resTwoParentsTwoBackends, DENY, DENY) - }) - t.Run("api1:write", func(t *testing.T) { - rules := serviceWrite("api1") - assert(t, "1parent 1backend", rules, resOneParentOneBackend, ALLOW, DENY) - assert(t, "1parent 2backends", rules, resOneParentTwoBackends, ALLOW, DENY) - assert(t, "2parents 1backend", rules, resTwoParentsOneBackend, DENY, DENY) - assert(t, "2parents 2backends", rules, resTwoParentsTwoBackends, DENY, DENY) - }) - t.Run("api1:write backend1:read", func(t *testing.T) { - rules := serviceWrite("api1") + serviceRead("backend1") - assert(t, "1parent 1backend", rules, resOneParentOneBackend, ALLOW, ALLOW) - assert(t, "1parent 2backends", rules, resOneParentTwoBackends, ALLOW, DENY) - assert(t, "2parents 1backend", rules, resTwoParentsOneBackend, DENY, DENY) - assert(t, "2parents 2backends", rules, resTwoParentsTwoBackends, DENY, DENY) - }) + tenancies := []string{"default.default"} + if isEnterprise { + tenancies = append(tenancies, "default.foo", "alpha.default", "alpha.foo") + } + + for _, parentTenancyStr := range tenancies { + t.Run("route tenancy: "+parentTenancyStr, func(t *testing.T) { + for _, backendTenancyStr := range tenancies { + t.Run("backend tenancy: "+backendTenancyStr, func(t *testing.T) { + for _, aclTenancyStr := range tenancies { + t.Run("acl tenancy: "+aclTenancyStr, func(t *testing.T) { + aclTenancy := resourcetest.Tenancy(aclTenancyStr) + + maybe := func(match string, parentOnly bool) string { + if parentTenancyStr != aclTenancyStr { + return DENY + } + if !parentOnly && backendTenancyStr != aclTenancyStr { + return DENY + } + return match + } + + t.Run("no rules", func(t *testing.T) { + rules := `` + assert(t, "1parent 1backend", rules, resOneParentOneBackend(parentTenancyStr, backendTenancyStr), DENY, DENY) + assert(t, "1parent 2backends", rules, resOneParentTwoBackends(parentTenancyStr, backendTenancyStr), DENY, DENY) + assert(t, "2parents 1backend", rules, resTwoParentsOneBackend(parentTenancyStr, backendTenancyStr), DENY, DENY) + assert(t, "2parents 2backends", rules, resTwoParentsTwoBackends(parentTenancyStr, backendTenancyStr), DENY, DENY) + }) + t.Run("api1:read", func(t *testing.T) { + rules := serviceRead(aclTenancy.Partition, aclTenancy.Namespace, "api1") + assert(t, "1parent 1backend", rules, resOneParentOneBackend(parentTenancyStr, backendTenancyStr), maybe(ALLOW, true), DENY) + assert(t, "1parent 2backends", rules, resOneParentTwoBackends(parentTenancyStr, backendTenancyStr), maybe(ALLOW, true), DENY) + assert(t, "2parents 1backend", rules, resTwoParentsOneBackend(parentTenancyStr, backendTenancyStr), DENY, DENY) + assert(t, "2parents 2backends", rules, resTwoParentsTwoBackends(parentTenancyStr, backendTenancyStr), DENY, DENY) + }) + t.Run("api1:write", func(t *testing.T) { + rules := serviceWrite(aclTenancy.Partition, aclTenancy.Namespace, "api1") + assert(t, "1parent 1backend", rules, resOneParentOneBackend(parentTenancyStr, backendTenancyStr), maybe(ALLOW, true), DENY) + assert(t, "1parent 2backends", rules, resOneParentTwoBackends(parentTenancyStr, backendTenancyStr), maybe(ALLOW, true), DENY) + assert(t, "2parents 1backend", rules, resTwoParentsOneBackend(parentTenancyStr, backendTenancyStr), DENY, DENY) + assert(t, "2parents 2backends", rules, resTwoParentsTwoBackends(parentTenancyStr, backendTenancyStr), DENY, DENY) + }) + t.Run("api1:write backend1:read", func(t *testing.T) { + rules := serviceWrite(aclTenancy.Partition, aclTenancy.Namespace, "api1") + + serviceRead(aclTenancy.Partition, aclTenancy.Namespace, "backend1") + assert(t, "1parent 1backend", rules, resOneParentOneBackend(parentTenancyStr, backendTenancyStr), maybe(ALLOW, true), maybe(ALLOW, false)) + assert(t, "1parent 2backends", rules, resOneParentTwoBackends(parentTenancyStr, backendTenancyStr), maybe(ALLOW, true), DENY) + assert(t, "2parents 1backend", rules, resTwoParentsOneBackend(parentTenancyStr, backendTenancyStr), DENY, DENY) + assert(t, "2parents 2backends", rules, resTwoParentsTwoBackends(parentTenancyStr, backendTenancyStr), DENY, DENY) + }) + }) + } + }) + } + }) + } } func newRef(typ *pbresource.Type, name string) *pbresource.Reference { diff --git a/internal/resource/acls.go b/internal/resource/acls.go new file mode 100644 index 000000000000..55a5872fc0de --- /dev/null +++ b/internal/resource/acls.go @@ -0,0 +1,13 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package resource + +import "github.com/hashicorp/consul/acl" + +// NoOpACLListHook is a common function that can be used if no special list permission is required for a resource. +func NoOpACLListHook(_ acl.Authorizer, _ *acl.AuthorizerContext) error { + // No-op List permission as we want to default to filtering resources + // from the list using the Read enforcement. + return nil +} diff --git a/internal/resource/demo/demo.go b/internal/resource/demo/demo.go index b6a9263842d3..8e978c9fb49a 100644 --- a/internal/resource/demo/demo.go +++ b/internal/resource/demo/demo.go @@ -97,7 +97,7 @@ func RegisterTypes(r resource.Registry) { readACL := func(authz acl.Authorizer, authzContext *acl.AuthorizerContext, id *pbresource.ID, res *pbresource.Resource) error { if resource.EqualType(TypeV1RecordLabel, id.Type) { if res == nil { - return resource.ErrNeedData + return resource.ErrNeedResource } } key := fmt.Sprintf("resource/%s/%s", resource.ToGVK(id.Type), id.Name) diff --git a/internal/resource/errors.go b/internal/resource/errors.go index dbb624c8d004..24dd96e90ec4 100644 --- a/internal/resource/errors.go +++ b/internal/resource/errors.go @@ -5,15 +5,19 @@ package resource import ( "fmt" + "strings" - "github.com/hashicorp/consul/proto-public/pbresource" "google.golang.org/protobuf/reflect/protoreflect" + + "github.com/hashicorp/consul/proto-public/pbresource" ) var ( ErrMissing = NewConstError("missing required field") + ErrMissingOneOf = NewConstError("missing one of the required fields") ErrEmpty = NewConstError("cannot be empty") ErrReferenceTenancyNotEqual = NewConstError("resource tenancy and reference tenancy differ") + ErrUnsupported = NewConstError("field is currently not supported") ) // ConstError is more or less equivalent to the stdlib errors.errorstring. However, having @@ -133,6 +137,20 @@ type ErrOwnerTenantInvalid struct { } func (err ErrOwnerTenantInvalid) Error() string { + if err.ResourceTenancy == nil && err.OwnerTenancy != nil { + return fmt.Sprintf( + "empty resource tenancy cannot be owned by a resource in partition %s, namespace %s and peer %s", + err.OwnerTenancy.Partition, err.OwnerTenancy.Namespace, err.OwnerTenancy.PeerName, + ) + } + + if err.ResourceTenancy != nil && err.OwnerTenancy == nil { + return fmt.Sprintf( + "resource in partition %s, namespace %s and peer %s cannot be owned by a resource with empty tenancy", + err.ResourceTenancy.Partition, err.ResourceTenancy.Namespace, err.ResourceTenancy.PeerName, + ) + } + return fmt.Sprintf( "resource in partition %s, namespace %s and peer %s cannot be owned by a resource in partition %s, namespace %s and peer %s", err.ResourceTenancy.Partition, err.ResourceTenancy.Namespace, err.ResourceTenancy.PeerName, @@ -147,3 +165,17 @@ type ErrInvalidReferenceType struct { func (err ErrInvalidReferenceType) Error() string { return fmt.Sprintf("reference must have type %s", ToGVK(err.AllowedType)) } + +type ErrInvalidFields struct { + Names []string + Wrapped error +} + +func (err ErrInvalidFields) Error() string { + allFields := strings.Join(err.Names, ",") + return fmt.Sprintf("invalid %q fields: %v", allFields, err.Wrapped) +} + +func (err ErrInvalidFields) Unwrap() error { + return err.Wrapped +} diff --git a/internal/resource/protoc-gen-deepcopy/internal/generate/generate.go b/internal/resource/protoc-gen-deepcopy/internal/generate/generate.go index f9af3fa62a44..afa8dda7f621 100644 --- a/internal/resource/protoc-gen-deepcopy/internal/generate/generate.go +++ b/internal/resource/protoc-gen-deepcopy/internal/generate/generate.go @@ -37,8 +37,8 @@ func Generate(gen *protogen.Plugin) error { // Generate DeepCopyInto() method for this type p.P(`// DeepCopyInto supports using `, typeName, ` within kubernetes types, where deepcopy-gen is used.`) p.P(`func (in *`, typeName, `) DeepCopyInto(out *`, typeName, `) {`) - p.P(`p := `, protoIdent, `(in).(*`, typeName, `)`) - p.P(`*out = *p`) + p.P(`proto.Reset(out)`) + p.P(`proto.Merge(out,`, protoIdent, `(in))`) p.P(`}`) // Generate DeepCopy() method for this type diff --git a/internal/resource/registry.go b/internal/resource/registry.go index 2b004b6b4c0c..20c1f4dc41a8 100644 --- a/internal/resource/registry.go +++ b/internal/resource/registry.go @@ -68,14 +68,14 @@ type Registration struct { Scope Scope } -var ErrNeedData = errors.New("authorization check requires resource data") +var ErrNeedResource = errors.New("authorization check requires the entire resource") type ACLHooks struct { // Read is used to authorize Read RPCs and to filter results in List // RPCs. // // It can be called an ID and possibly a Resource. The check will first - // attempt to use the ID and if the hook returns ErrNeedData, then the + // attempt to use the ID and if the hook returns ErrNeedResource, then the // check will be deferred until the data is fetched from the storage layer. // // If it is omitted, `operator:read` permission is assumed. diff --git a/internal/resource/resourcetest/acls.go b/internal/resource/resourcetest/acls.go new file mode 100644 index 000000000000..3f77c7fec490 --- /dev/null +++ b/internal/resource/resourcetest/acls.go @@ -0,0 +1,119 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package resourcetest + +import ( + "testing" + + "github.com/stretchr/testify/require" + "google.golang.org/protobuf/reflect/protoreflect" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/internal/resource" + "github.com/hashicorp/consul/proto-public/pbresource" +) + +const ( + DENY = "deny" + ALLOW = "allow" + DEFAULT = "default" +) + +var checkF = func(t *testing.T, expect string, got error) { + switch expect { + case ALLOW: + if acl.IsErrPermissionDenied(got) { + t.Fatal("should be allowed") + } + case DENY: + if !acl.IsErrPermissionDenied(got) { + t.Fatal("should be denied") + } + case DEFAULT: + require.Nil(t, got, "expected fallthrough decision") + default: + t.Fatalf("unexpected expectation: %q", expect) + } +} + +type ACLTestCase struct { + Rules string + + // AuthCtx is optional. If not provided an empty one will be used. + AuthCtx *acl.AuthorizerContext + + // One of either Res or Data/Owner/Typ should be set. + Res *pbresource.Resource + Data protoreflect.ProtoMessage + Owner *pbresource.ID + Typ *pbresource.Type + + ReadOK string + WriteOK string + ListOK string + + ReadHookRequiresResource bool +} + +func RunACLTestCase(t *testing.T, tc ACLTestCase, registry resource.Registry) { + var ( + typ *pbresource.Type + res *pbresource.Resource + ) + if tc.Res != nil { + require.Nil(t, tc.Data) + require.Nil(t, tc.Owner) + require.Nil(t, tc.Typ) + typ = tc.Res.Id.GetType() + res = tc.Res + } else { + require.NotNil(t, tc.Data) + require.NotNil(t, tc.Typ) + typ = tc.Typ + + resolvedType, ok := registry.Resolve(typ) + require.True(t, ok) + + res = Resource(tc.Typ, "test"). + WithTenancy(DefaultTenancyForType(t, resolvedType)). + WithOwner(tc.Owner). + WithData(t, tc.Data). + Build() + } + + reg, ok := registry.Resolve(typ) + require.True(t, ok) + + ValidateAndNormalize(t, registry, res) + + config := acl.Config{ + WildcardName: structs.WildcardSpecifier, + } + authz, err := acl.NewAuthorizerFromRules(tc.Rules, &config, nil) + require.NoError(t, err) + authz = acl.NewChainedAuthorizer([]acl.Authorizer{authz, acl.DenyAll()}) + + if tc.AuthCtx == nil { + tc.AuthCtx = &acl.AuthorizerContext{} + } + + if tc.ReadHookRequiresResource { + err = reg.ACLs.Read(authz, tc.AuthCtx, res.Id, nil) + require.ErrorIs(t, err, resource.ErrNeedResource, "read hook should require the data payload") + } + + t.Run("read", func(t *testing.T) { + err := reg.ACLs.Read(authz, tc.AuthCtx, res.Id, res) + checkF(t, tc.ReadOK, err) + }) + t.Run("write", func(t *testing.T) { + err := reg.ACLs.Write(authz, tc.AuthCtx, res) + checkF(t, tc.WriteOK, err) + }) + t.Run("list", func(t *testing.T) { + err := reg.ACLs.List(authz, tc.AuthCtx) + checkF(t, tc.ListOK, err) + }) +} diff --git a/internal/resource/resourcetest/builder.go b/internal/resource/resourcetest/builder.go index 3de836a71db3..423bd66aaa22 100644 --- a/internal/resource/resourcetest/builder.go +++ b/internal/resource/resourcetest/builder.go @@ -178,7 +178,7 @@ func (b *resourceBuilder) Write(t T, client pbresource.ResourceServiceClient) *p id := proto.Clone(rsp.Resource.Id).(*pbresource.ID) id.Uid = "" t.Cleanup(func() { - rtestClient.MustDelete(t, id) + rtestClient.CleanupDelete(t, id) }) } diff --git a/internal/resource/resourcetest/client.go b/internal/resource/resourcetest/client.go index 8983a858ac87..a9ad08f5358d 100644 --- a/internal/resource/resourcetest/client.go +++ b/internal/resource/resourcetest/client.go @@ -5,12 +5,14 @@ package resourcetest import ( "context" + "flag" "fmt" "math/rand" "time" "github.com/stretchr/testify/require" "golang.org/x/exp/slices" + "google.golang.org/grpc" "google.golang.org/grpc/codes" "google.golang.org/grpc/metadata" "google.golang.org/grpc/status" @@ -21,25 +23,67 @@ import ( "github.com/hashicorp/consul/sdk/testutil/retry" ) +type ClientOption func(*Client) + +func WithRNGSeed(seed int64) ClientOption { + return func(c *Client) { + c.rng = rand.New(rand.NewSource(seed)) + } +} + +func WithRequestDelay(minMilliseconds int, maxMilliseconds int) ClientOption { + return func(c *Client) { + + min := minMilliseconds + max := maxMilliseconds + if max < min { + min = maxMilliseconds + max = minMilliseconds + } + c.requestDelayMin = min + c.requestDelayMax = max + } +} + +func WithACLToken(token string) ClientOption { + return func(c *Client) { + c.token = token + } +} + type Client struct { pbresource.ResourceServiceClient timeout time.Duration wait time.Duration token string -} -func NewClient(client pbresource.ResourceServiceClient) *Client { - return NewClientWithACLToken(client, "") + rng *rand.Rand + + requestDelayMin int + requestDelayMax int } -func NewClientWithACLToken(client pbresource.ResourceServiceClient, token string) *Client { - return &Client{ +func NewClient(client pbresource.ResourceServiceClient, opts ...ClientOption) *Client { + c := &Client{ ResourceServiceClient: client, timeout: 7 * time.Second, wait: 25 * time.Millisecond, - token: token, + rng: rand.New(rand.NewSource(time.Now().UnixNano())), + // arbitrary write delays are opt-in only + requestDelayMin: 0, + requestDelayMax: 0, + } + + for _, opt := range opts { + opt(c) } + + return c +} + +func NewClientWithACLToken(client pbresource.ResourceServiceClient, token string) *Client { + return NewClient(client, WithACLToken(token)) } func (client *Client) SetRetryerConfig(timeout time.Duration, wait time.Duration) { @@ -60,7 +104,7 @@ func (client *Client) PublishResources(t T, resources []*pbresource.Resource) { // controllers should eventually converge on the desired state. The exception to this // is that you cannot insert resources with owner refs before the resource they are // owned by or insert a resource into a non-default tenant before that tenant exists. - rand.Shuffle(len(resources), func(i, j int) { + client.rng.Shuffle(len(resources), func(i, j int) { temp := resources[i] resources[i] = resources[j] resources[j] = temp @@ -97,7 +141,7 @@ func (client *Client) PublishResources(t T, resources []*pbresource.Resource) { id := rsp.Resource.Id t.Cleanup(func() { - client.MustDelete(t, id) + client.CleanupDelete(t, id) }) // track the number of resources published @@ -119,6 +163,11 @@ func (client *Client) PublishResources(t T, resources []*pbresource.Resource) { require.Empty(t, resources, "Could not publish all resources - some resources have invalid owner references") } +func (client *Client) Write(ctx context.Context, in *pbresource.WriteRequest, opts ...grpc.CallOption) (*pbresource.WriteResponse, error) { + client.delayRequest() + return client.ResourceServiceClient.Write(ctx, in, opts...) +} + func (client *Client) Context(t T) context.Context { ctx := testutil.TestContext(t) @@ -280,11 +329,32 @@ func (client *Client) ResolveResourceID(t T, id *pbresource.ID) *pbresource.ID { return client.RequireResourceExists(t, id).Id } +// MustDelete will delete a resource by its id, retrying if necessary and fail the test +// if it cannot delete it within the timeout. The clients request delay settings are +// taken into account with this operation. func (client *Client) MustDelete(t T, id *pbresource.ID) { + t.Helper() + client.retryDelete(t, id, true) +} + +// CleanupDelete will perform the same operations as MustDelete to ensure the resource is +// deleted. The clients request delay settings are ignored for this operation and it is +// assumed this will only be called in the context of test Cleanup routines where we +// are no longer testing that a controller eventually converges on some values in response +// to the delete. +func (client *Client) CleanupDelete(t T, id *pbresource.ID) { + t.Helper() + client.retryDelete(t, id, true) +} + +func (client *Client) retryDelete(t T, id *pbresource.ID, shouldDelay bool) { t.Helper() ctx := client.Context(t) client.retry(t, func(r *retry.R) { + if shouldDelay { + client.delayRequest() + } _, err := client.Delete(ctx, &pbresource.DeleteRequest{Id: id}) if status.Code(err) == codes.NotFound { return @@ -300,3 +370,53 @@ func (client *Client) MustDelete(t T, id *pbresource.ID) { require.NoError(r, err) }) } + +func (client *Client) delayRequest() { + if client.requestDelayMin == 0 && client.requestDelayMax == 0 { + return + } + + var delay time.Duration + if client.requestDelayMin == client.requestDelayMax { + delay = time.Duration(client.requestDelayMin) * time.Millisecond + } else { + delay = time.Duration(client.rng.Intn(client.requestDelayMax-client.requestDelayMin)+client.requestDelayMin) * time.Millisecond + } + time.Sleep(delay) +} + +type CLIOptions struct { + minRequestDelay int + maxRequestDelay int + seed int64 +} + +type CLIOptionT interface { + Helper() + Logf(string, ...any) +} + +func (o *CLIOptions) ClientOptions(t CLIOptionT) []ClientOption { + t.Helper() + t.Logf("Using %d for the random number generator seed. Pass -rng-seed= to overwrite the time based seed", o.seed) + t.Logf("Using random request delays between %dms and %dms. Use -min-request-delay= or -max-request-delay= to override the defaults", o.minRequestDelay, o.maxRequestDelay) + + return []ClientOption{ + WithRNGSeed(o.seed), + WithRequestDelay(o.minRequestDelay, o.maxRequestDelay), + } +} + +func ConfigureTestCLIFlags() *CLIOptions { + opts := &CLIOptions{ + minRequestDelay: 0, + maxRequestDelay: 0, + seed: time.Now().UnixNano(), + } + + flag.Int64Var(&opts.seed, "rng-seed", opts.seed, "Seed to use for pseudo-random-number-generators") + flag.IntVar(&opts.minRequestDelay, "min-request-delay", 10, "Minimum delay before performing a resource write (milliseconds: default=10)") + flag.IntVar(&opts.maxRequestDelay, "max-request-delay", 50, "Maximum delay before performing a resource write (milliseconds: default=50)") + + return opts +} diff --git a/internal/resource/resourcetest/tenancy.go b/internal/resource/resourcetest/tenancy.go index 838379cebbed..5f5c0525b6f4 100644 --- a/internal/resource/resourcetest/tenancy.go +++ b/internal/resource/resourcetest/tenancy.go @@ -5,6 +5,7 @@ package resourcetest import ( "strings" + "testing" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/proto-public/pbresource" @@ -35,3 +36,17 @@ func Tenancy(s string) *pbresource.Tenancy { return &pbresource.Tenancy{Partition: "BAD", Namespace: "BAD", PeerName: "BAD"} } } + +func DefaultTenancyForType(t *testing.T, reg resource.Registration) *pbresource.Tenancy { + switch reg.Scope { + case resource.ScopeNamespace: + return resource.DefaultNamespacedTenancy() + case resource.ScopePartition: + return resource.DefaultPartitionedTenancy() + case resource.ScopeCluster: + return resource.DefaultClusteredTenancy() + default: + t.Fatalf("unsupported resource scope: %v", reg.Scope) + return nil + } +} diff --git a/internal/testing/golden/golden.go b/internal/testing/golden/golden.go index 8145d16814bf..a4d971d0d096 100644 --- a/internal/testing/golden/golden.go +++ b/internal/testing/golden/golden.go @@ -42,7 +42,15 @@ func GetBytes(t *testing.T, actual, filename string) []byte { require.NoError(t, err) } - expected, err := os.ReadFile(path) + return GetBytesAtFilePath(t, path) +} + +// GetBytes reads the expected value from the file at filepath and returns the +// value as a byte array. filepath is relative to the ./testdata directory. +func GetBytesAtFilePath(t *testing.T, filepath string) []byte { + t.Helper() + + expected, err := os.ReadFile(filepath) require.NoError(t, err) return expected } diff --git a/proto-public/annotations/ratelimit/ratelimit_deepcopy.gen.go b/proto-public/annotations/ratelimit/ratelimit_deepcopy.gen.go index 72ef4d990c62..6c1c69633734 100644 --- a/proto-public/annotations/ratelimit/ratelimit_deepcopy.gen.go +++ b/proto-public/annotations/ratelimit/ratelimit_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using Spec within kubernetes types, where deepcopy-gen is used. func (in *Spec) DeepCopyInto(out *Spec) { - p := proto.Clone(in).(*Spec) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Spec. Required by controller-gen. diff --git a/proto-public/go.mod b/proto-public/go.mod index b77474df64bb..ab00c6c62e2c 100644 --- a/proto-public/go.mod +++ b/proto-public/go.mod @@ -5,7 +5,7 @@ go 1.19 require ( github.com/stretchr/testify v1.8.3 golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 - google.golang.org/grpc v1.55.0 + google.golang.org/grpc v1.56.3 google.golang.org/protobuf v1.30.0 ) @@ -16,9 +16,9 @@ require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/rogpeppe/go-internal v1.10.0 // indirect github.com/stretchr/objx v0.5.0 // indirect - golang.org/x/net v0.13.0 // indirect - golang.org/x/sys v0.11.0 // indirect - golang.org/x/text v0.11.0 // indirect + golang.org/x/net v0.17.0 // indirect + golang.org/x/sys v0.13.0 // indirect + golang.org/x/text v0.13.0 // indirect google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/proto-public/go.sum b/proto-public/go.sum index ffb9a0538ca9..f11647a8490e 100644 --- a/proto-public/go.sum +++ b/proto-public/go.sum @@ -32,17 +32,17 @@ github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gt github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 h1:m64FZMko/V45gv0bNmrNYoDEq8U5YUhetc9cBWKS1TQ= golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63/go.mod h1:0v4NqG35kSWCMzLaMeX+IQrlSnVE/bqGSyC2cz/9Le8= -golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY= -golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= -golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= -golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= -golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A= google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= -google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag= -google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= +google.golang.org/grpc v1.56.3 h1:8I4C0Yq1EjstUzUJzpcRVbuYA2mODtEmpWiQoN/b2nc= +google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= diff --git a/proto-public/pbacl/acl_deepcopy.gen.go b/proto-public/pbacl/acl_deepcopy.gen.go index 9bf1dcb45766..b3b069fe1fc8 100644 --- a/proto-public/pbacl/acl_deepcopy.gen.go +++ b/proto-public/pbacl/acl_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using LogoutResponse within kubernetes types, where deepcopy-gen is used. func (in *LogoutResponse) DeepCopyInto(out *LogoutResponse) { - p := proto.Clone(in).(*LogoutResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LogoutResponse. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *LogoutResponse) DeepCopyInterface() interface{} { // DeepCopyInto supports using LoginRequest within kubernetes types, where deepcopy-gen is used. func (in *LoginRequest) DeepCopyInto(out *LoginRequest) { - p := proto.Clone(in).(*LoginRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoginRequest. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *LoginRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using LoginResponse within kubernetes types, where deepcopy-gen is used. func (in *LoginResponse) DeepCopyInto(out *LoginResponse) { - p := proto.Clone(in).(*LoginResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoginResponse. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *LoginResponse) DeepCopyInterface() interface{} { // DeepCopyInto supports using LoginToken within kubernetes types, where deepcopy-gen is used. func (in *LoginToken) DeepCopyInto(out *LoginToken) { - p := proto.Clone(in).(*LoginToken) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoginToken. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *LoginToken) DeepCopyInterface() interface{} { // DeepCopyInto supports using LogoutRequest within kubernetes types, where deepcopy-gen is used. func (in *LogoutRequest) DeepCopyInto(out *LogoutRequest) { - p := proto.Clone(in).(*LogoutRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LogoutRequest. Required by controller-gen. diff --git a/proto-public/pbauth/v2beta1/computed_traffic_permissions_deepcopy.gen.go b/proto-public/pbauth/v2beta1/computed_traffic_permissions_deepcopy.gen.go index b0b3baa08721..7c22d2285c2d 100644 --- a/proto-public/pbauth/v2beta1/computed_traffic_permissions_deepcopy.gen.go +++ b/proto-public/pbauth/v2beta1/computed_traffic_permissions_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using ComputedTrafficPermissions within kubernetes types, where deepcopy-gen is used. func (in *ComputedTrafficPermissions) DeepCopyInto(out *ComputedTrafficPermissions) { - p := proto.Clone(in).(*ComputedTrafficPermissions) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedTrafficPermissions. Required by controller-gen. diff --git a/proto-public/pbauth/v2beta1/traffic_permissions_deepcopy.gen.go b/proto-public/pbauth/v2beta1/traffic_permissions_deepcopy.gen.go index 177c60c14a89..b954d00b407f 100644 --- a/proto-public/pbauth/v2beta1/traffic_permissions_deepcopy.gen.go +++ b/proto-public/pbauth/v2beta1/traffic_permissions_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using TrafficPermissions within kubernetes types, where deepcopy-gen is used. func (in *TrafficPermissions) DeepCopyInto(out *TrafficPermissions) { - p := proto.Clone(in).(*TrafficPermissions) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPermissions. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *TrafficPermissions) DeepCopyInterface() interface{} { // DeepCopyInto supports using NamespaceTrafficPermissions within kubernetes types, where deepcopy-gen is used. func (in *NamespaceTrafficPermissions) DeepCopyInto(out *NamespaceTrafficPermissions) { - p := proto.Clone(in).(*NamespaceTrafficPermissions) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceTrafficPermissions. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *NamespaceTrafficPermissions) DeepCopyInterface() interface{} { // DeepCopyInto supports using PartitionTrafficPermissions within kubernetes types, where deepcopy-gen is used. func (in *PartitionTrafficPermissions) DeepCopyInto(out *PartitionTrafficPermissions) { - p := proto.Clone(in).(*PartitionTrafficPermissions) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PartitionTrafficPermissions. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *PartitionTrafficPermissions) DeepCopyInterface() interface{} { // DeepCopyInto supports using Destination within kubernetes types, where deepcopy-gen is used. func (in *Destination) DeepCopyInto(out *Destination) { - p := proto.Clone(in).(*Destination) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Destination. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *Destination) DeepCopyInterface() interface{} { // DeepCopyInto supports using Permission within kubernetes types, where deepcopy-gen is used. func (in *Permission) DeepCopyInto(out *Permission) { - p := proto.Clone(in).(*Permission) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Permission. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *Permission) DeepCopyInterface() interface{} { // DeepCopyInto supports using Source within kubernetes types, where deepcopy-gen is used. func (in *Source) DeepCopyInto(out *Source) { - p := proto.Clone(in).(*Source) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Source. Required by controller-gen. @@ -133,8 +133,8 @@ func (in *Source) DeepCopyInterface() interface{} { // DeepCopyInto supports using ExcludeSource within kubernetes types, where deepcopy-gen is used. func (in *ExcludeSource) DeepCopyInto(out *ExcludeSource) { - p := proto.Clone(in).(*ExcludeSource) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExcludeSource. Required by controller-gen. @@ -154,8 +154,8 @@ func (in *ExcludeSource) DeepCopyInterface() interface{} { // DeepCopyInto supports using DestinationRule within kubernetes types, where deepcopy-gen is used. func (in *DestinationRule) DeepCopyInto(out *DestinationRule) { - p := proto.Clone(in).(*DestinationRule) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationRule. Required by controller-gen. @@ -175,8 +175,8 @@ func (in *DestinationRule) DeepCopyInterface() interface{} { // DeepCopyInto supports using ExcludePermissionRule within kubernetes types, where deepcopy-gen is used. func (in *ExcludePermissionRule) DeepCopyInto(out *ExcludePermissionRule) { - p := proto.Clone(in).(*ExcludePermissionRule) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExcludePermissionRule. Required by controller-gen. @@ -196,8 +196,8 @@ func (in *ExcludePermissionRule) DeepCopyInterface() interface{} { // DeepCopyInto supports using DestinationRuleHeader within kubernetes types, where deepcopy-gen is used. func (in *DestinationRuleHeader) DeepCopyInto(out *DestinationRuleHeader) { - p := proto.Clone(in).(*DestinationRuleHeader) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationRuleHeader. Required by controller-gen. diff --git a/proto-public/pbauth/v2beta1/workload_identity_deepcopy.gen.go b/proto-public/pbauth/v2beta1/workload_identity_deepcopy.gen.go index 7684b5ef837f..7a25aba74a48 100644 --- a/proto-public/pbauth/v2beta1/workload_identity_deepcopy.gen.go +++ b/proto-public/pbauth/v2beta1/workload_identity_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using WorkloadIdentity within kubernetes types, where deepcopy-gen is used. func (in *WorkloadIdentity) DeepCopyInto(out *WorkloadIdentity) { - p := proto.Clone(in).(*WorkloadIdentity) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadIdentity. Required by controller-gen. diff --git a/proto-public/pbcatalog/v2beta1/dns_deepcopy.gen.go b/proto-public/pbcatalog/v2beta1/dns_deepcopy.gen.go index f2a7b3564fc9..9a3d883b8cec 100644 --- a/proto-public/pbcatalog/v2beta1/dns_deepcopy.gen.go +++ b/proto-public/pbcatalog/v2beta1/dns_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using DNSPolicy within kubernetes types, where deepcopy-gen is used. func (in *DNSPolicy) DeepCopyInto(out *DNSPolicy) { - p := proto.Clone(in).(*DNSPolicy) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSPolicy. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *DNSPolicy) DeepCopyInterface() interface{} { // DeepCopyInto supports using Weights within kubernetes types, where deepcopy-gen is used. func (in *Weights) DeepCopyInto(out *Weights) { - p := proto.Clone(in).(*Weights) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Weights. Required by controller-gen. diff --git a/proto-public/pbcatalog/v2beta1/failover_policy_deepcopy.gen.go b/proto-public/pbcatalog/v2beta1/failover_policy_deepcopy.gen.go index b0fc57e9723d..fabe3f9e30a6 100644 --- a/proto-public/pbcatalog/v2beta1/failover_policy_deepcopy.gen.go +++ b/proto-public/pbcatalog/v2beta1/failover_policy_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using FailoverPolicy within kubernetes types, where deepcopy-gen is used. func (in *FailoverPolicy) DeepCopyInto(out *FailoverPolicy) { - p := proto.Clone(in).(*FailoverPolicy) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FailoverPolicy. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *FailoverPolicy) DeepCopyInterface() interface{} { // DeepCopyInto supports using FailoverConfig within kubernetes types, where deepcopy-gen is used. func (in *FailoverConfig) DeepCopyInto(out *FailoverConfig) { - p := proto.Clone(in).(*FailoverConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FailoverConfig. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *FailoverConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using FailoverDestination within kubernetes types, where deepcopy-gen is used. func (in *FailoverDestination) DeepCopyInto(out *FailoverDestination) { - p := proto.Clone(in).(*FailoverDestination) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FailoverDestination. Required by controller-gen. diff --git a/proto-public/pbcatalog/v2beta1/health_deepcopy.gen.go b/proto-public/pbcatalog/v2beta1/health_deepcopy.gen.go index bb24cbe052fd..677a1af1056d 100644 --- a/proto-public/pbcatalog/v2beta1/health_deepcopy.gen.go +++ b/proto-public/pbcatalog/v2beta1/health_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using HealthStatus within kubernetes types, where deepcopy-gen is used. func (in *HealthStatus) DeepCopyInto(out *HealthStatus) { - p := proto.Clone(in).(*HealthStatus) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HealthStatus. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *HealthStatus) DeepCopyInterface() interface{} { // DeepCopyInto supports using HealthChecks within kubernetes types, where deepcopy-gen is used. func (in *HealthChecks) DeepCopyInto(out *HealthChecks) { - p := proto.Clone(in).(*HealthChecks) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HealthChecks. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *HealthChecks) DeepCopyInterface() interface{} { // DeepCopyInto supports using HealthCheck within kubernetes types, where deepcopy-gen is used. func (in *HealthCheck) DeepCopyInto(out *HealthCheck) { - p := proto.Clone(in).(*HealthCheck) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HealthCheck. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *HealthCheck) DeepCopyInterface() interface{} { // DeepCopyInto supports using HTTPCheck within kubernetes types, where deepcopy-gen is used. func (in *HTTPCheck) DeepCopyInto(out *HTTPCheck) { - p := proto.Clone(in).(*HTTPCheck) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPCheck. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *HTTPCheck) DeepCopyInterface() interface{} { // DeepCopyInto supports using TCPCheck within kubernetes types, where deepcopy-gen is used. func (in *TCPCheck) DeepCopyInto(out *TCPCheck) { - p := proto.Clone(in).(*TCPCheck) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPCheck. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *TCPCheck) DeepCopyInterface() interface{} { // DeepCopyInto supports using UDPCheck within kubernetes types, where deepcopy-gen is used. func (in *UDPCheck) DeepCopyInto(out *UDPCheck) { - p := proto.Clone(in).(*UDPCheck) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UDPCheck. Required by controller-gen. @@ -133,8 +133,8 @@ func (in *UDPCheck) DeepCopyInterface() interface{} { // DeepCopyInto supports using GRPCCheck within kubernetes types, where deepcopy-gen is used. func (in *GRPCCheck) DeepCopyInto(out *GRPCCheck) { - p := proto.Clone(in).(*GRPCCheck) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCCheck. Required by controller-gen. @@ -154,8 +154,8 @@ func (in *GRPCCheck) DeepCopyInterface() interface{} { // DeepCopyInto supports using OSServiceCheck within kubernetes types, where deepcopy-gen is used. func (in *OSServiceCheck) DeepCopyInto(out *OSServiceCheck) { - p := proto.Clone(in).(*OSServiceCheck) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OSServiceCheck. Required by controller-gen. @@ -175,8 +175,8 @@ func (in *OSServiceCheck) DeepCopyInterface() interface{} { // DeepCopyInto supports using CheckTLSConfig within kubernetes types, where deepcopy-gen is used. func (in *CheckTLSConfig) DeepCopyInto(out *CheckTLSConfig) { - p := proto.Clone(in).(*CheckTLSConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CheckTLSConfig. Required by controller-gen. diff --git a/proto-public/pbcatalog/v2beta1/node_deepcopy.gen.go b/proto-public/pbcatalog/v2beta1/node_deepcopy.gen.go index 775faa3d535f..d864f7858fe6 100644 --- a/proto-public/pbcatalog/v2beta1/node_deepcopy.gen.go +++ b/proto-public/pbcatalog/v2beta1/node_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using Node within kubernetes types, where deepcopy-gen is used. func (in *Node) DeepCopyInto(out *Node) { - p := proto.Clone(in).(*Node) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Node. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *Node) DeepCopyInterface() interface{} { // DeepCopyInto supports using NodeAddress within kubernetes types, where deepcopy-gen is used. func (in *NodeAddress) DeepCopyInto(out *NodeAddress) { - p := proto.Clone(in).(*NodeAddress) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeAddress. Required by controller-gen. diff --git a/proto-public/pbcatalog/v2beta1/selector_deepcopy.gen.go b/proto-public/pbcatalog/v2beta1/selector_deepcopy.gen.go index 1f4ae1c7ff52..7e59d5588081 100644 --- a/proto-public/pbcatalog/v2beta1/selector_deepcopy.gen.go +++ b/proto-public/pbcatalog/v2beta1/selector_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using WorkloadSelector within kubernetes types, where deepcopy-gen is used. func (in *WorkloadSelector) DeepCopyInto(out *WorkloadSelector) { - p := proto.Clone(in).(*WorkloadSelector) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadSelector. Required by controller-gen. diff --git a/proto-public/pbcatalog/v2beta1/service_deepcopy.gen.go b/proto-public/pbcatalog/v2beta1/service_deepcopy.gen.go index 92e77ecb9d44..fa578cc34464 100644 --- a/proto-public/pbcatalog/v2beta1/service_deepcopy.gen.go +++ b/proto-public/pbcatalog/v2beta1/service_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using Service within kubernetes types, where deepcopy-gen is used. func (in *Service) DeepCopyInto(out *Service) { - p := proto.Clone(in).(*Service) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Service. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *Service) DeepCopyInterface() interface{} { // DeepCopyInto supports using ServicePort within kubernetes types, where deepcopy-gen is used. func (in *ServicePort) DeepCopyInto(out *ServicePort) { - p := proto.Clone(in).(*ServicePort) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServicePort. Required by controller-gen. diff --git a/proto-public/pbcatalog/v2beta1/service_endpoints_deepcopy.gen.go b/proto-public/pbcatalog/v2beta1/service_endpoints_deepcopy.gen.go index 6c1e3833bf41..f3634c091be7 100644 --- a/proto-public/pbcatalog/v2beta1/service_endpoints_deepcopy.gen.go +++ b/proto-public/pbcatalog/v2beta1/service_endpoints_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using ServiceEndpoints within kubernetes types, where deepcopy-gen is used. func (in *ServiceEndpoints) DeepCopyInto(out *ServiceEndpoints) { - p := proto.Clone(in).(*ServiceEndpoints) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEndpoints. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *ServiceEndpoints) DeepCopyInterface() interface{} { // DeepCopyInto supports using Endpoint within kubernetes types, where deepcopy-gen is used. func (in *Endpoint) DeepCopyInto(out *Endpoint) { - p := proto.Clone(in).(*Endpoint) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Endpoint. Required by controller-gen. diff --git a/proto-public/pbcatalog/v2beta1/vip_deepcopy.gen.go b/proto-public/pbcatalog/v2beta1/vip_deepcopy.gen.go index d49da5045ba2..8308240c52b0 100644 --- a/proto-public/pbcatalog/v2beta1/vip_deepcopy.gen.go +++ b/proto-public/pbcatalog/v2beta1/vip_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using VirtualIPs within kubernetes types, where deepcopy-gen is used. func (in *VirtualIPs) DeepCopyInto(out *VirtualIPs) { - p := proto.Clone(in).(*VirtualIPs) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualIPs. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *VirtualIPs) DeepCopyInterface() interface{} { // DeepCopyInto supports using IP within kubernetes types, where deepcopy-gen is used. func (in *IP) DeepCopyInto(out *IP) { - p := proto.Clone(in).(*IP) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IP. Required by controller-gen. diff --git a/proto-public/pbcatalog/v2beta1/workload_deepcopy.gen.go b/proto-public/pbcatalog/v2beta1/workload_deepcopy.gen.go index fbb4b50af325..10d71872bf6d 100644 --- a/proto-public/pbcatalog/v2beta1/workload_deepcopy.gen.go +++ b/proto-public/pbcatalog/v2beta1/workload_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using Workload within kubernetes types, where deepcopy-gen is used. func (in *Workload) DeepCopyInto(out *Workload) { - p := proto.Clone(in).(*Workload) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Workload. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *Workload) DeepCopyInterface() interface{} { // DeepCopyInto supports using WorkloadAddress within kubernetes types, where deepcopy-gen is used. func (in *WorkloadAddress) DeepCopyInto(out *WorkloadAddress) { - p := proto.Clone(in).(*WorkloadAddress) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadAddress. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *WorkloadAddress) DeepCopyInterface() interface{} { // DeepCopyInto supports using WorkloadPort within kubernetes types, where deepcopy-gen is used. func (in *WorkloadPort) DeepCopyInto(out *WorkloadPort) { - p := proto.Clone(in).(*WorkloadPort) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadPort. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *WorkloadPort) DeepCopyInterface() interface{} { // DeepCopyInto supports using Locality within kubernetes types, where deepcopy-gen is used. func (in *Locality) DeepCopyInto(out *Locality) { - p := proto.Clone(in).(*Locality) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Locality. Required by controller-gen. diff --git a/proto-public/pbconnectca/ca_deepcopy.gen.go b/proto-public/pbconnectca/ca_deepcopy.gen.go index 5200e4d9cac7..8ac221b224c5 100644 --- a/proto-public/pbconnectca/ca_deepcopy.gen.go +++ b/proto-public/pbconnectca/ca_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using WatchRootsRequest within kubernetes types, where deepcopy-gen is used. func (in *WatchRootsRequest) DeepCopyInto(out *WatchRootsRequest) { - p := proto.Clone(in).(*WatchRootsRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WatchRootsRequest. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *WatchRootsRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using WatchRootsResponse within kubernetes types, where deepcopy-gen is used. func (in *WatchRootsResponse) DeepCopyInto(out *WatchRootsResponse) { - p := proto.Clone(in).(*WatchRootsResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WatchRootsResponse. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *WatchRootsResponse) DeepCopyInterface() interface{} { // DeepCopyInto supports using CARoot within kubernetes types, where deepcopy-gen is used. func (in *CARoot) DeepCopyInto(out *CARoot) { - p := proto.Clone(in).(*CARoot) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CARoot. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *CARoot) DeepCopyInterface() interface{} { // DeepCopyInto supports using SignRequest within kubernetes types, where deepcopy-gen is used. func (in *SignRequest) DeepCopyInto(out *SignRequest) { - p := proto.Clone(in).(*SignRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SignRequest. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *SignRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using SignResponse within kubernetes types, where deepcopy-gen is used. func (in *SignResponse) DeepCopyInto(out *SignResponse) { - p := proto.Clone(in).(*SignResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SignResponse. Required by controller-gen. diff --git a/proto-public/pbdataplane/dataplane_deepcopy.gen.go b/proto-public/pbdataplane/dataplane_deepcopy.gen.go index 1d787b70721d..e1daf2b699fb 100644 --- a/proto-public/pbdataplane/dataplane_deepcopy.gen.go +++ b/proto-public/pbdataplane/dataplane_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using GetSupportedDataplaneFeaturesRequest within kubernetes types, where deepcopy-gen is used. func (in *GetSupportedDataplaneFeaturesRequest) DeepCopyInto(out *GetSupportedDataplaneFeaturesRequest) { - p := proto.Clone(in).(*GetSupportedDataplaneFeaturesRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GetSupportedDataplaneFeaturesRequest. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *GetSupportedDataplaneFeaturesRequest) DeepCopyInterface() interface{} // DeepCopyInto supports using DataplaneFeatureSupport within kubernetes types, where deepcopy-gen is used. func (in *DataplaneFeatureSupport) DeepCopyInto(out *DataplaneFeatureSupport) { - p := proto.Clone(in).(*DataplaneFeatureSupport) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DataplaneFeatureSupport. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *DataplaneFeatureSupport) DeepCopyInterface() interface{} { // DeepCopyInto supports using GetSupportedDataplaneFeaturesResponse within kubernetes types, where deepcopy-gen is used. func (in *GetSupportedDataplaneFeaturesResponse) DeepCopyInto(out *GetSupportedDataplaneFeaturesResponse) { - p := proto.Clone(in).(*GetSupportedDataplaneFeaturesResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GetSupportedDataplaneFeaturesResponse. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *GetSupportedDataplaneFeaturesResponse) DeepCopyInterface() interface{} // DeepCopyInto supports using GetEnvoyBootstrapParamsRequest within kubernetes types, where deepcopy-gen is used. func (in *GetEnvoyBootstrapParamsRequest) DeepCopyInto(out *GetEnvoyBootstrapParamsRequest) { - p := proto.Clone(in).(*GetEnvoyBootstrapParamsRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GetEnvoyBootstrapParamsRequest. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *GetEnvoyBootstrapParamsRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using GetEnvoyBootstrapParamsResponse within kubernetes types, where deepcopy-gen is used. func (in *GetEnvoyBootstrapParamsResponse) DeepCopyInto(out *GetEnvoyBootstrapParamsResponse) { - p := proto.Clone(in).(*GetEnvoyBootstrapParamsResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GetEnvoyBootstrapParamsResponse. Required by controller-gen. diff --git a/proto-public/pbdns/dns_deepcopy.gen.go b/proto-public/pbdns/dns_deepcopy.gen.go index c2975e2d7f9a..339ab448e1d1 100644 --- a/proto-public/pbdns/dns_deepcopy.gen.go +++ b/proto-public/pbdns/dns_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using QueryRequest within kubernetes types, where deepcopy-gen is used. func (in *QueryRequest) DeepCopyInto(out *QueryRequest) { - p := proto.Clone(in).(*QueryRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueryRequest. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *QueryRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using QueryResponse within kubernetes types, where deepcopy-gen is used. func (in *QueryResponse) DeepCopyInto(out *QueryResponse) { - p := proto.Clone(in).(*QueryResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueryResponse. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/common_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/common_deepcopy.gen.go index dae015adf7ce..f9aa662c4182 100644 --- a/proto-public/pbmesh/v2beta1/common_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/common_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using ParentReference within kubernetes types, where deepcopy-gen is used. func (in *ParentReference) DeepCopyInto(out *ParentReference) { - p := proto.Clone(in).(*ParentReference) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParentReference. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *ParentReference) DeepCopyInterface() interface{} { // DeepCopyInto supports using BackendReference within kubernetes types, where deepcopy-gen is used. func (in *BackendReference) DeepCopyInto(out *BackendReference) { - p := proto.Clone(in).(*BackendReference) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendReference. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/computed_explicit_destinations_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/computed_explicit_destinations_deepcopy.gen.go index 3e237e2ac009..7a14e57454f2 100644 --- a/proto-public/pbmesh/v2beta1/computed_explicit_destinations_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/computed_explicit_destinations_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using ComputedExplicitDestinations within kubernetes types, where deepcopy-gen is used. func (in *ComputedExplicitDestinations) DeepCopyInto(out *ComputedExplicitDestinations) { - p := proto.Clone(in).(*ComputedExplicitDestinations) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedExplicitDestinations. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/computed_proxy_configuration_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/computed_proxy_configuration_deepcopy.gen.go index c8d608122268..d6eb5723030b 100644 --- a/proto-public/pbmesh/v2beta1/computed_proxy_configuration_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/computed_proxy_configuration_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using ComputedProxyConfiguration within kubernetes types, where deepcopy-gen is used. func (in *ComputedProxyConfiguration) DeepCopyInto(out *ComputedProxyConfiguration) { - p := proto.Clone(in).(*ComputedProxyConfiguration) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedProxyConfiguration. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/computed_routes_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/computed_routes_deepcopy.gen.go index 01e077aacf00..d63358455892 100644 --- a/proto-public/pbmesh/v2beta1/computed_routes_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/computed_routes_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using ComputedRoutes within kubernetes types, where deepcopy-gen is used. func (in *ComputedRoutes) DeepCopyInto(out *ComputedRoutes) { - p := proto.Clone(in).(*ComputedRoutes) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedRoutes. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *ComputedRoutes) DeepCopyInterface() interface{} { // DeepCopyInto supports using ComputedPortRoutes within kubernetes types, where deepcopy-gen is used. func (in *ComputedPortRoutes) DeepCopyInto(out *ComputedPortRoutes) { - p := proto.Clone(in).(*ComputedPortRoutes) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedPortRoutes. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *ComputedPortRoutes) DeepCopyInterface() interface{} { // DeepCopyInto supports using ComputedHTTPRoute within kubernetes types, where deepcopy-gen is used. func (in *ComputedHTTPRoute) DeepCopyInto(out *ComputedHTTPRoute) { - p := proto.Clone(in).(*ComputedHTTPRoute) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedHTTPRoute. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *ComputedHTTPRoute) DeepCopyInterface() interface{} { // DeepCopyInto supports using ComputedHTTPRouteRule within kubernetes types, where deepcopy-gen is used. func (in *ComputedHTTPRouteRule) DeepCopyInto(out *ComputedHTTPRouteRule) { - p := proto.Clone(in).(*ComputedHTTPRouteRule) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedHTTPRouteRule. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *ComputedHTTPRouteRule) DeepCopyInterface() interface{} { // DeepCopyInto supports using ComputedHTTPBackendRef within kubernetes types, where deepcopy-gen is used. func (in *ComputedHTTPBackendRef) DeepCopyInto(out *ComputedHTTPBackendRef) { - p := proto.Clone(in).(*ComputedHTTPBackendRef) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedHTTPBackendRef. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *ComputedHTTPBackendRef) DeepCopyInterface() interface{} { // DeepCopyInto supports using ComputedGRPCRoute within kubernetes types, where deepcopy-gen is used. func (in *ComputedGRPCRoute) DeepCopyInto(out *ComputedGRPCRoute) { - p := proto.Clone(in).(*ComputedGRPCRoute) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedGRPCRoute. Required by controller-gen. @@ -133,8 +133,8 @@ func (in *ComputedGRPCRoute) DeepCopyInterface() interface{} { // DeepCopyInto supports using ComputedGRPCRouteRule within kubernetes types, where deepcopy-gen is used. func (in *ComputedGRPCRouteRule) DeepCopyInto(out *ComputedGRPCRouteRule) { - p := proto.Clone(in).(*ComputedGRPCRouteRule) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedGRPCRouteRule. Required by controller-gen. @@ -154,8 +154,8 @@ func (in *ComputedGRPCRouteRule) DeepCopyInterface() interface{} { // DeepCopyInto supports using ComputedGRPCBackendRef within kubernetes types, where deepcopy-gen is used. func (in *ComputedGRPCBackendRef) DeepCopyInto(out *ComputedGRPCBackendRef) { - p := proto.Clone(in).(*ComputedGRPCBackendRef) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedGRPCBackendRef. Required by controller-gen. @@ -175,8 +175,8 @@ func (in *ComputedGRPCBackendRef) DeepCopyInterface() interface{} { // DeepCopyInto supports using ComputedTCPRoute within kubernetes types, where deepcopy-gen is used. func (in *ComputedTCPRoute) DeepCopyInto(out *ComputedTCPRoute) { - p := proto.Clone(in).(*ComputedTCPRoute) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedTCPRoute. Required by controller-gen. @@ -196,8 +196,8 @@ func (in *ComputedTCPRoute) DeepCopyInterface() interface{} { // DeepCopyInto supports using ComputedTCPRouteRule within kubernetes types, where deepcopy-gen is used. func (in *ComputedTCPRouteRule) DeepCopyInto(out *ComputedTCPRouteRule) { - p := proto.Clone(in).(*ComputedTCPRouteRule) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedTCPRouteRule. Required by controller-gen. @@ -217,8 +217,8 @@ func (in *ComputedTCPRouteRule) DeepCopyInterface() interface{} { // DeepCopyInto supports using ComputedTCPBackendRef within kubernetes types, where deepcopy-gen is used. func (in *ComputedTCPBackendRef) DeepCopyInto(out *ComputedTCPBackendRef) { - p := proto.Clone(in).(*ComputedTCPBackendRef) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedTCPBackendRef. Required by controller-gen. @@ -238,8 +238,8 @@ func (in *ComputedTCPBackendRef) DeepCopyInterface() interface{} { // DeepCopyInto supports using BackendTargetDetails within kubernetes types, where deepcopy-gen is used. func (in *BackendTargetDetails) DeepCopyInto(out *BackendTargetDetails) { - p := proto.Clone(in).(*BackendTargetDetails) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendTargetDetails. Required by controller-gen. @@ -259,8 +259,8 @@ func (in *BackendTargetDetails) DeepCopyInterface() interface{} { // DeepCopyInto supports using ComputedFailoverConfig within kubernetes types, where deepcopy-gen is used. func (in *ComputedFailoverConfig) DeepCopyInto(out *ComputedFailoverConfig) { - p := proto.Clone(in).(*ComputedFailoverConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedFailoverConfig. Required by controller-gen. @@ -280,8 +280,8 @@ func (in *ComputedFailoverConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using ComputedFailoverDestination within kubernetes types, where deepcopy-gen is used. func (in *ComputedFailoverDestination) DeepCopyInto(out *ComputedFailoverDestination) { - p := proto.Clone(in).(*ComputedFailoverDestination) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedFailoverDestination. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/connection.pb.go b/proto-public/pbmesh/v2beta1/connection.pb.go index d8ccaba7d74e..591df222fc93 100644 --- a/proto-public/pbmesh/v2beta1/connection.pb.go +++ b/proto-public/pbmesh/v2beta1/connection.pb.go @@ -137,8 +137,8 @@ type InboundConnectionsConfig struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - MaxInboundConnections uint64 `protobuf:"varint,12,opt,name=max_inbound_connections,json=maxInboundConnections,proto3" json:"max_inbound_connections,omitempty"` - BalanceInboundConnections BalanceConnections `protobuf:"varint,13,opt,name=balance_inbound_connections,json=balanceInboundConnections,proto3,enum=hashicorp.consul.mesh.v2beta1.BalanceConnections" json:"balance_inbound_connections,omitempty"` + MaxInboundConnections uint32 `protobuf:"varint,1,opt,name=max_inbound_connections,json=maxInboundConnections,proto3" json:"max_inbound_connections,omitempty"` + BalanceInboundConnections BalanceConnections `protobuf:"varint,2,opt,name=balance_inbound_connections,json=balanceInboundConnections,proto3,enum=hashicorp.consul.mesh.v2beta1.BalanceConnections" json:"balance_inbound_connections,omitempty"` } func (x *InboundConnectionsConfig) Reset() { @@ -173,7 +173,7 @@ func (*InboundConnectionsConfig) Descriptor() ([]byte, []int) { return file_pbmesh_v2beta1_connection_proto_rawDescGZIP(), []int{1} } -func (x *InboundConnectionsConfig) GetMaxInboundConnections() uint64 { +func (x *InboundConnectionsConfig) GetMaxInboundConnections() uint32 { if x != nil { return x.MaxInboundConnections } @@ -209,11 +209,11 @@ var file_pbmesh_v2beta1_connection_proto_rawDesc = []byte{ 0x0a, 0x18, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x36, 0x0a, 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x04, 0x52, 0x15, 0x6d, 0x61, 0x78, + 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x15, 0x6d, 0x61, 0x78, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x71, 0x0a, 0x1b, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x73, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x19, 0x62, 0x61, 0x6c, 0x61, diff --git a/proto-public/pbmesh/v2beta1/connection.proto b/proto-public/pbmesh/v2beta1/connection.proto index fdb7217a123b..65cb21e586dd 100644 --- a/proto-public/pbmesh/v2beta1/connection.proto +++ b/proto-public/pbmesh/v2beta1/connection.proto @@ -17,8 +17,8 @@ message ConnectionConfig { // Referenced by ProxyConfiguration message InboundConnectionsConfig { - uint64 max_inbound_connections = 12; - BalanceConnections balance_inbound_connections = 13; + uint32 max_inbound_connections = 1; + BalanceConnections balance_inbound_connections = 2; } // +kubebuilder:validation:Enum=BALANCE_CONNECTIONS_DEFAULT;BALANCE_CONNECTIONS_EXACT diff --git a/proto-public/pbmesh/v2beta1/connection_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/connection_deepcopy.gen.go index 97666ed9eb4c..a0cfa7775756 100644 --- a/proto-public/pbmesh/v2beta1/connection_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/connection_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using ConnectionConfig within kubernetes types, where deepcopy-gen is used. func (in *ConnectionConfig) DeepCopyInto(out *ConnectionConfig) { - p := proto.Clone(in).(*ConnectionConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionConfig. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *ConnectionConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using InboundConnectionsConfig within kubernetes types, where deepcopy-gen is used. func (in *InboundConnectionsConfig) DeepCopyInto(out *InboundConnectionsConfig) { - p := proto.Clone(in).(*InboundConnectionsConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InboundConnectionsConfig. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/destination_policy_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/destination_policy_deepcopy.gen.go index 5ac5542a54bf..1935359729e5 100644 --- a/proto-public/pbmesh/v2beta1/destination_policy_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/destination_policy_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using DestinationPolicy within kubernetes types, where deepcopy-gen is used. func (in *DestinationPolicy) DeepCopyInto(out *DestinationPolicy) { - p := proto.Clone(in).(*DestinationPolicy) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationPolicy. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *DestinationPolicy) DeepCopyInterface() interface{} { // DeepCopyInto supports using DestinationConfig within kubernetes types, where deepcopy-gen is used. func (in *DestinationConfig) DeepCopyInto(out *DestinationConfig) { - p := proto.Clone(in).(*DestinationConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationConfig. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *DestinationConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using LocalityPrioritization within kubernetes types, where deepcopy-gen is used. func (in *LocalityPrioritization) DeepCopyInto(out *LocalityPrioritization) { - p := proto.Clone(in).(*LocalityPrioritization) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalityPrioritization. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *LocalityPrioritization) DeepCopyInterface() interface{} { // DeepCopyInto supports using LoadBalancer within kubernetes types, where deepcopy-gen is used. func (in *LoadBalancer) DeepCopyInto(out *LoadBalancer) { - p := proto.Clone(in).(*LoadBalancer) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancer. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *LoadBalancer) DeepCopyInterface() interface{} { // DeepCopyInto supports using RingHashConfig within kubernetes types, where deepcopy-gen is used. func (in *RingHashConfig) DeepCopyInto(out *RingHashConfig) { - p := proto.Clone(in).(*RingHashConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RingHashConfig. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *RingHashConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using LeastRequestConfig within kubernetes types, where deepcopy-gen is used. func (in *LeastRequestConfig) DeepCopyInto(out *LeastRequestConfig) { - p := proto.Clone(in).(*LeastRequestConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeastRequestConfig. Required by controller-gen. @@ -133,8 +133,8 @@ func (in *LeastRequestConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using HashPolicy within kubernetes types, where deepcopy-gen is used. func (in *HashPolicy) DeepCopyInto(out *HashPolicy) { - p := proto.Clone(in).(*HashPolicy) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HashPolicy. Required by controller-gen. @@ -154,8 +154,8 @@ func (in *HashPolicy) DeepCopyInterface() interface{} { // DeepCopyInto supports using CookieConfig within kubernetes types, where deepcopy-gen is used. func (in *CookieConfig) DeepCopyInto(out *CookieConfig) { - p := proto.Clone(in).(*CookieConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CookieConfig. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/destinations_configuration_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/destinations_configuration_deepcopy.gen.go index d1413cc89df1..1c7f04e7f23a 100644 --- a/proto-public/pbmesh/v2beta1/destinations_configuration_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/destinations_configuration_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using DestinationsConfiguration within kubernetes types, where deepcopy-gen is used. func (in *DestinationsConfiguration) DeepCopyInto(out *DestinationsConfiguration) { - p := proto.Clone(in).(*DestinationsConfiguration) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationsConfiguration. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *DestinationsConfiguration) DeepCopyInterface() interface{} { // DeepCopyInto supports using DestinationConfigOverrides within kubernetes types, where deepcopy-gen is used. func (in *DestinationConfigOverrides) DeepCopyInto(out *DestinationConfigOverrides) { - p := proto.Clone(in).(*DestinationConfigOverrides) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationConfigOverrides. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *DestinationConfigOverrides) DeepCopyInterface() interface{} { // DeepCopyInto supports using DestinationConfiguration within kubernetes types, where deepcopy-gen is used. func (in *DestinationConfiguration) DeepCopyInto(out *DestinationConfiguration) { - p := proto.Clone(in).(*DestinationConfiguration) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationConfiguration. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *DestinationConfiguration) DeepCopyInterface() interface{} { // DeepCopyInto supports using DestinationLimits within kubernetes types, where deepcopy-gen is used. func (in *DestinationLimits) DeepCopyInto(out *DestinationLimits) { - p := proto.Clone(in).(*DestinationLimits) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationLimits. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *DestinationLimits) DeepCopyInterface() interface{} { // DeepCopyInto supports using PassiveHealthCheck within kubernetes types, where deepcopy-gen is used. func (in *PassiveHealthCheck) DeepCopyInto(out *PassiveHealthCheck) { - p := proto.Clone(in).(*PassiveHealthCheck) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PassiveHealthCheck. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/destinations_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/destinations_deepcopy.gen.go index ff04bf3fcf8b..3f513b7d861d 100644 --- a/proto-public/pbmesh/v2beta1/destinations_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/destinations_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using Destinations within kubernetes types, where deepcopy-gen is used. func (in *Destinations) DeepCopyInto(out *Destinations) { - p := proto.Clone(in).(*Destinations) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Destinations. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *Destinations) DeepCopyInterface() interface{} { // DeepCopyInto supports using Destination within kubernetes types, where deepcopy-gen is used. func (in *Destination) DeepCopyInto(out *Destination) { - p := proto.Clone(in).(*Destination) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Destination. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *Destination) DeepCopyInterface() interface{} { // DeepCopyInto supports using IPPortAddress within kubernetes types, where deepcopy-gen is used. func (in *IPPortAddress) DeepCopyInto(out *IPPortAddress) { - p := proto.Clone(in).(*IPPortAddress) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPPortAddress. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *IPPortAddress) DeepCopyInterface() interface{} { // DeepCopyInto supports using UnixSocketAddress within kubernetes types, where deepcopy-gen is used. func (in *UnixSocketAddress) DeepCopyInto(out *UnixSocketAddress) { - p := proto.Clone(in).(*UnixSocketAddress) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UnixSocketAddress. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *UnixSocketAddress) DeepCopyInterface() interface{} { // DeepCopyInto supports using PreparedQueryDestination within kubernetes types, where deepcopy-gen is used. func (in *PreparedQueryDestination) DeepCopyInto(out *PreparedQueryDestination) { - p := proto.Clone(in).(*PreparedQueryDestination) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PreparedQueryDestination. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/expose_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/expose_deepcopy.gen.go index e191d353bdcb..2b75adbbcd34 100644 --- a/proto-public/pbmesh/v2beta1/expose_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/expose_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using ExposeConfig within kubernetes types, where deepcopy-gen is used. func (in *ExposeConfig) DeepCopyInto(out *ExposeConfig) { - p := proto.Clone(in).(*ExposeConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExposeConfig. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *ExposeConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using ExposePath within kubernetes types, where deepcopy-gen is used. func (in *ExposePath) DeepCopyInto(out *ExposePath) { - p := proto.Clone(in).(*ExposePath) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExposePath. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/grpc_route_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/grpc_route_deepcopy.gen.go index 18574bb8cc20..ea7e1dc8ed26 100644 --- a/proto-public/pbmesh/v2beta1/grpc_route_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/grpc_route_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using GRPCRoute within kubernetes types, where deepcopy-gen is used. func (in *GRPCRoute) DeepCopyInto(out *GRPCRoute) { - p := proto.Clone(in).(*GRPCRoute) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCRoute. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *GRPCRoute) DeepCopyInterface() interface{} { // DeepCopyInto supports using GRPCRouteRule within kubernetes types, where deepcopy-gen is used. func (in *GRPCRouteRule) DeepCopyInto(out *GRPCRouteRule) { - p := proto.Clone(in).(*GRPCRouteRule) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCRouteRule. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *GRPCRouteRule) DeepCopyInterface() interface{} { // DeepCopyInto supports using GRPCRouteMatch within kubernetes types, where deepcopy-gen is used. func (in *GRPCRouteMatch) DeepCopyInto(out *GRPCRouteMatch) { - p := proto.Clone(in).(*GRPCRouteMatch) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCRouteMatch. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *GRPCRouteMatch) DeepCopyInterface() interface{} { // DeepCopyInto supports using GRPCMethodMatch within kubernetes types, where deepcopy-gen is used. func (in *GRPCMethodMatch) DeepCopyInto(out *GRPCMethodMatch) { - p := proto.Clone(in).(*GRPCMethodMatch) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCMethodMatch. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *GRPCMethodMatch) DeepCopyInterface() interface{} { // DeepCopyInto supports using GRPCHeaderMatch within kubernetes types, where deepcopy-gen is used. func (in *GRPCHeaderMatch) DeepCopyInto(out *GRPCHeaderMatch) { - p := proto.Clone(in).(*GRPCHeaderMatch) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCHeaderMatch. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *GRPCHeaderMatch) DeepCopyInterface() interface{} { // DeepCopyInto supports using GRPCRouteFilter within kubernetes types, where deepcopy-gen is used. func (in *GRPCRouteFilter) DeepCopyInto(out *GRPCRouteFilter) { - p := proto.Clone(in).(*GRPCRouteFilter) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCRouteFilter. Required by controller-gen. @@ -133,8 +133,8 @@ func (in *GRPCRouteFilter) DeepCopyInterface() interface{} { // DeepCopyInto supports using GRPCBackendRef within kubernetes types, where deepcopy-gen is used. func (in *GRPCBackendRef) DeepCopyInto(out *GRPCBackendRef) { - p := proto.Clone(in).(*GRPCBackendRef) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCBackendRef. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/http_route_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/http_route_deepcopy.gen.go index 222cb8361e03..6d339e5afde2 100644 --- a/proto-public/pbmesh/v2beta1/http_route_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/http_route_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using HTTPRoute within kubernetes types, where deepcopy-gen is used. func (in *HTTPRoute) DeepCopyInto(out *HTTPRoute) { - p := proto.Clone(in).(*HTTPRoute) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRoute. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *HTTPRoute) DeepCopyInterface() interface{} { // DeepCopyInto supports using HTTPRouteRule within kubernetes types, where deepcopy-gen is used. func (in *HTTPRouteRule) DeepCopyInto(out *HTTPRouteRule) { - p := proto.Clone(in).(*HTTPRouteRule) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteRule. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *HTTPRouteRule) DeepCopyInterface() interface{} { // DeepCopyInto supports using HTTPRouteMatch within kubernetes types, where deepcopy-gen is used. func (in *HTTPRouteMatch) DeepCopyInto(out *HTTPRouteMatch) { - p := proto.Clone(in).(*HTTPRouteMatch) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteMatch. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *HTTPRouteMatch) DeepCopyInterface() interface{} { // DeepCopyInto supports using HTTPPathMatch within kubernetes types, where deepcopy-gen is used. func (in *HTTPPathMatch) DeepCopyInto(out *HTTPPathMatch) { - p := proto.Clone(in).(*HTTPPathMatch) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPPathMatch. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *HTTPPathMatch) DeepCopyInterface() interface{} { // DeepCopyInto supports using HTTPHeaderMatch within kubernetes types, where deepcopy-gen is used. func (in *HTTPHeaderMatch) DeepCopyInto(out *HTTPHeaderMatch) { - p := proto.Clone(in).(*HTTPHeaderMatch) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHeaderMatch. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *HTTPHeaderMatch) DeepCopyInterface() interface{} { // DeepCopyInto supports using HTTPQueryParamMatch within kubernetes types, where deepcopy-gen is used. func (in *HTTPQueryParamMatch) DeepCopyInto(out *HTTPQueryParamMatch) { - p := proto.Clone(in).(*HTTPQueryParamMatch) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPQueryParamMatch. Required by controller-gen. @@ -133,8 +133,8 @@ func (in *HTTPQueryParamMatch) DeepCopyInterface() interface{} { // DeepCopyInto supports using HTTPRouteFilter within kubernetes types, where deepcopy-gen is used. func (in *HTTPRouteFilter) DeepCopyInto(out *HTTPRouteFilter) { - p := proto.Clone(in).(*HTTPRouteFilter) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteFilter. Required by controller-gen. @@ -154,8 +154,8 @@ func (in *HTTPRouteFilter) DeepCopyInterface() interface{} { // DeepCopyInto supports using HTTPHeaderFilter within kubernetes types, where deepcopy-gen is used. func (in *HTTPHeaderFilter) DeepCopyInto(out *HTTPHeaderFilter) { - p := proto.Clone(in).(*HTTPHeaderFilter) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHeaderFilter. Required by controller-gen. @@ -175,8 +175,8 @@ func (in *HTTPHeaderFilter) DeepCopyInterface() interface{} { // DeepCopyInto supports using HTTPHeader within kubernetes types, where deepcopy-gen is used. func (in *HTTPHeader) DeepCopyInto(out *HTTPHeader) { - p := proto.Clone(in).(*HTTPHeader) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHeader. Required by controller-gen. @@ -196,8 +196,8 @@ func (in *HTTPHeader) DeepCopyInterface() interface{} { // DeepCopyInto supports using HTTPURLRewriteFilter within kubernetes types, where deepcopy-gen is used. func (in *HTTPURLRewriteFilter) DeepCopyInto(out *HTTPURLRewriteFilter) { - p := proto.Clone(in).(*HTTPURLRewriteFilter) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPURLRewriteFilter. Required by controller-gen. @@ -217,8 +217,8 @@ func (in *HTTPURLRewriteFilter) DeepCopyInterface() interface{} { // DeepCopyInto supports using HTTPBackendRef within kubernetes types, where deepcopy-gen is used. func (in *HTTPBackendRef) DeepCopyInto(out *HTTPBackendRef) { - p := proto.Clone(in).(*HTTPBackendRef) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPBackendRef. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/http_route_retries_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/http_route_retries_deepcopy.gen.go index b523a58b77c1..abd2a515332d 100644 --- a/proto-public/pbmesh/v2beta1/http_route_retries_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/http_route_retries_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using HTTPRouteRetries within kubernetes types, where deepcopy-gen is used. func (in *HTTPRouteRetries) DeepCopyInto(out *HTTPRouteRetries) { - p := proto.Clone(in).(*HTTPRouteRetries) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteRetries. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/http_route_timeouts_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/http_route_timeouts_deepcopy.gen.go index ea92d9038d48..c131310e5e26 100644 --- a/proto-public/pbmesh/v2beta1/http_route_timeouts_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/http_route_timeouts_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using HTTPRouteTimeouts within kubernetes types, where deepcopy-gen is used. func (in *HTTPRouteTimeouts) DeepCopyInto(out *HTTPRouteTimeouts) { - p := proto.Clone(in).(*HTTPRouteTimeouts) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteTimeouts. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/access_logs_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/pbproxystate/access_logs_deepcopy.gen.go index af2ac36c73ad..f4c5c96039d5 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/access_logs_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/access_logs_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using AccessLogs within kubernetes types, where deepcopy-gen is used. func (in *AccessLogs) DeepCopyInto(out *AccessLogs) { - p := proto.Clone(in).(*AccessLogs) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessLogs. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/address_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/pbproxystate/address_deepcopy.gen.go index 81cf39a4593a..b2700f704eff 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/address_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/address_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using HostPortAddress within kubernetes types, where deepcopy-gen is used. func (in *HostPortAddress) DeepCopyInto(out *HostPortAddress) { - p := proto.Clone(in).(*HostPortAddress) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostPortAddress. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *HostPortAddress) DeepCopyInterface() interface{} { // DeepCopyInto supports using UnixSocketAddress within kubernetes types, where deepcopy-gen is used. func (in *UnixSocketAddress) DeepCopyInto(out *UnixSocketAddress) { - p := proto.Clone(in).(*UnixSocketAddress) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UnixSocketAddress. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/cluster.pb.go b/proto-public/pbmesh/v2beta1/pbproxystate/cluster.pb.go index 81a0f3f97ee0..ba7386f527e0 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/cluster.pb.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/cluster.pb.go @@ -93,7 +93,7 @@ type Cluster struct { // alt_stat_name is the name used for observability in place of cluster name if provided. AltStatName string `protobuf:"bytes,5,opt,name=alt_stat_name,json=altStatName,proto3" json:"alt_stat_name,omitempty"` // protocol is the local path protocol or the service protocol. - Protocol string `protobuf:"bytes,6,opt,name=protocol,proto3" json:"protocol,omitempty"` + Protocol Protocol `protobuf:"varint,6,opt,name=protocol,proto3,enum=hashicorp.consul.mesh.v2beta1.pbproxystate.Protocol" json:"protocol,omitempty"` } func (x *Cluster) Reset() { @@ -170,11 +170,11 @@ func (x *Cluster) GetAltStatName() string { return "" } -func (x *Cluster) GetProtocol() string { +func (x *Cluster) GetProtocol() Protocol { if x != nil { return x.Protocol } - return "" + return Protocol_PROTOCOL_UNSPECIFIED } type isCluster_Group interface { @@ -1768,114 +1768,93 @@ var file_pbmesh_v2beta1_pbproxystate_cluster_proto_rawDesc = []byte{ 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x32, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x32, 0x70, 0x62, 0x6d, + 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x2a, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, - 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, - 0x72, 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, - 0xe9, 0x02, 0x0a, 0x07, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, - 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, - 0x62, 0x0a, 0x0e, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x67, 0x72, 0x6f, 0x75, - 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, + 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x32, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, + 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, + 0x74, 0x61, 0x74, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x73, + 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x9f, 0x03, 0x0a, 0x07, + 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x62, 0x0a, 0x0e, 0x66, + 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, + 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, + 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, + 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, + 0x52, 0x0d, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, + 0x62, 0x0a, 0x0e, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x5f, 0x67, 0x72, 0x6f, 0x75, + 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, - 0x74, 0x61, 0x74, 0x65, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, - 0x75, 0x70, 0x48, 0x00, 0x52, 0x0d, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, - 0x6f, 0x75, 0x70, 0x12, 0x62, 0x0a, 0x0e, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x5f, - 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, - 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, - 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, - 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, - 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x0d, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, - 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x39, 0x0a, 0x19, 0x65, 0x73, 0x63, 0x61, 0x70, - 0x65, 0x5f, 0x68, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5f, - 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x65, 0x73, 0x63, 0x61, - 0x70, 0x65, 0x48, 0x61, 0x74, 0x63, 0x68, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x4a, 0x73, - 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0d, 0x61, 0x6c, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x6e, - 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x61, 0x6c, 0x74, 0x53, 0x74, - 0x61, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, - 0x6f, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, - 0x6f, 0x6c, 0x42, 0x07, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x22, 0xcc, 0x01, 0x0a, 0x0d, - 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x62, 0x0a, - 0x0f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, - 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, - 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, - 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, - 0x61, 0x74, 0x65, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, - 0x70, 0x52, 0x0e, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, - 0x73, 0x12, 0x57, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, - 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x46, - 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0x84, 0x01, 0x0a, 0x13, 0x46, - 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x12, 0x29, 0x0a, 0x11, 0x75, 0x73, 0x65, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x73, 0x74, - 0x61, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x75, - 0x73, 0x65, 0x41, 0x6c, 0x74, 0x53, 0x74, 0x61, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x42, 0x0a, - 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, - 0x74, 0x22, 0xa1, 0x03, 0x0a, 0x0d, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, - 0x6f, 0x75, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x5c, 0x0a, 0x07, 0x64, 0x79, 0x6e, 0x61, 0x6d, - 0x69, 0x63, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, + 0x75, 0x70, 0x48, 0x00, 0x52, 0x0d, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, + 0x6f, 0x75, 0x70, 0x12, 0x39, 0x0a, 0x19, 0x65, 0x73, 0x63, 0x61, 0x70, 0x65, 0x5f, 0x68, 0x61, + 0x74, 0x63, 0x68, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, + 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x65, 0x73, 0x63, 0x61, 0x70, 0x65, 0x48, 0x61, + 0x74, 0x63, 0x68, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x22, + 0x0a, 0x0d, 0x61, 0x6c, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, + 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x61, 0x6c, 0x74, 0x53, 0x74, 0x61, 0x74, 0x4e, 0x61, + 0x6d, 0x65, 0x12, 0x50, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x06, + 0x20, 0x01, 0x28, 0x0e, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, + 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, + 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x63, 0x6f, 0x6c, 0x42, 0x07, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x22, 0xcc, 0x01, + 0x0a, 0x0d, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, + 0x62, 0x0a, 0x0f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x5f, 0x67, 0x72, 0x6f, 0x75, + 0x70, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, - 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x45, 0x6e, 0x64, - 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x07, 0x64, 0x79, - 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x12, 0x59, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, - 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, - 0x74, 0x65, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, - 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, - 0x12, 0x50, 0x0a, 0x03, 0x64, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, - 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, - 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, - 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x4e, 0x53, 0x45, 0x6e, - 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x03, 0x64, - 0x6e, 0x73, 0x12, 0x68, 0x0a, 0x0b, 0x70, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, - 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x44, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, + 0x6f, 0x75, 0x70, 0x52, 0x0e, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, + 0x75, 0x70, 0x73, 0x12, 0x57, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, + 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, + 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, + 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0x84, 0x01, 0x0a, + 0x13, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x12, 0x29, 0x0a, 0x11, 0x75, 0x73, 0x65, 0x5f, 0x61, 0x6c, 0x74, 0x5f, + 0x73, 0x74, 0x61, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x0e, 0x75, 0x73, 0x65, 0x41, 0x6c, 0x74, 0x53, 0x74, 0x61, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x12, + 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, + 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, + 0x6f, 0x75, 0x74, 0x22, 0xa1, 0x03, 0x0a, 0x0d, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, + 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x5c, 0x0a, 0x07, 0x64, 0x79, 0x6e, + 0x61, 0x6d, 0x69, 0x63, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, + 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, + 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x45, + 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x07, + 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x12, 0x59, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x69, + 0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, - 0x74, 0x61, 0x74, 0x65, 0x2e, 0x50, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, + 0x74, 0x61, 0x74, 0x65, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, + 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, + 0x69, 0x63, 0x12, 0x50, 0x0a, 0x03, 0x64, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, + 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x4e, 0x53, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, 0x00, 0x52, - 0x0b, 0x70, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x42, 0x07, 0x0a, 0x05, - 0x67, 0x72, 0x6f, 0x75, 0x70, 0x22, 0xd6, 0x01, 0x0a, 0x14, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, - 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x5e, - 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x46, - 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, - 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, - 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x79, 0x6e, 0x61, + 0x03, 0x64, 0x6e, 0x73, 0x12, 0x68, 0x0a, 0x0b, 0x70, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f, + 0x75, 0x67, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x44, 0x2e, 0x68, 0x61, 0x73, 0x68, + 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, + 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, + 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x50, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, + 0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, + 0x00, 0x52, 0x0b, 0x70, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x42, 0x07, + 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x22, 0xd6, 0x01, 0x0a, 0x14, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, - 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x5e, - 0x0a, 0x0c, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, - 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, - 0x65, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65, - 0x74, 0x52, 0x0b, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x6c, 0x73, 0x22, 0xde, - 0x01, 0x0a, 0x18, 0x50, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x45, 0x6e, - 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x62, 0x0a, 0x06, 0x63, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4a, 0x2e, 0x68, 0x61, - 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, - 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, - 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x50, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, - 0x6f, 0x75, 0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, - 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, - 0x5e, 0x0a, 0x0c, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, - 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, - 0x74, 0x65, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b, - 0x65, 0x74, 0x52, 0x0b, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x6c, 0x73, 0x22, - 0xce, 0x01, 0x0a, 0x10, 0x44, 0x4e, 0x53, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, - 0x72, 0x6f, 0x75, 0x70, 0x12, 0x5a, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, - 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, - 0x65, 0x2e, 0x44, 0x4e, 0x53, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, + 0x12, 0x5e, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x46, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, + 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x79, + 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x5e, 0x0a, 0x0c, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, @@ -1883,286 +1862,313 @@ var file_pbmesh_v2beta1_pbproxystate_cluster_proto_rawDesc = []byte{ 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x0b, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x6c, 0x73, - 0x22, 0x74, 0x0a, 0x13, 0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, - 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x5d, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x45, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x22, 0xde, 0x01, 0x0a, 0x18, 0x50, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, + 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x62, 0x0a, + 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4a, 0x2e, + 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, + 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x50, 0x61, 0x73, 0x73, 0x74, + 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, + 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x12, 0x5e, 0x0a, 0x0c, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x6c, + 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, - 0x74, 0x61, 0x74, 0x65, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, - 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, - 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0x28, 0x0a, 0x12, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, - 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, - 0x22, 0x7e, 0x0a, 0x16, 0x4c, 0x34, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x43, 0x6c, - 0x75, 0x73, 0x74, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x64, 0x0a, 0x08, 0x63, 0x6c, - 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x48, 0x2e, 0x68, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, - 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, - 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x34, 0x57, 0x65, 0x69, 0x67, - 0x68, 0x74, 0x65, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, - 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x08, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, - 0x22, 0x7e, 0x0a, 0x16, 0x4c, 0x37, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x43, 0x6c, - 0x75, 0x73, 0x74, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x64, 0x0a, 0x08, 0x63, 0x6c, - 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x48, 0x2e, 0x68, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, - 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, - 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x37, 0x57, 0x65, 0x69, 0x67, - 0x68, 0x74, 0x65, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, - 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x08, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, - 0x22, 0x68, 0x0a, 0x1c, 0x4c, 0x34, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x44, 0x65, - 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, - 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, - 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, - 0x75, 0x65, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x22, 0xcf, 0x01, 0x0a, 0x1c, 0x4c, - 0x37, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, - 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, - 0x34, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x06, 0x77, - 0x65, 0x69, 0x67, 0x68, 0x74, 0x12, 0x65, 0x0a, 0x10, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, - 0x6d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, - 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, - 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x48, 0x65, 0x61, - 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x68, 0x65, 0x61, - 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x80, 0x08, 0x0a, - 0x1a, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, - 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63, - 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, - 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, - 0x36, 0x0a, 0x17, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x6e, 0x69, 0x63, - 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x15, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x50, 0x61, 0x6e, 0x69, 0x63, 0x54, 0x68, - 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x67, 0x0a, 0x0d, 0x6c, 0x65, 0x61, 0x73, 0x74, - 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, - 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, - 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, - 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x42, 0x50, 0x6f, - 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x48, 0x00, 0x52, 0x0c, 0x6c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x12, 0x61, 0x0a, 0x0b, 0x72, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x72, 0x6f, 0x62, 0x69, 0x6e, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, - 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, - 0x74, 0x65, 0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x6f, 0x75, 0x6e, 0x64, - 0x52, 0x6f, 0x62, 0x69, 0x6e, 0x48, 0x00, 0x52, 0x0a, 0x72, 0x6f, 0x75, 0x6e, 0x64, 0x52, 0x6f, - 0x62, 0x69, 0x6e, 0x12, 0x54, 0x0a, 0x06, 0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x18, 0x05, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, - 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, - 0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x48, - 0x00, 0x52, 0x06, 0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x12, 0x5b, 0x0a, 0x09, 0x72, 0x69, 0x6e, - 0x67, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, - 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, - 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x48, 0x00, 0x52, 0x08, 0x72, 0x69, - 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x12, 0x54, 0x0a, 0x06, 0x6d, 0x61, 0x67, 0x6c, 0x65, 0x76, - 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, 0x6f, + 0x63, 0x6b, 0x65, 0x74, 0x52, 0x0b, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x6c, + 0x73, 0x22, 0xce, 0x01, 0x0a, 0x10, 0x44, 0x4e, 0x53, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, + 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x5a, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, - 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4d, 0x61, 0x67, 0x6c, - 0x65, 0x76, 0x48, 0x00, 0x52, 0x06, 0x6d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x12, 0x66, 0x0a, 0x10, - 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x5f, 0x62, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, - 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, - 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, - 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, - 0x61, 0x74, 0x65, 0x2e, 0x43, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, - 0x65, 0x72, 0x73, 0x52, 0x0f, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, - 0x6b, 0x65, 0x72, 0x73, 0x12, 0x69, 0x0a, 0x11, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x5f, - 0x64, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, - 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, - 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4f, 0x75, 0x74, - 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x6f, - 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, - 0x85, 0x01, 0x0a, 0x1b, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, - 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, - 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x45, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x61, 0x74, 0x65, 0x2e, 0x44, 0x4e, 0x53, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, + 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x12, 0x5e, 0x0a, 0x0c, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, + 0x6c, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, + 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, + 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, + 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x0b, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, + 0x6c, 0x73, 0x22, 0x74, 0x0a, 0x13, 0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, + 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x5d, 0x0a, 0x06, 0x63, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x45, 0x2e, 0x68, 0x61, 0x73, 0x68, + 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, + 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, + 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, + 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0x28, 0x0a, 0x12, 0x44, 0x65, 0x73, 0x74, + 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x12, + 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, + 0x6d, 0x65, 0x22, 0x7e, 0x0a, 0x16, 0x4c, 0x34, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, + 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x64, 0x0a, 0x08, + 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x48, + 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, + 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x34, 0x57, 0x65, + 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x08, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, + 0x72, 0x73, 0x22, 0x7e, 0x0a, 0x16, 0x4c, 0x37, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, + 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x64, 0x0a, 0x08, + 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x48, + 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, + 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x37, 0x57, 0x65, + 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x52, 0x08, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, + 0x72, 0x73, 0x22, 0x68, 0x0a, 0x1c, 0x4c, 0x34, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, + 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, + 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, + 0x61, 0x6c, 0x75, 0x65, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x22, 0xcf, 0x01, 0x0a, + 0x1c, 0x4c, 0x37, 0x57, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, + 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, + 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x12, 0x34, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, + 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12, 0x65, 0x0a, 0x10, 0x68, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x5f, 0x6d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, + 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x48, + 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x68, + 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x75, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x80, + 0x08, 0x0a, 0x1a, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, + 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, + 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, + 0x74, 0x12, 0x36, 0x0a, 0x17, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x6e, + 0x69, 0x63, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x15, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x50, 0x61, 0x6e, 0x69, 0x63, + 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x67, 0x0a, 0x0d, 0x6c, 0x65, 0x61, + 0x73, 0x74, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, + 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x42, + 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x48, 0x00, 0x52, 0x0c, 0x6c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x12, 0x61, 0x0a, 0x0b, 0x72, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x72, 0x6f, 0x62, 0x69, + 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, + 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, + 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x6f, 0x75, + 0x6e, 0x64, 0x52, 0x6f, 0x62, 0x69, 0x6e, 0x48, 0x00, 0x52, 0x0a, 0x72, 0x6f, 0x75, 0x6e, 0x64, + 0x52, 0x6f, 0x62, 0x69, 0x6e, 0x12, 0x54, 0x0a, 0x06, 0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x18, + 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, - 0x74, 0x65, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, - 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x19, 0x75, 0x70, - 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x29, 0x0a, 0x11, 0x75, 0x73, 0x65, 0x5f, 0x61, - 0x6c, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0b, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x0e, 0x75, 0x73, 0x65, 0x41, 0x6c, 0x74, 0x53, 0x74, 0x61, 0x74, 0x4e, 0x61, - 0x6d, 0x65, 0x42, 0x0b, 0x0a, 0x09, 0x6c, 0x62, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, - 0x57, 0x0a, 0x14, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x65, 0x61, 0x73, 0x74, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x3f, 0x0a, 0x0c, 0x63, 0x68, 0x6f, 0x69, 0x63, - 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, - 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0b, 0x63, 0x68, 0x6f, - 0x69, 0x63, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x14, 0x0a, 0x12, 0x4c, 0x42, 0x50, 0x6f, - 0x6c, 0x69, 0x63, 0x79, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x52, 0x6f, 0x62, 0x69, 0x6e, 0x22, 0x10, - 0x0a, 0x0e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x61, 0x6e, 0x64, 0x6f, 0x6d, - 0x22, 0xa6, 0x01, 0x0a, 0x10, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x69, 0x6e, - 0x67, 0x48, 0x61, 0x73, 0x68, 0x12, 0x48, 0x0a, 0x11, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, - 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0f, - 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x12, - 0x48, 0x0a, 0x11, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, - 0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, - 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0f, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, - 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x22, 0x10, 0x0a, 0x0e, 0x4c, 0x42, 0x50, - 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x22, 0x76, 0x0a, 0x0f, 0x43, - 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x12, 0x63, - 0x0a, 0x0f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, - 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x74, 0x65, 0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x61, 0x6e, 0x64, 0x6f, + 0x6d, 0x48, 0x00, 0x52, 0x06, 0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x12, 0x5b, 0x0a, 0x09, 0x72, + 0x69, 0x6e, 0x67, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, + 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, + 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x42, 0x50, 0x6f, + 0x6c, 0x69, 0x63, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x48, 0x00, 0x52, 0x08, + 0x72, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x12, 0x54, 0x0a, 0x06, 0x6d, 0x61, 0x67, 0x6c, + 0x65, 0x76, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, + 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, + 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4d, 0x61, + 0x67, 0x6c, 0x65, 0x76, 0x48, 0x00, 0x52, 0x06, 0x6d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x12, 0x66, + 0x0a, 0x10, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x5f, 0x62, 0x72, 0x65, 0x61, 0x6b, 0x65, + 0x72, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, + 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, + 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x43, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, + 0x61, 0x6b, 0x65, 0x72, 0x73, 0x52, 0x0f, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, + 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x12, 0x69, 0x0a, 0x11, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, + 0x72, 0x5f, 0x64, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, + 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4f, + 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, + 0x10, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, + 0x6e, 0x12, 0x85, 0x01, 0x0a, 0x1b, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x63, + 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, + 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x45, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, - 0x74, 0x61, 0x74, 0x65, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d, - 0x69, 0x74, 0x73, 0x52, 0x0e, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d, - 0x69, 0x74, 0x73, 0x22, 0xfd, 0x01, 0x0a, 0x0e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, - 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x45, 0x0a, 0x0f, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, - 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x74, 0x61, 0x74, 0x65, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, + 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x19, + 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, + 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x29, 0x0a, 0x11, 0x75, 0x73, 0x65, + 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0b, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x75, 0x73, 0x65, 0x41, 0x6c, 0x74, 0x53, 0x74, 0x61, 0x74, + 0x4e, 0x61, 0x6d, 0x65, 0x42, 0x0b, 0x0a, 0x09, 0x6c, 0x62, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, + 0x79, 0x22, 0x57, 0x0a, 0x14, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x65, 0x61, + 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x3f, 0x0a, 0x0c, 0x63, 0x68, 0x6f, + 0x69, 0x63, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0e, 0x6d, - 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x4e, 0x0a, - 0x14, 0x6d, 0x61, 0x78, 0x5f, 0x70, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, + 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0b, 0x63, + 0x68, 0x6f, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x14, 0x0a, 0x12, 0x4c, 0x42, + 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x52, 0x6f, 0x62, 0x69, 0x6e, + 0x22, 0x10, 0x0a, 0x0e, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x61, 0x6e, 0x64, + 0x6f, 0x6d, 0x22, 0xa6, 0x01, 0x0a, 0x10, 0x4c, 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, + 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x12, 0x48, 0x0a, 0x11, 0x6d, 0x69, 0x6e, 0x69, 0x6d, + 0x75, 0x6d, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, + 0x52, 0x0f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, + 0x65, 0x12, 0x48, 0x0a, 0x11, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x72, 0x69, 0x6e, + 0x67, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, + 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0f, 0x6d, 0x61, 0x78, 0x69, + 0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x22, 0x10, 0x0a, 0x0e, 0x4c, + 0x42, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x22, 0x76, 0x0a, + 0x0f, 0x43, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, + 0x12, 0x63, 0x0a, 0x0f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x6c, 0x69, 0x6d, + 0x69, 0x74, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, + 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, + 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, + 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, + 0x69, 0x6d, 0x69, 0x74, 0x73, 0x52, 0x0e, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, + 0x69, 0x6d, 0x69, 0x74, 0x73, 0x22, 0xfd, 0x01, 0x0a, 0x0e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, + 0x61, 0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x45, 0x0a, 0x0f, 0x6d, 0x61, 0x78, 0x5f, + 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, + 0x0e, 0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, + 0x4e, 0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, 0x70, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x72, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x6d, 0x61, 0x78, + 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, + 0x54, 0x0a, 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, + 0x74, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x15, + 0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x73, 0x22, 0x83, 0x03, 0x0a, 0x10, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, + 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x35, 0x0a, 0x08, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, + 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, + 0x6c, 0x12, 0x45, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, + 0x5f, 0x35, 0x78, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, + 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, + 0x75, 0x74, 0x69, 0x76, 0x65, 0x35, 0x78, 0x78, 0x12, 0x58, 0x0a, 0x19, 0x65, 0x6e, 0x66, 0x6f, + 0x72, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, + 0x65, 0x5f, 0x35, 0x78, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, - 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x6d, 0x61, 0x78, 0x50, 0x65, - 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, 0x54, 0x0a, - 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x5f, - 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x15, 0x6d, 0x61, - 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x73, 0x22, 0x83, 0x03, 0x0a, 0x10, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, - 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x35, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, - 0x72, 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, - 0x45, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x35, - 0x78, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, - 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, - 0x69, 0x76, 0x65, 0x35, 0x78, 0x78, 0x12, 0x58, 0x0a, 0x19, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, - 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, - 0x35, 0x78, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, - 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x17, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x69, - 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35, 0x78, 0x78, - 0x12, 0x4e, 0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x5f, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, + 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x17, 0x65, 0x6e, 0x66, 0x6f, 0x72, + 0x63, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35, + 0x78, 0x78, 0x12, 0x4e, 0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69, + 0x6f, 0x6e, 0x5f, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, + 0x6d, 0x61, 0x78, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x72, 0x63, 0x65, + 0x6e, 0x74, 0x12, 0x47, 0x0a, 0x12, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x65, 0x6a, 0x65, 0x63, 0x74, + 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x6d, 0x61, - 0x78, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, - 0x12, 0x47, 0x0a, 0x12, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, - 0x6e, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, - 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x62, 0x61, 0x73, 0x65, 0x45, 0x6a, 0x65, - 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x22, 0x8b, 0x02, 0x0a, 0x19, 0x55, 0x70, - 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x4a, 0x0a, 0x12, 0x74, 0x63, 0x70, 0x5f, 0x6b, - 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x52, 0x10, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x54, - 0x69, 0x6d, 0x65, 0x12, 0x52, 0x0a, 0x16, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x61, - 0x6c, 0x69, 0x76, 0x65, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x52, 0x14, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x49, - 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x4e, 0x0a, 0x14, 0x74, 0x63, 0x70, 0x5f, 0x6b, - 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x5f, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x73, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, + 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x62, 0x61, 0x73, 0x65, 0x45, + 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x22, 0x8b, 0x02, 0x0a, 0x19, + 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, + 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x4a, 0x0a, 0x12, 0x74, 0x63, 0x70, + 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, - 0x6c, 0x75, 0x65, 0x52, 0x12, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, - 0x65, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x73, 0x22, 0x64, 0x0a, 0x1e, 0x50, 0x61, 0x73, 0x73, 0x74, - 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, - 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, - 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, - 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0xfc, 0x04, - 0x0a, 0x16, 0x44, 0x4e, 0x53, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, - 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, - 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, - 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x36, 0x0a, 0x17, - 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x6e, 0x69, 0x63, 0x5f, 0x74, 0x68, - 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x64, - 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x50, 0x61, 0x6e, 0x69, 0x63, 0x54, 0x68, 0x72, 0x65, 0x73, - 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x60, 0x0a, 0x0e, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, - 0x79, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x39, 0x2e, 0x68, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, - 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, - 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, - 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x52, 0x0d, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, - 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x66, 0x0a, 0x10, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, - 0x74, 0x5f, 0x62, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, - 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x43, 0x69, - 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x52, 0x0f, 0x63, - 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x12, 0x69, - 0x0a, 0x11, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x74, 0x65, 0x63, 0x74, - 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, - 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, - 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, - 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, - 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, - 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x85, 0x01, 0x0a, 0x1b, 0x75, 0x70, - 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, - 0x6e, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x45, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, - 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, - 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x55, 0x70, 0x73, - 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4f, - 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x19, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, - 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, - 0x73, 0x12, 0x29, 0x0a, 0x11, 0x75, 0x73, 0x65, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x73, 0x74, 0x61, - 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x75, 0x73, - 0x65, 0x41, 0x6c, 0x74, 0x53, 0x74, 0x61, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xc7, 0x01, 0x0a, - 0x19, 0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, + 0x6c, 0x75, 0x65, 0x52, 0x10, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, + 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x52, 0x0a, 0x16, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, + 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, + 0x6c, 0x75, 0x65, 0x52, 0x14, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, + 0x65, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x4e, 0x0a, 0x14, 0x74, 0x63, 0x70, + 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x5f, 0x70, 0x72, 0x6f, 0x62, 0x65, + 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, + 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, + 0x69, 0x76, 0x65, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x73, 0x22, 0x64, 0x0a, 0x1e, 0x50, 0x61, 0x73, + 0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, + 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63, + 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, + 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, + 0xfc, 0x04, 0x0a, 0x16, 0x44, 0x4e, 0x53, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, - 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x66, - 0x0a, 0x10, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x5f, 0x62, 0x72, 0x65, 0x61, 0x6b, 0x65, - 0x72, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, - 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, - 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x43, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, - 0x61, 0x6b, 0x65, 0x72, 0x73, 0x52, 0x0f, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, - 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x2a, 0x46, 0x0a, 0x0d, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, - 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1a, 0x0a, 0x16, 0x44, 0x49, 0x53, 0x43, 0x4f, - 0x56, 0x45, 0x52, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4c, 0x4f, 0x47, 0x49, 0x43, 0x41, - 0x4c, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x44, 0x49, 0x53, 0x43, 0x4f, 0x56, 0x45, 0x52, 0x59, - 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x52, 0x49, 0x43, 0x54, 0x10, 0x01, 0x42, 0xd2, - 0x02, 0x0a, 0x2e, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, - 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, - 0x65, 0x42, 0x0c, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, - 0x01, 0x5a, 0x44, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, - 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, - 0x73, 0x68, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, - 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xa2, 0x02, 0x05, 0x48, 0x43, 0x4d, 0x56, 0x50, 0xaa, - 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, - 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, - 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xca, 0x02, 0x2a, 0x48, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, - 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, - 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xe2, 0x02, 0x36, 0x48, 0x61, 0x73, 0x68, - 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, - 0x68, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, - 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, - 0x74, 0x61, 0xea, 0x02, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, - 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x32, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x3a, 0x3a, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, - 0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x36, + 0x0a, 0x17, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x6e, 0x69, 0x63, 0x5f, + 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x15, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x50, 0x61, 0x6e, 0x69, 0x63, 0x54, 0x68, 0x72, + 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x60, 0x0a, 0x0e, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, + 0x65, 0x72, 0x79, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x39, + 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, + 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x69, 0x73, 0x63, + 0x6f, 0x76, 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x52, 0x0d, 0x64, 0x69, 0x73, 0x63, 0x6f, + 0x76, 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x66, 0x0a, 0x10, 0x63, 0x69, 0x72, 0x63, + 0x75, 0x69, 0x74, 0x5f, 0x62, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, + 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, + 0x43, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x52, + 0x0f, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, + 0x12, 0x69, 0x0a, 0x11, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x74, 0x65, + 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, + 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, + 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, + 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x6f, 0x75, 0x74, 0x6c, 0x69, + 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x85, 0x01, 0x0a, 0x1b, + 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, + 0x69, 0x6f, 0x6e, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x45, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, + 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x55, + 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, + 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x19, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, + 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, + 0x6f, 0x6e, 0x73, 0x12, 0x29, 0x0a, 0x11, 0x75, 0x73, 0x65, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x73, + 0x74, 0x61, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, + 0x75, 0x73, 0x65, 0x41, 0x6c, 0x74, 0x53, 0x74, 0x61, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xc7, + 0x01, 0x0a, 0x19, 0x53, 0x74, 0x61, 0x74, 0x69, 0x63, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, + 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x0f, + 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, + 0x12, 0x66, 0x0a, 0x10, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x5f, 0x62, 0x72, 0x65, 0x61, + 0x6b, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, + 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, + 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x43, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, 0x42, + 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x52, 0x0f, 0x63, 0x69, 0x72, 0x63, 0x75, 0x69, 0x74, + 0x42, 0x72, 0x65, 0x61, 0x6b, 0x65, 0x72, 0x73, 0x2a, 0x46, 0x0a, 0x0d, 0x44, 0x69, 0x73, 0x63, + 0x6f, 0x76, 0x65, 0x72, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1a, 0x0a, 0x16, 0x44, 0x49, 0x53, + 0x43, 0x4f, 0x56, 0x45, 0x52, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4c, 0x4f, 0x47, 0x49, + 0x43, 0x41, 0x4c, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x44, 0x49, 0x53, 0x43, 0x4f, 0x56, 0x45, + 0x52, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x52, 0x49, 0x43, 0x54, 0x10, 0x01, + 0x42, 0xd2, 0x02, 0x0a, 0x2e, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, + 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, + 0x61, 0x74, 0x65, 0x42, 0x0c, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, + 0x6f, 0x50, 0x01, 0x5a, 0x44, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, + 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, + 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, + 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xa2, 0x02, 0x05, 0x48, 0x43, 0x4d, 0x56, + 0x50, 0xaa, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, + 0x31, 0x2e, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xca, 0x02, + 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x5c, 0x50, + 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xe2, 0x02, 0x36, 0x48, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, + 0x65, 0x73, 0x68, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, + 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, + 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, + 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x3a, 0x3a, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, + 0x73, 0x74, 0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -2207,71 +2213,73 @@ var file_pbmesh_v2beta1_pbproxystate_cluster_proto_goTypes = []interface{}{ (*PassthroughEndpointGroupConfig)(nil), // 24: hashicorp.consul.mesh.v2beta1.pbproxystate.PassthroughEndpointGroupConfig (*DNSEndpointGroupConfig)(nil), // 25: hashicorp.consul.mesh.v2beta1.pbproxystate.DNSEndpointGroupConfig (*StaticEndpointGroupConfig)(nil), // 26: hashicorp.consul.mesh.v2beta1.pbproxystate.StaticEndpointGroupConfig - (*durationpb.Duration)(nil), // 27: google.protobuf.Duration - (*TransportSocket)(nil), // 28: hashicorp.consul.mesh.v2beta1.pbproxystate.TransportSocket - (*wrapperspb.UInt32Value)(nil), // 29: google.protobuf.UInt32Value - (*HeaderMutation)(nil), // 30: hashicorp.consul.mesh.v2beta1.pbproxystate.HeaderMutation - (*wrapperspb.UInt64Value)(nil), // 31: google.protobuf.UInt64Value + (Protocol)(0), // 27: hashicorp.consul.mesh.v2beta1.pbproxystate.Protocol + (*durationpb.Duration)(nil), // 28: google.protobuf.Duration + (*TransportSocket)(nil), // 29: hashicorp.consul.mesh.v2beta1.pbproxystate.TransportSocket + (*wrapperspb.UInt32Value)(nil), // 30: google.protobuf.UInt32Value + (*HeaderMutation)(nil), // 31: hashicorp.consul.mesh.v2beta1.pbproxystate.HeaderMutation + (*wrapperspb.UInt64Value)(nil), // 32: google.protobuf.UInt64Value } var file_pbmesh_v2beta1_pbproxystate_cluster_proto_depIdxs = []int32{ 2, // 0: hashicorp.consul.mesh.v2beta1.pbproxystate.Cluster.failover_group:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.FailoverGroup 4, // 1: hashicorp.consul.mesh.v2beta1.pbproxystate.Cluster.endpoint_group:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.EndpointGroup - 4, // 2: hashicorp.consul.mesh.v2beta1.pbproxystate.FailoverGroup.endpoint_groups:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.EndpointGroup - 3, // 3: hashicorp.consul.mesh.v2beta1.pbproxystate.FailoverGroup.config:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.FailoverGroupConfig - 27, // 4: hashicorp.consul.mesh.v2beta1.pbproxystate.FailoverGroupConfig.connect_timeout:type_name -> google.protobuf.Duration - 5, // 5: hashicorp.consul.mesh.v2beta1.pbproxystate.EndpointGroup.dynamic:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroup - 8, // 6: hashicorp.consul.mesh.v2beta1.pbproxystate.EndpointGroup.static:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.StaticEndpointGroup - 7, // 7: hashicorp.consul.mesh.v2beta1.pbproxystate.EndpointGroup.dns:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.DNSEndpointGroup - 6, // 8: hashicorp.consul.mesh.v2beta1.pbproxystate.EndpointGroup.passthrough:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.PassthroughEndpointGroup - 14, // 9: hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroup.config:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroupConfig - 28, // 10: hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroup.outbound_tls:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.TransportSocket - 24, // 11: hashicorp.consul.mesh.v2beta1.pbproxystate.PassthroughEndpointGroup.config:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.PassthroughEndpointGroupConfig - 28, // 12: hashicorp.consul.mesh.v2beta1.pbproxystate.PassthroughEndpointGroup.outbound_tls:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.TransportSocket - 25, // 13: hashicorp.consul.mesh.v2beta1.pbproxystate.DNSEndpointGroup.config:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.DNSEndpointGroupConfig - 28, // 14: hashicorp.consul.mesh.v2beta1.pbproxystate.DNSEndpointGroup.outbound_tls:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.TransportSocket - 26, // 15: hashicorp.consul.mesh.v2beta1.pbproxystate.StaticEndpointGroup.config:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.StaticEndpointGroupConfig - 12, // 16: hashicorp.consul.mesh.v2beta1.pbproxystate.L4WeightedClusterGroup.clusters:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.L4WeightedDestinationCluster - 13, // 17: hashicorp.consul.mesh.v2beta1.pbproxystate.L7WeightedClusterGroup.clusters:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.L7WeightedDestinationCluster - 29, // 18: hashicorp.consul.mesh.v2beta1.pbproxystate.L4WeightedDestinationCluster.weight:type_name -> google.protobuf.UInt32Value - 29, // 19: hashicorp.consul.mesh.v2beta1.pbproxystate.L7WeightedDestinationCluster.weight:type_name -> google.protobuf.UInt32Value - 30, // 20: hashicorp.consul.mesh.v2beta1.pbproxystate.L7WeightedDestinationCluster.header_mutations:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.HeaderMutation - 27, // 21: hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroupConfig.connect_timeout:type_name -> google.protobuf.Duration - 15, // 22: hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroupConfig.least_request:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.LBPolicyLeastRequest - 16, // 23: hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroupConfig.round_robin:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.LBPolicyRoundRobin - 17, // 24: hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroupConfig.random:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.LBPolicyRandom - 18, // 25: hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroupConfig.ring_hash:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.LBPolicyRingHash - 19, // 26: hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroupConfig.maglev:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.LBPolicyMaglev - 20, // 27: hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroupConfig.circuit_breakers:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.CircuitBreakers - 22, // 28: hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroupConfig.outlier_detection:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.OutlierDetection - 23, // 29: hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroupConfig.upstream_connection_options:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.UpstreamConnectionOptions - 29, // 30: hashicorp.consul.mesh.v2beta1.pbproxystate.LBPolicyLeastRequest.choice_count:type_name -> google.protobuf.UInt32Value - 31, // 31: hashicorp.consul.mesh.v2beta1.pbproxystate.LBPolicyRingHash.minimum_ring_size:type_name -> google.protobuf.UInt64Value - 31, // 32: hashicorp.consul.mesh.v2beta1.pbproxystate.LBPolicyRingHash.maximum_ring_size:type_name -> google.protobuf.UInt64Value - 21, // 33: hashicorp.consul.mesh.v2beta1.pbproxystate.CircuitBreakers.upstream_limits:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.UpstreamLimits - 29, // 34: hashicorp.consul.mesh.v2beta1.pbproxystate.UpstreamLimits.max_connections:type_name -> google.protobuf.UInt32Value - 29, // 35: hashicorp.consul.mesh.v2beta1.pbproxystate.UpstreamLimits.max_pending_requests:type_name -> google.protobuf.UInt32Value - 29, // 36: hashicorp.consul.mesh.v2beta1.pbproxystate.UpstreamLimits.max_concurrent_requests:type_name -> google.protobuf.UInt32Value - 27, // 37: hashicorp.consul.mesh.v2beta1.pbproxystate.OutlierDetection.interval:type_name -> google.protobuf.Duration - 29, // 38: hashicorp.consul.mesh.v2beta1.pbproxystate.OutlierDetection.consecutive_5xx:type_name -> google.protobuf.UInt32Value - 29, // 39: hashicorp.consul.mesh.v2beta1.pbproxystate.OutlierDetection.enforcing_consecutive_5xx:type_name -> google.protobuf.UInt32Value - 29, // 40: hashicorp.consul.mesh.v2beta1.pbproxystate.OutlierDetection.max_ejection_percent:type_name -> google.protobuf.UInt32Value - 27, // 41: hashicorp.consul.mesh.v2beta1.pbproxystate.OutlierDetection.base_ejection_time:type_name -> google.protobuf.Duration - 29, // 42: hashicorp.consul.mesh.v2beta1.pbproxystate.UpstreamConnectionOptions.tcp_keepalive_time:type_name -> google.protobuf.UInt32Value - 29, // 43: hashicorp.consul.mesh.v2beta1.pbproxystate.UpstreamConnectionOptions.tcp_keepalive_interval:type_name -> google.protobuf.UInt32Value - 29, // 44: hashicorp.consul.mesh.v2beta1.pbproxystate.UpstreamConnectionOptions.tcp_keepalive_probes:type_name -> google.protobuf.UInt32Value - 27, // 45: hashicorp.consul.mesh.v2beta1.pbproxystate.PassthroughEndpointGroupConfig.connect_timeout:type_name -> google.protobuf.Duration - 27, // 46: hashicorp.consul.mesh.v2beta1.pbproxystate.DNSEndpointGroupConfig.connect_timeout:type_name -> google.protobuf.Duration - 0, // 47: hashicorp.consul.mesh.v2beta1.pbproxystate.DNSEndpointGroupConfig.discovery_type:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.DiscoveryType - 20, // 48: hashicorp.consul.mesh.v2beta1.pbproxystate.DNSEndpointGroupConfig.circuit_breakers:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.CircuitBreakers - 22, // 49: hashicorp.consul.mesh.v2beta1.pbproxystate.DNSEndpointGroupConfig.outlier_detection:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.OutlierDetection - 23, // 50: hashicorp.consul.mesh.v2beta1.pbproxystate.DNSEndpointGroupConfig.upstream_connection_options:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.UpstreamConnectionOptions - 27, // 51: hashicorp.consul.mesh.v2beta1.pbproxystate.StaticEndpointGroupConfig.connect_timeout:type_name -> google.protobuf.Duration - 20, // 52: hashicorp.consul.mesh.v2beta1.pbproxystate.StaticEndpointGroupConfig.circuit_breakers:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.CircuitBreakers - 53, // [53:53] is the sub-list for method output_type - 53, // [53:53] is the sub-list for method input_type - 53, // [53:53] is the sub-list for extension type_name - 53, // [53:53] is the sub-list for extension extendee - 0, // [0:53] is the sub-list for field type_name + 27, // 2: hashicorp.consul.mesh.v2beta1.pbproxystate.Cluster.protocol:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.Protocol + 4, // 3: hashicorp.consul.mesh.v2beta1.pbproxystate.FailoverGroup.endpoint_groups:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.EndpointGroup + 3, // 4: hashicorp.consul.mesh.v2beta1.pbproxystate.FailoverGroup.config:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.FailoverGroupConfig + 28, // 5: hashicorp.consul.mesh.v2beta1.pbproxystate.FailoverGroupConfig.connect_timeout:type_name -> google.protobuf.Duration + 5, // 6: hashicorp.consul.mesh.v2beta1.pbproxystate.EndpointGroup.dynamic:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroup + 8, // 7: hashicorp.consul.mesh.v2beta1.pbproxystate.EndpointGroup.static:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.StaticEndpointGroup + 7, // 8: hashicorp.consul.mesh.v2beta1.pbproxystate.EndpointGroup.dns:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.DNSEndpointGroup + 6, // 9: hashicorp.consul.mesh.v2beta1.pbproxystate.EndpointGroup.passthrough:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.PassthroughEndpointGroup + 14, // 10: hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroup.config:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroupConfig + 29, // 11: hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroup.outbound_tls:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.TransportSocket + 24, // 12: hashicorp.consul.mesh.v2beta1.pbproxystate.PassthroughEndpointGroup.config:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.PassthroughEndpointGroupConfig + 29, // 13: hashicorp.consul.mesh.v2beta1.pbproxystate.PassthroughEndpointGroup.outbound_tls:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.TransportSocket + 25, // 14: hashicorp.consul.mesh.v2beta1.pbproxystate.DNSEndpointGroup.config:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.DNSEndpointGroupConfig + 29, // 15: hashicorp.consul.mesh.v2beta1.pbproxystate.DNSEndpointGroup.outbound_tls:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.TransportSocket + 26, // 16: hashicorp.consul.mesh.v2beta1.pbproxystate.StaticEndpointGroup.config:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.StaticEndpointGroupConfig + 12, // 17: hashicorp.consul.mesh.v2beta1.pbproxystate.L4WeightedClusterGroup.clusters:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.L4WeightedDestinationCluster + 13, // 18: hashicorp.consul.mesh.v2beta1.pbproxystate.L7WeightedClusterGroup.clusters:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.L7WeightedDestinationCluster + 30, // 19: hashicorp.consul.mesh.v2beta1.pbproxystate.L4WeightedDestinationCluster.weight:type_name -> google.protobuf.UInt32Value + 30, // 20: hashicorp.consul.mesh.v2beta1.pbproxystate.L7WeightedDestinationCluster.weight:type_name -> google.protobuf.UInt32Value + 31, // 21: hashicorp.consul.mesh.v2beta1.pbproxystate.L7WeightedDestinationCluster.header_mutations:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.HeaderMutation + 28, // 22: hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroupConfig.connect_timeout:type_name -> google.protobuf.Duration + 15, // 23: hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroupConfig.least_request:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.LBPolicyLeastRequest + 16, // 24: hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroupConfig.round_robin:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.LBPolicyRoundRobin + 17, // 25: hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroupConfig.random:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.LBPolicyRandom + 18, // 26: hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroupConfig.ring_hash:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.LBPolicyRingHash + 19, // 27: hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroupConfig.maglev:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.LBPolicyMaglev + 20, // 28: hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroupConfig.circuit_breakers:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.CircuitBreakers + 22, // 29: hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroupConfig.outlier_detection:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.OutlierDetection + 23, // 30: hashicorp.consul.mesh.v2beta1.pbproxystate.DynamicEndpointGroupConfig.upstream_connection_options:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.UpstreamConnectionOptions + 30, // 31: hashicorp.consul.mesh.v2beta1.pbproxystate.LBPolicyLeastRequest.choice_count:type_name -> google.protobuf.UInt32Value + 32, // 32: hashicorp.consul.mesh.v2beta1.pbproxystate.LBPolicyRingHash.minimum_ring_size:type_name -> google.protobuf.UInt64Value + 32, // 33: hashicorp.consul.mesh.v2beta1.pbproxystate.LBPolicyRingHash.maximum_ring_size:type_name -> google.protobuf.UInt64Value + 21, // 34: hashicorp.consul.mesh.v2beta1.pbproxystate.CircuitBreakers.upstream_limits:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.UpstreamLimits + 30, // 35: hashicorp.consul.mesh.v2beta1.pbproxystate.UpstreamLimits.max_connections:type_name -> google.protobuf.UInt32Value + 30, // 36: hashicorp.consul.mesh.v2beta1.pbproxystate.UpstreamLimits.max_pending_requests:type_name -> google.protobuf.UInt32Value + 30, // 37: hashicorp.consul.mesh.v2beta1.pbproxystate.UpstreamLimits.max_concurrent_requests:type_name -> google.protobuf.UInt32Value + 28, // 38: hashicorp.consul.mesh.v2beta1.pbproxystate.OutlierDetection.interval:type_name -> google.protobuf.Duration + 30, // 39: hashicorp.consul.mesh.v2beta1.pbproxystate.OutlierDetection.consecutive_5xx:type_name -> google.protobuf.UInt32Value + 30, // 40: hashicorp.consul.mesh.v2beta1.pbproxystate.OutlierDetection.enforcing_consecutive_5xx:type_name -> google.protobuf.UInt32Value + 30, // 41: hashicorp.consul.mesh.v2beta1.pbproxystate.OutlierDetection.max_ejection_percent:type_name -> google.protobuf.UInt32Value + 28, // 42: hashicorp.consul.mesh.v2beta1.pbproxystate.OutlierDetection.base_ejection_time:type_name -> google.protobuf.Duration + 30, // 43: hashicorp.consul.mesh.v2beta1.pbproxystate.UpstreamConnectionOptions.tcp_keepalive_time:type_name -> google.protobuf.UInt32Value + 30, // 44: hashicorp.consul.mesh.v2beta1.pbproxystate.UpstreamConnectionOptions.tcp_keepalive_interval:type_name -> google.protobuf.UInt32Value + 30, // 45: hashicorp.consul.mesh.v2beta1.pbproxystate.UpstreamConnectionOptions.tcp_keepalive_probes:type_name -> google.protobuf.UInt32Value + 28, // 46: hashicorp.consul.mesh.v2beta1.pbproxystate.PassthroughEndpointGroupConfig.connect_timeout:type_name -> google.protobuf.Duration + 28, // 47: hashicorp.consul.mesh.v2beta1.pbproxystate.DNSEndpointGroupConfig.connect_timeout:type_name -> google.protobuf.Duration + 0, // 48: hashicorp.consul.mesh.v2beta1.pbproxystate.DNSEndpointGroupConfig.discovery_type:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.DiscoveryType + 20, // 49: hashicorp.consul.mesh.v2beta1.pbproxystate.DNSEndpointGroupConfig.circuit_breakers:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.CircuitBreakers + 22, // 50: hashicorp.consul.mesh.v2beta1.pbproxystate.DNSEndpointGroupConfig.outlier_detection:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.OutlierDetection + 23, // 51: hashicorp.consul.mesh.v2beta1.pbproxystate.DNSEndpointGroupConfig.upstream_connection_options:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.UpstreamConnectionOptions + 28, // 52: hashicorp.consul.mesh.v2beta1.pbproxystate.StaticEndpointGroupConfig.connect_timeout:type_name -> google.protobuf.Duration + 20, // 53: hashicorp.consul.mesh.v2beta1.pbproxystate.StaticEndpointGroupConfig.circuit_breakers:type_name -> hashicorp.consul.mesh.v2beta1.pbproxystate.CircuitBreakers + 54, // [54:54] is the sub-list for method output_type + 54, // [54:54] is the sub-list for method input_type + 54, // [54:54] is the sub-list for extension type_name + 54, // [54:54] is the sub-list for extension extendee + 0, // [0:54] is the sub-list for field type_name } func init() { file_pbmesh_v2beta1_pbproxystate_cluster_proto_init() } @@ -2280,6 +2288,7 @@ func file_pbmesh_v2beta1_pbproxystate_cluster_proto_init() { return } file_pbmesh_v2beta1_pbproxystate_header_mutations_proto_init() + file_pbmesh_v2beta1_pbproxystate_protocol_proto_init() file_pbmesh_v2beta1_pbproxystate_transport_socket_proto_init() if !protoimpl.UnsafeEnabled { file_pbmesh_v2beta1_pbproxystate_cluster_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/cluster.proto b/proto-public/pbmesh/v2beta1/pbproxystate/cluster.proto index c72fccbb8539..a84a3755c99b 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/cluster.proto +++ b/proto-public/pbmesh/v2beta1/pbproxystate/cluster.proto @@ -8,6 +8,7 @@ package hashicorp.consul.mesh.v2beta1.pbproxystate; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; import "pbmesh/v2beta1/pbproxystate/header_mutations.proto"; +import "pbmesh/v2beta1/pbproxystate/protocol.proto"; import "pbmesh/v2beta1/pbproxystate/transport_socket.proto"; message Cluster { @@ -23,7 +24,7 @@ message Cluster { // alt_stat_name is the name used for observability in place of cluster name if provided. string alt_stat_name = 5; // protocol is the local path protocol or the service protocol. - string protocol = 6; + Protocol protocol = 6; } message FailoverGroup { diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/cluster_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/pbproxystate/cluster_deepcopy.gen.go index f06ac976e13f..1818a349bd45 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/cluster_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/cluster_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using Cluster within kubernetes types, where deepcopy-gen is used. func (in *Cluster) DeepCopyInto(out *Cluster) { - p := proto.Clone(in).(*Cluster) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Cluster. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *Cluster) DeepCopyInterface() interface{} { // DeepCopyInto supports using FailoverGroup within kubernetes types, where deepcopy-gen is used. func (in *FailoverGroup) DeepCopyInto(out *FailoverGroup) { - p := proto.Clone(in).(*FailoverGroup) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FailoverGroup. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *FailoverGroup) DeepCopyInterface() interface{} { // DeepCopyInto supports using FailoverGroupConfig within kubernetes types, where deepcopy-gen is used. func (in *FailoverGroupConfig) DeepCopyInto(out *FailoverGroupConfig) { - p := proto.Clone(in).(*FailoverGroupConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FailoverGroupConfig. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *FailoverGroupConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using EndpointGroup within kubernetes types, where deepcopy-gen is used. func (in *EndpointGroup) DeepCopyInto(out *EndpointGroup) { - p := proto.Clone(in).(*EndpointGroup) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EndpointGroup. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *EndpointGroup) DeepCopyInterface() interface{} { // DeepCopyInto supports using DynamicEndpointGroup within kubernetes types, where deepcopy-gen is used. func (in *DynamicEndpointGroup) DeepCopyInto(out *DynamicEndpointGroup) { - p := proto.Clone(in).(*DynamicEndpointGroup) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicEndpointGroup. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *DynamicEndpointGroup) DeepCopyInterface() interface{} { // DeepCopyInto supports using PassthroughEndpointGroup within kubernetes types, where deepcopy-gen is used. func (in *PassthroughEndpointGroup) DeepCopyInto(out *PassthroughEndpointGroup) { - p := proto.Clone(in).(*PassthroughEndpointGroup) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PassthroughEndpointGroup. Required by controller-gen. @@ -133,8 +133,8 @@ func (in *PassthroughEndpointGroup) DeepCopyInterface() interface{} { // DeepCopyInto supports using DNSEndpointGroup within kubernetes types, where deepcopy-gen is used. func (in *DNSEndpointGroup) DeepCopyInto(out *DNSEndpointGroup) { - p := proto.Clone(in).(*DNSEndpointGroup) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSEndpointGroup. Required by controller-gen. @@ -154,8 +154,8 @@ func (in *DNSEndpointGroup) DeepCopyInterface() interface{} { // DeepCopyInto supports using StaticEndpointGroup within kubernetes types, where deepcopy-gen is used. func (in *StaticEndpointGroup) DeepCopyInto(out *StaticEndpointGroup) { - p := proto.Clone(in).(*StaticEndpointGroup) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StaticEndpointGroup. Required by controller-gen. @@ -175,8 +175,8 @@ func (in *StaticEndpointGroup) DeepCopyInterface() interface{} { // DeepCopyInto supports using DestinationCluster within kubernetes types, where deepcopy-gen is used. func (in *DestinationCluster) DeepCopyInto(out *DestinationCluster) { - p := proto.Clone(in).(*DestinationCluster) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationCluster. Required by controller-gen. @@ -196,8 +196,8 @@ func (in *DestinationCluster) DeepCopyInterface() interface{} { // DeepCopyInto supports using L4WeightedClusterGroup within kubernetes types, where deepcopy-gen is used. func (in *L4WeightedClusterGroup) DeepCopyInto(out *L4WeightedClusterGroup) { - p := proto.Clone(in).(*L4WeightedClusterGroup) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L4WeightedClusterGroup. Required by controller-gen. @@ -217,8 +217,8 @@ func (in *L4WeightedClusterGroup) DeepCopyInterface() interface{} { // DeepCopyInto supports using L7WeightedClusterGroup within kubernetes types, where deepcopy-gen is used. func (in *L7WeightedClusterGroup) DeepCopyInto(out *L7WeightedClusterGroup) { - p := proto.Clone(in).(*L7WeightedClusterGroup) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L7WeightedClusterGroup. Required by controller-gen. @@ -238,8 +238,8 @@ func (in *L7WeightedClusterGroup) DeepCopyInterface() interface{} { // DeepCopyInto supports using L4WeightedDestinationCluster within kubernetes types, where deepcopy-gen is used. func (in *L4WeightedDestinationCluster) DeepCopyInto(out *L4WeightedDestinationCluster) { - p := proto.Clone(in).(*L4WeightedDestinationCluster) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L4WeightedDestinationCluster. Required by controller-gen. @@ -259,8 +259,8 @@ func (in *L4WeightedDestinationCluster) DeepCopyInterface() interface{} { // DeepCopyInto supports using L7WeightedDestinationCluster within kubernetes types, where deepcopy-gen is used. func (in *L7WeightedDestinationCluster) DeepCopyInto(out *L7WeightedDestinationCluster) { - p := proto.Clone(in).(*L7WeightedDestinationCluster) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L7WeightedDestinationCluster. Required by controller-gen. @@ -280,8 +280,8 @@ func (in *L7WeightedDestinationCluster) DeepCopyInterface() interface{} { // DeepCopyInto supports using DynamicEndpointGroupConfig within kubernetes types, where deepcopy-gen is used. func (in *DynamicEndpointGroupConfig) DeepCopyInto(out *DynamicEndpointGroupConfig) { - p := proto.Clone(in).(*DynamicEndpointGroupConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicEndpointGroupConfig. Required by controller-gen. @@ -301,8 +301,8 @@ func (in *DynamicEndpointGroupConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using LBPolicyLeastRequest within kubernetes types, where deepcopy-gen is used. func (in *LBPolicyLeastRequest) DeepCopyInto(out *LBPolicyLeastRequest) { - p := proto.Clone(in).(*LBPolicyLeastRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LBPolicyLeastRequest. Required by controller-gen. @@ -322,8 +322,8 @@ func (in *LBPolicyLeastRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using LBPolicyRoundRobin within kubernetes types, where deepcopy-gen is used. func (in *LBPolicyRoundRobin) DeepCopyInto(out *LBPolicyRoundRobin) { - p := proto.Clone(in).(*LBPolicyRoundRobin) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LBPolicyRoundRobin. Required by controller-gen. @@ -343,8 +343,8 @@ func (in *LBPolicyRoundRobin) DeepCopyInterface() interface{} { // DeepCopyInto supports using LBPolicyRandom within kubernetes types, where deepcopy-gen is used. func (in *LBPolicyRandom) DeepCopyInto(out *LBPolicyRandom) { - p := proto.Clone(in).(*LBPolicyRandom) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LBPolicyRandom. Required by controller-gen. @@ -364,8 +364,8 @@ func (in *LBPolicyRandom) DeepCopyInterface() interface{} { // DeepCopyInto supports using LBPolicyRingHash within kubernetes types, where deepcopy-gen is used. func (in *LBPolicyRingHash) DeepCopyInto(out *LBPolicyRingHash) { - p := proto.Clone(in).(*LBPolicyRingHash) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LBPolicyRingHash. Required by controller-gen. @@ -385,8 +385,8 @@ func (in *LBPolicyRingHash) DeepCopyInterface() interface{} { // DeepCopyInto supports using LBPolicyMaglev within kubernetes types, where deepcopy-gen is used. func (in *LBPolicyMaglev) DeepCopyInto(out *LBPolicyMaglev) { - p := proto.Clone(in).(*LBPolicyMaglev) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LBPolicyMaglev. Required by controller-gen. @@ -406,8 +406,8 @@ func (in *LBPolicyMaglev) DeepCopyInterface() interface{} { // DeepCopyInto supports using CircuitBreakers within kubernetes types, where deepcopy-gen is used. func (in *CircuitBreakers) DeepCopyInto(out *CircuitBreakers) { - p := proto.Clone(in).(*CircuitBreakers) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CircuitBreakers. Required by controller-gen. @@ -427,8 +427,8 @@ func (in *CircuitBreakers) DeepCopyInterface() interface{} { // DeepCopyInto supports using UpstreamLimits within kubernetes types, where deepcopy-gen is used. func (in *UpstreamLimits) DeepCopyInto(out *UpstreamLimits) { - p := proto.Clone(in).(*UpstreamLimits) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpstreamLimits. Required by controller-gen. @@ -448,8 +448,8 @@ func (in *UpstreamLimits) DeepCopyInterface() interface{} { // DeepCopyInto supports using OutlierDetection within kubernetes types, where deepcopy-gen is used. func (in *OutlierDetection) DeepCopyInto(out *OutlierDetection) { - p := proto.Clone(in).(*OutlierDetection) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutlierDetection. Required by controller-gen. @@ -469,8 +469,8 @@ func (in *OutlierDetection) DeepCopyInterface() interface{} { // DeepCopyInto supports using UpstreamConnectionOptions within kubernetes types, where deepcopy-gen is used. func (in *UpstreamConnectionOptions) DeepCopyInto(out *UpstreamConnectionOptions) { - p := proto.Clone(in).(*UpstreamConnectionOptions) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpstreamConnectionOptions. Required by controller-gen. @@ -490,8 +490,8 @@ func (in *UpstreamConnectionOptions) DeepCopyInterface() interface{} { // DeepCopyInto supports using PassthroughEndpointGroupConfig within kubernetes types, where deepcopy-gen is used. func (in *PassthroughEndpointGroupConfig) DeepCopyInto(out *PassthroughEndpointGroupConfig) { - p := proto.Clone(in).(*PassthroughEndpointGroupConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PassthroughEndpointGroupConfig. Required by controller-gen. @@ -511,8 +511,8 @@ func (in *PassthroughEndpointGroupConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using DNSEndpointGroupConfig within kubernetes types, where deepcopy-gen is used. func (in *DNSEndpointGroupConfig) DeepCopyInto(out *DNSEndpointGroupConfig) { - p := proto.Clone(in).(*DNSEndpointGroupConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSEndpointGroupConfig. Required by controller-gen. @@ -532,8 +532,8 @@ func (in *DNSEndpointGroupConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using StaticEndpointGroupConfig within kubernetes types, where deepcopy-gen is used. func (in *StaticEndpointGroupConfig) DeepCopyInto(out *StaticEndpointGroupConfig) { - p := proto.Clone(in).(*StaticEndpointGroupConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StaticEndpointGroupConfig. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/endpoints_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/pbproxystate/endpoints_deepcopy.gen.go index 62efabc96394..eeb1daa5d23c 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/endpoints_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/endpoints_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using Endpoints within kubernetes types, where deepcopy-gen is used. func (in *Endpoints) DeepCopyInto(out *Endpoints) { - p := proto.Clone(in).(*Endpoints) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Endpoints. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *Endpoints) DeepCopyInterface() interface{} { // DeepCopyInto supports using Endpoint within kubernetes types, where deepcopy-gen is used. func (in *Endpoint) DeepCopyInto(out *Endpoint) { - p := proto.Clone(in).(*Endpoint) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Endpoint. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/escape_hatches_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/pbproxystate/escape_hatches_deepcopy.gen.go index fc5617f23494..41fcb73d4662 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/escape_hatches_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/escape_hatches_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using EscapeHatches within kubernetes types, where deepcopy-gen is used. func (in *EscapeHatches) DeepCopyInto(out *EscapeHatches) { - p := proto.Clone(in).(*EscapeHatches) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EscapeHatches. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/header_mutations_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/pbproxystate/header_mutations_deepcopy.gen.go index 2b09b2759738..97a77c7fc402 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/header_mutations_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/header_mutations_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using HeaderMutation within kubernetes types, where deepcopy-gen is used. func (in *HeaderMutation) DeepCopyInto(out *HeaderMutation) { - p := proto.Clone(in).(*HeaderMutation) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderMutation. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *HeaderMutation) DeepCopyInterface() interface{} { // DeepCopyInto supports using RequestHeaderAdd within kubernetes types, where deepcopy-gen is used. func (in *RequestHeaderAdd) DeepCopyInto(out *RequestHeaderAdd) { - p := proto.Clone(in).(*RequestHeaderAdd) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestHeaderAdd. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *RequestHeaderAdd) DeepCopyInterface() interface{} { // DeepCopyInto supports using RequestHeaderRemove within kubernetes types, where deepcopy-gen is used. func (in *RequestHeaderRemove) DeepCopyInto(out *RequestHeaderRemove) { - p := proto.Clone(in).(*RequestHeaderRemove) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestHeaderRemove. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *RequestHeaderRemove) DeepCopyInterface() interface{} { // DeepCopyInto supports using ResponseHeaderAdd within kubernetes types, where deepcopy-gen is used. func (in *ResponseHeaderAdd) DeepCopyInto(out *ResponseHeaderAdd) { - p := proto.Clone(in).(*ResponseHeaderAdd) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResponseHeaderAdd. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *ResponseHeaderAdd) DeepCopyInterface() interface{} { // DeepCopyInto supports using ResponseHeaderRemove within kubernetes types, where deepcopy-gen is used. func (in *ResponseHeaderRemove) DeepCopyInto(out *ResponseHeaderRemove) { - p := proto.Clone(in).(*ResponseHeaderRemove) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResponseHeaderRemove. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *ResponseHeaderRemove) DeepCopyInterface() interface{} { // DeepCopyInto supports using Header within kubernetes types, where deepcopy-gen is used. func (in *Header) DeepCopyInto(out *Header) { - p := proto.Clone(in).(*Header) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Header. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/listener_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/pbproxystate/listener_deepcopy.gen.go index 7208735dbd64..c721f40cbb91 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/listener_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/listener_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using Listener within kubernetes types, where deepcopy-gen is used. func (in *Listener) DeepCopyInto(out *Listener) { - p := proto.Clone(in).(*Listener) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Listener. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *Listener) DeepCopyInterface() interface{} { // DeepCopyInto supports using Router within kubernetes types, where deepcopy-gen is used. func (in *Router) DeepCopyInto(out *Router) { - p := proto.Clone(in).(*Router) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Router. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *Router) DeepCopyInterface() interface{} { // DeepCopyInto supports using Match within kubernetes types, where deepcopy-gen is used. func (in *Match) DeepCopyInto(out *Match) { - p := proto.Clone(in).(*Match) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Match. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *Match) DeepCopyInterface() interface{} { // DeepCopyInto supports using CidrRange within kubernetes types, where deepcopy-gen is used. func (in *CidrRange) DeepCopyInto(out *CidrRange) { - p := proto.Clone(in).(*CidrRange) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CidrRange. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *CidrRange) DeepCopyInterface() interface{} { // DeepCopyInto supports using L4Destination within kubernetes types, where deepcopy-gen is used. func (in *L4Destination) DeepCopyInto(out *L4Destination) { - p := proto.Clone(in).(*L4Destination) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L4Destination. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *L4Destination) DeepCopyInterface() interface{} { // DeepCopyInto supports using L7DestinationRoute within kubernetes types, where deepcopy-gen is used. func (in *L7DestinationRoute) DeepCopyInto(out *L7DestinationRoute) { - p := proto.Clone(in).(*L7DestinationRoute) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L7DestinationRoute. Required by controller-gen. @@ -133,8 +133,8 @@ func (in *L7DestinationRoute) DeepCopyInterface() interface{} { // DeepCopyInto supports using L7Destination within kubernetes types, where deepcopy-gen is used. func (in *L7Destination) DeepCopyInto(out *L7Destination) { - p := proto.Clone(in).(*L7Destination) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L7Destination. Required by controller-gen. @@ -154,8 +154,8 @@ func (in *L7Destination) DeepCopyInterface() interface{} { // DeepCopyInto supports using SNIDestination within kubernetes types, where deepcopy-gen is used. func (in *SNIDestination) DeepCopyInto(out *SNIDestination) { - p := proto.Clone(in).(*SNIDestination) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SNIDestination. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/protocol.pb.go b/proto-public/pbmesh/v2beta1/pbproxystate/protocol.pb.go new file mode 100644 index 000000000000..a14cdf986de6 --- /dev/null +++ b/proto-public/pbmesh/v2beta1/pbproxystate/protocol.pb.go @@ -0,0 +1,175 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.30.0 +// protoc (unknown) +// source: pbmesh/v2beta1/pbproxystate/protocol.proto + +package pbproxystate + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// +kubebuilder:validation:Enum=PROTOCOL_UNSPECIFIED;PROTOCOL_TCP;PROTOCOL_HTTP;PROTOCOL_HTTP2;PROTOCOL_GRPC +// +kubebuilder:validation:Type=string +type Protocol int32 + +const ( + Protocol_PROTOCOL_UNSPECIFIED Protocol = 0 + Protocol_PROTOCOL_TCP Protocol = 1 + Protocol_PROTOCOL_HTTP Protocol = 2 + Protocol_PROTOCOL_HTTP2 Protocol = 3 + Protocol_PROTOCOL_GRPC Protocol = 4 + // Protocol Mesh indicates that this port can speak Consul's mTLS based mesh protocol. + Protocol_PROTOCOL_MESH Protocol = 5 +) + +// Enum value maps for Protocol. +var ( + Protocol_name = map[int32]string{ + 0: "PROTOCOL_UNSPECIFIED", + 1: "PROTOCOL_TCP", + 2: "PROTOCOL_HTTP", + 3: "PROTOCOL_HTTP2", + 4: "PROTOCOL_GRPC", + 5: "PROTOCOL_MESH", + } + Protocol_value = map[string]int32{ + "PROTOCOL_UNSPECIFIED": 0, + "PROTOCOL_TCP": 1, + "PROTOCOL_HTTP": 2, + "PROTOCOL_HTTP2": 3, + "PROTOCOL_GRPC": 4, + "PROTOCOL_MESH": 5, + } +) + +func (x Protocol) Enum() *Protocol { + p := new(Protocol) + *p = x + return p +} + +func (x Protocol) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (Protocol) Descriptor() protoreflect.EnumDescriptor { + return file_pbmesh_v2beta1_pbproxystate_protocol_proto_enumTypes[0].Descriptor() +} + +func (Protocol) Type() protoreflect.EnumType { + return &file_pbmesh_v2beta1_pbproxystate_protocol_proto_enumTypes[0] +} + +func (x Protocol) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use Protocol.Descriptor instead. +func (Protocol) EnumDescriptor() ([]byte, []int) { + return file_pbmesh_v2beta1_pbproxystate_protocol_proto_rawDescGZIP(), []int{0} +} + +var File_pbmesh_v2beta1_pbproxystate_protocol_proto protoreflect.FileDescriptor + +var file_pbmesh_v2beta1_pbproxystate_protocol_proto_rawDesc = []byte{ + 0x0a, 0x2a, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, + 0x2f, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2f, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x2a, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, + 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, + 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2a, 0x83, 0x01, 0x0a, 0x08, 0x50, 0x72, 0x6f, + 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x18, 0x0a, 0x14, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, + 0x4c, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, + 0x10, 0x0a, 0x0c, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x54, 0x43, 0x50, 0x10, + 0x01, 0x12, 0x11, 0x0a, 0x0d, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x48, 0x54, + 0x54, 0x50, 0x10, 0x02, 0x12, 0x12, 0x0a, 0x0e, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, + 0x5f, 0x48, 0x54, 0x54, 0x50, 0x32, 0x10, 0x03, 0x12, 0x11, 0x0a, 0x0d, 0x50, 0x52, 0x4f, 0x54, + 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x47, 0x52, 0x50, 0x43, 0x10, 0x04, 0x12, 0x11, 0x0a, 0x0d, 0x50, + 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x4d, 0x45, 0x53, 0x48, 0x10, 0x05, 0x42, 0xd3, + 0x02, 0x0a, 0x2e, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, + 0x65, 0x74, 0x61, 0x31, 0x2e, 0x70, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, + 0x65, 0x42, 0x0d, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x6f, + 0x50, 0x01, 0x5a, 0x44, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, + 0x65, 0x73, 0x68, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x70, 0x62, 0x70, 0x72, + 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xa2, 0x02, 0x05, 0x48, 0x43, 0x4d, 0x56, 0x50, + 0xaa, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, + 0x2e, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xca, 0x02, 0x2a, + 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x5c, 0x50, 0x62, + 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0xe2, 0x02, 0x36, 0x48, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, + 0x73, 0x68, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x5c, 0x50, 0x62, 0x70, 0x72, 0x6f, + 0x78, 0x79, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, + 0x61, 0x74, 0x61, 0xea, 0x02, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, + 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, + 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x3a, 0x3a, 0x50, 0x62, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x73, + 0x74, 0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_pbmesh_v2beta1_pbproxystate_protocol_proto_rawDescOnce sync.Once + file_pbmesh_v2beta1_pbproxystate_protocol_proto_rawDescData = file_pbmesh_v2beta1_pbproxystate_protocol_proto_rawDesc +) + +func file_pbmesh_v2beta1_pbproxystate_protocol_proto_rawDescGZIP() []byte { + file_pbmesh_v2beta1_pbproxystate_protocol_proto_rawDescOnce.Do(func() { + file_pbmesh_v2beta1_pbproxystate_protocol_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v2beta1_pbproxystate_protocol_proto_rawDescData) + }) + return file_pbmesh_v2beta1_pbproxystate_protocol_proto_rawDescData +} + +var file_pbmesh_v2beta1_pbproxystate_protocol_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_pbmesh_v2beta1_pbproxystate_protocol_proto_goTypes = []interface{}{ + (Protocol)(0), // 0: hashicorp.consul.mesh.v2beta1.pbproxystate.Protocol +} +var file_pbmesh_v2beta1_pbproxystate_protocol_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_pbmesh_v2beta1_pbproxystate_protocol_proto_init() } +func file_pbmesh_v2beta1_pbproxystate_protocol_proto_init() { + if File_pbmesh_v2beta1_pbproxystate_protocol_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_pbmesh_v2beta1_pbproxystate_protocol_proto_rawDesc, + NumEnums: 1, + NumMessages: 0, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_pbmesh_v2beta1_pbproxystate_protocol_proto_goTypes, + DependencyIndexes: file_pbmesh_v2beta1_pbproxystate_protocol_proto_depIdxs, + EnumInfos: file_pbmesh_v2beta1_pbproxystate_protocol_proto_enumTypes, + }.Build() + File_pbmesh_v2beta1_pbproxystate_protocol_proto = out.File + file_pbmesh_v2beta1_pbproxystate_protocol_proto_rawDesc = nil + file_pbmesh_v2beta1_pbproxystate_protocol_proto_goTypes = nil + file_pbmesh_v2beta1_pbproxystate_protocol_proto_depIdxs = nil +} diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/protocol.proto b/proto-public/pbmesh/v2beta1/pbproxystate/protocol.proto new file mode 100644 index 000000000000..afe3ff17523e --- /dev/null +++ b/proto-public/pbmesh/v2beta1/pbproxystate/protocol.proto @@ -0,0 +1,19 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +syntax = "proto3"; + +package hashicorp.consul.mesh.v2beta1.pbproxystate; + +// +kubebuilder:validation:Enum=PROTOCOL_UNSPECIFIED;PROTOCOL_TCP;PROTOCOL_HTTP;PROTOCOL_HTTP2;PROTOCOL_GRPC +// +kubebuilder:validation:Type=string +enum Protocol { + PROTOCOL_UNSPECIFIED = 0; + PROTOCOL_TCP = 1; + PROTOCOL_HTTP = 2; + PROTOCOL_HTTP2 = 3; + PROTOCOL_GRPC = 4; + + // Protocol Mesh indicates that this port can speak Consul's mTLS based mesh protocol. + PROTOCOL_MESH = 5; +} diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/protocol_test.go b/proto-public/pbmesh/v2beta1/pbproxystate/protocol_test.go new file mode 100644 index 000000000000..683f84452f13 --- /dev/null +++ b/proto-public/pbmesh/v2beta1/pbproxystate/protocol_test.go @@ -0,0 +1,19 @@ +package pbproxystate + +import ( + "testing" + + pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" + "github.com/stretchr/testify/require" +) + +// TestMirrorsCatalogProtocol ensures that there is no unintended drift between pbcatalog.Protocol and +// pbproxystate.Protocol. +func TestMirrorsCatalogProtocol(t *testing.T) { + require.Equal(t, pbcatalog.Protocol_value, Protocol_value, "pbcatalog.Protocol and pbproxystate.Protocol have diverged") + for i := range pbcatalog.Protocol_name { + require.Equal(t, pbcatalog.Protocol_name[i], Protocol_name[i], + "pbcatalog.Protocol and pbproxystate.Protocol ordinals do not match;"+ + " ordinals for equivalent values must match so that casting between them produces expected results") + } +} diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/references_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/pbproxystate/references_deepcopy.gen.go index c52d23730cf9..2cbe25a91750 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/references_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/references_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using LeafCertificateRef within kubernetes types, where deepcopy-gen is used. func (in *LeafCertificateRef) DeepCopyInto(out *LeafCertificateRef) { - p := proto.Clone(in).(*LeafCertificateRef) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeafCertificateRef. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *LeafCertificateRef) DeepCopyInterface() interface{} { // DeepCopyInto supports using TrustBundleRef within kubernetes types, where deepcopy-gen is used. func (in *TrustBundleRef) DeepCopyInto(out *TrustBundleRef) { - p := proto.Clone(in).(*TrustBundleRef) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustBundleRef. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *TrustBundleRef) DeepCopyInterface() interface{} { // DeepCopyInto supports using EndpointRef within kubernetes types, where deepcopy-gen is used. func (in *EndpointRef) DeepCopyInto(out *EndpointRef) { - p := proto.Clone(in).(*EndpointRef) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EndpointRef. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/route_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/pbproxystate/route_deepcopy.gen.go index 2d2e71009410..e2eea4e78b5e 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/route_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/route_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using Route within kubernetes types, where deepcopy-gen is used. func (in *Route) DeepCopyInto(out *Route) { - p := proto.Clone(in).(*Route) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Route. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *Route) DeepCopyInterface() interface{} { // DeepCopyInto supports using VirtualHost within kubernetes types, where deepcopy-gen is used. func (in *VirtualHost) DeepCopyInto(out *VirtualHost) { - p := proto.Clone(in).(*VirtualHost) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualHost. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *VirtualHost) DeepCopyInterface() interface{} { // DeepCopyInto supports using RouteRule within kubernetes types, where deepcopy-gen is used. func (in *RouteRule) DeepCopyInto(out *RouteRule) { - p := proto.Clone(in).(*RouteRule) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteRule. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *RouteRule) DeepCopyInterface() interface{} { // DeepCopyInto supports using RouteMatch within kubernetes types, where deepcopy-gen is used. func (in *RouteMatch) DeepCopyInto(out *RouteMatch) { - p := proto.Clone(in).(*RouteMatch) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteMatch. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *RouteMatch) DeepCopyInterface() interface{} { // DeepCopyInto supports using PathMatch within kubernetes types, where deepcopy-gen is used. func (in *PathMatch) DeepCopyInto(out *PathMatch) { - p := proto.Clone(in).(*PathMatch) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PathMatch. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *PathMatch) DeepCopyInterface() interface{} { // DeepCopyInto supports using QueryParameterMatch within kubernetes types, where deepcopy-gen is used. func (in *QueryParameterMatch) DeepCopyInto(out *QueryParameterMatch) { - p := proto.Clone(in).(*QueryParameterMatch) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueryParameterMatch. Required by controller-gen. @@ -133,8 +133,8 @@ func (in *QueryParameterMatch) DeepCopyInterface() interface{} { // DeepCopyInto supports using HeaderMatch within kubernetes types, where deepcopy-gen is used. func (in *HeaderMatch) DeepCopyInto(out *HeaderMatch) { - p := proto.Clone(in).(*HeaderMatch) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderMatch. Required by controller-gen. @@ -154,8 +154,8 @@ func (in *HeaderMatch) DeepCopyInterface() interface{} { // DeepCopyInto supports using RouteDestination within kubernetes types, where deepcopy-gen is used. func (in *RouteDestination) DeepCopyInto(out *RouteDestination) { - p := proto.Clone(in).(*RouteDestination) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteDestination. Required by controller-gen. @@ -175,8 +175,8 @@ func (in *RouteDestination) DeepCopyInterface() interface{} { // DeepCopyInto supports using DestinationConfiguration within kubernetes types, where deepcopy-gen is used. func (in *DestinationConfiguration) DeepCopyInto(out *DestinationConfiguration) { - p := proto.Clone(in).(*DestinationConfiguration) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationConfiguration. Required by controller-gen. @@ -196,8 +196,8 @@ func (in *DestinationConfiguration) DeepCopyInterface() interface{} { // DeepCopyInto supports using RetryPolicy within kubernetes types, where deepcopy-gen is used. func (in *RetryPolicy) DeepCopyInto(out *RetryPolicy) { - p := proto.Clone(in).(*RetryPolicy) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RetryPolicy. Required by controller-gen. @@ -217,8 +217,8 @@ func (in *RetryPolicy) DeepCopyInterface() interface{} { // DeepCopyInto supports using TimeoutConfig within kubernetes types, where deepcopy-gen is used. func (in *TimeoutConfig) DeepCopyInto(out *TimeoutConfig) { - p := proto.Clone(in).(*TimeoutConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TimeoutConfig. Required by controller-gen. @@ -238,8 +238,8 @@ func (in *TimeoutConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using LoadBalancerHashPolicy within kubernetes types, where deepcopy-gen is used. func (in *LoadBalancerHashPolicy) DeepCopyInto(out *LoadBalancerHashPolicy) { - p := proto.Clone(in).(*LoadBalancerHashPolicy) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerHashPolicy. Required by controller-gen. @@ -259,8 +259,8 @@ func (in *LoadBalancerHashPolicy) DeepCopyInterface() interface{} { // DeepCopyInto supports using CookiePolicy within kubernetes types, where deepcopy-gen is used. func (in *CookiePolicy) DeepCopyInto(out *CookiePolicy) { - p := proto.Clone(in).(*CookiePolicy) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CookiePolicy. Required by controller-gen. @@ -280,8 +280,8 @@ func (in *CookiePolicy) DeepCopyInterface() interface{} { // DeepCopyInto supports using HeaderPolicy within kubernetes types, where deepcopy-gen is used. func (in *HeaderPolicy) DeepCopyInto(out *HeaderPolicy) { - p := proto.Clone(in).(*HeaderPolicy) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderPolicy. Required by controller-gen. @@ -301,8 +301,8 @@ func (in *HeaderPolicy) DeepCopyInterface() interface{} { // DeepCopyInto supports using QueryParameterPolicy within kubernetes types, where deepcopy-gen is used. func (in *QueryParameterPolicy) DeepCopyInto(out *QueryParameterPolicy) { - p := proto.Clone(in).(*QueryParameterPolicy) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueryParameterPolicy. Required by controller-gen. @@ -322,8 +322,8 @@ func (in *QueryParameterPolicy) DeepCopyInterface() interface{} { // DeepCopyInto supports using ConnectionPropertiesPolicy within kubernetes types, where deepcopy-gen is used. func (in *ConnectionPropertiesPolicy) DeepCopyInto(out *ConnectionPropertiesPolicy) { - p := proto.Clone(in).(*ConnectionPropertiesPolicy) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPropertiesPolicy. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/traffic_permissions_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/pbproxystate/traffic_permissions_deepcopy.gen.go index 316c185dfa34..b45d2a79261a 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/traffic_permissions_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/traffic_permissions_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using TrafficPermissions within kubernetes types, where deepcopy-gen is used. func (in *TrafficPermissions) DeepCopyInto(out *TrafficPermissions) { - p := proto.Clone(in).(*TrafficPermissions) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPermissions. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *TrafficPermissions) DeepCopyInterface() interface{} { // DeepCopyInto supports using Permission within kubernetes types, where deepcopy-gen is used. func (in *Permission) DeepCopyInto(out *Permission) { - p := proto.Clone(in).(*Permission) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Permission. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *Permission) DeepCopyInterface() interface{} { // DeepCopyInto supports using Principal within kubernetes types, where deepcopy-gen is used. func (in *Principal) DeepCopyInto(out *Principal) { - p := proto.Clone(in).(*Principal) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Principal. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *Principal) DeepCopyInterface() interface{} { // DeepCopyInto supports using Spiffe within kubernetes types, where deepcopy-gen is used. func (in *Spiffe) DeepCopyInto(out *Spiffe) { - p := proto.Clone(in).(*Spiffe) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Spiffe. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/transport_socket_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/pbproxystate/transport_socket_deepcopy.gen.go index f2ba600e77e4..0d0520e328b5 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/transport_socket_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/transport_socket_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using TLS within kubernetes types, where deepcopy-gen is used. func (in *TLS) DeepCopyInto(out *TLS) { - p := proto.Clone(in).(*TLS) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLS. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *TLS) DeepCopyInterface() interface{} { // DeepCopyInto supports using TransportSocket within kubernetes types, where deepcopy-gen is used. func (in *TransportSocket) DeepCopyInto(out *TransportSocket) { - p := proto.Clone(in).(*TransportSocket) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransportSocket. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *TransportSocket) DeepCopyInterface() interface{} { // DeepCopyInto supports using InboundMeshMTLS within kubernetes types, where deepcopy-gen is used. func (in *InboundMeshMTLS) DeepCopyInto(out *InboundMeshMTLS) { - p := proto.Clone(in).(*InboundMeshMTLS) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InboundMeshMTLS. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *InboundMeshMTLS) DeepCopyInterface() interface{} { // DeepCopyInto supports using OutboundMeshMTLS within kubernetes types, where deepcopy-gen is used. func (in *OutboundMeshMTLS) DeepCopyInto(out *OutboundMeshMTLS) { - p := proto.Clone(in).(*OutboundMeshMTLS) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutboundMeshMTLS. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *OutboundMeshMTLS) DeepCopyInterface() interface{} { // DeepCopyInto supports using InboundNonMeshTLS within kubernetes types, where deepcopy-gen is used. func (in *InboundNonMeshTLS) DeepCopyInto(out *InboundNonMeshTLS) { - p := proto.Clone(in).(*InboundNonMeshTLS) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InboundNonMeshTLS. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *InboundNonMeshTLS) DeepCopyInterface() interface{} { // DeepCopyInto supports using OutboundNonMeshTLS within kubernetes types, where deepcopy-gen is used. func (in *OutboundNonMeshTLS) DeepCopyInto(out *OutboundNonMeshTLS) { - p := proto.Clone(in).(*OutboundNonMeshTLS) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutboundNonMeshTLS. Required by controller-gen. @@ -133,8 +133,8 @@ func (in *OutboundNonMeshTLS) DeepCopyInterface() interface{} { // DeepCopyInto supports using MeshInboundValidationContext within kubernetes types, where deepcopy-gen is used. func (in *MeshInboundValidationContext) DeepCopyInto(out *MeshInboundValidationContext) { - p := proto.Clone(in).(*MeshInboundValidationContext) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshInboundValidationContext. Required by controller-gen. @@ -154,8 +154,8 @@ func (in *MeshInboundValidationContext) DeepCopyInterface() interface{} { // DeepCopyInto supports using MeshOutboundValidationContext within kubernetes types, where deepcopy-gen is used. func (in *MeshOutboundValidationContext) DeepCopyInto(out *MeshOutboundValidationContext) { - p := proto.Clone(in).(*MeshOutboundValidationContext) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshOutboundValidationContext. Required by controller-gen. @@ -175,8 +175,8 @@ func (in *MeshOutboundValidationContext) DeepCopyInterface() interface{} { // DeepCopyInto supports using NonMeshOutboundValidationContext within kubernetes types, where deepcopy-gen is used. func (in *NonMeshOutboundValidationContext) DeepCopyInto(out *NonMeshOutboundValidationContext) { - p := proto.Clone(in).(*NonMeshOutboundValidationContext) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NonMeshOutboundValidationContext. Required by controller-gen. @@ -196,8 +196,8 @@ func (in *NonMeshOutboundValidationContext) DeepCopyInterface() interface{} { // DeepCopyInto supports using SDSCertificate within kubernetes types, where deepcopy-gen is used. func (in *SDSCertificate) DeepCopyInto(out *SDSCertificate) { - p := proto.Clone(in).(*SDSCertificate) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SDSCertificate. Required by controller-gen. @@ -217,8 +217,8 @@ func (in *SDSCertificate) DeepCopyInterface() interface{} { // DeepCopyInto supports using TLSParameters within kubernetes types, where deepcopy-gen is used. func (in *TLSParameters) DeepCopyInto(out *TLSParameters) { - p := proto.Clone(in).(*TLSParameters) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSParameters. Required by controller-gen. @@ -238,8 +238,8 @@ func (in *TLSParameters) DeepCopyInterface() interface{} { // DeepCopyInto supports using LeafCertificate within kubernetes types, where deepcopy-gen is used. func (in *LeafCertificate) DeepCopyInto(out *LeafCertificate) { - p := proto.Clone(in).(*LeafCertificate) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeafCertificate. Required by controller-gen. @@ -259,8 +259,8 @@ func (in *LeafCertificate) DeepCopyInterface() interface{} { // DeepCopyInto supports using TrustBundle within kubernetes types, where deepcopy-gen is used. func (in *TrustBundle) DeepCopyInto(out *TrustBundle) { - p := proto.Clone(in).(*TrustBundle) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustBundle. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/proxy_configuration.pb.go b/proto-public/pbmesh/v2beta1/proxy_configuration.pb.go index 1b09926b796f..a374848fd20e 100644 --- a/proto-public/pbmesh/v2beta1/proxy_configuration.pb.go +++ b/proto-public/pbmesh/v2beta1/proxy_configuration.pb.go @@ -298,20 +298,19 @@ type DynamicConfig struct { ExposeConfig *ExposeConfig `protobuf:"bytes,7,opt,name=expose_config,json=exposeConfig,proto3" json:"expose_config,omitempty"` // AccessLogs configures the output and format of Envoy access logs AccessLogs *AccessLogsConfig `protobuf:"bytes,8,opt,name=access_logs,json=accessLogs,proto3" json:"access_logs,omitempty"` - EnvoyExtensions []*EnvoyExtension `protobuf:"bytes,9,rep,name=envoy_extensions,json=envoyExtensions,proto3" json:"envoy_extensions,omitempty"` - PublicListenerJson string `protobuf:"bytes,10,opt,name=public_listener_json,json=publicListenerJson,proto3" json:"public_listener_json,omitempty"` - ListenerTracingJson string `protobuf:"bytes,11,opt,name=listener_tracing_json,json=listenerTracingJson,proto3" json:"listener_tracing_json,omitempty"` - LocalClusterJson string `protobuf:"bytes,12,opt,name=local_cluster_json,json=localClusterJson,proto3" json:"local_cluster_json,omitempty"` + PublicListenerJson string `protobuf:"bytes,9,opt,name=public_listener_json,json=publicListenerJson,proto3" json:"public_listener_json,omitempty"` + ListenerTracingJson string `protobuf:"bytes,10,opt,name=listener_tracing_json,json=listenerTracingJson,proto3" json:"listener_tracing_json,omitempty"` + LocalClusterJson string `protobuf:"bytes,11,opt,name=local_cluster_json,json=localClusterJson,proto3" json:"local_cluster_json,omitempty"` // deprecated: // local_workload_address, local_workload_port, and local_workload_socket_path // are deprecated and are only needed for migration of existing resources. // // Deprecated: Marked as deprecated in pbmesh/v2beta1/proxy_configuration.proto. - LocalWorkloadAddress string `protobuf:"bytes,13,opt,name=local_workload_address,json=localWorkloadAddress,proto3" json:"local_workload_address,omitempty"` + LocalWorkloadAddress string `protobuf:"bytes,12,opt,name=local_workload_address,json=localWorkloadAddress,proto3" json:"local_workload_address,omitempty"` // Deprecated: Marked as deprecated in pbmesh/v2beta1/proxy_configuration.proto. - LocalWorkloadPort uint32 `protobuf:"varint,14,opt,name=local_workload_port,json=localWorkloadPort,proto3" json:"local_workload_port,omitempty"` + LocalWorkloadPort uint32 `protobuf:"varint,13,opt,name=local_workload_port,json=localWorkloadPort,proto3" json:"local_workload_port,omitempty"` // Deprecated: Marked as deprecated in pbmesh/v2beta1/proxy_configuration.proto. - LocalWorkloadSocketPath string `protobuf:"bytes,15,opt,name=local_workload_socket_path,json=localWorkloadSocketPath,proto3" json:"local_workload_socket_path,omitempty"` + LocalWorkloadSocketPath string `protobuf:"bytes,14,opt,name=local_workload_socket_path,json=localWorkloadSocketPath,proto3" json:"local_workload_socket_path,omitempty"` } func (x *DynamicConfig) Reset() { @@ -402,13 +401,6 @@ func (x *DynamicConfig) GetAccessLogs() *AccessLogsConfig { return nil } -func (x *DynamicConfig) GetEnvoyExtensions() []*EnvoyExtension { - if x != nil { - return x.EnvoyExtensions - } - return nil -} - func (x *DynamicConfig) GetPublicListenerJson() string { if x != nil { return x.PublicListenerJson @@ -886,7 +878,7 @@ var file_pbmesh_v2beta1_proxy_configuration_proto_rawDesc = []byte{ 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0c, 0x6f, 0x70, 0x61, 0x71, 0x75, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x3a, 0x06, - 0xa2, 0x93, 0x04, 0x02, 0x08, 0x03, 0x22, 0xeb, 0x09, 0x0a, 0x0d, 0x44, 0x79, 0x6e, 0x61, 0x6d, + 0xa2, 0x93, 0x04, 0x02, 0x08, 0x03, 0x22, 0x91, 0x09, 0x0a, 0x0d, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x3c, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x28, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, @@ -932,154 +924,148 @@ var file_pbmesh_v2beta1_proxy_configuration_proto_rawDesc = []byte{ 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0a, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, - 0x67, 0x73, 0x12, 0x58, 0x0a, 0x10, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x5f, 0x65, 0x78, 0x74, 0x65, - 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, - 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x45, 0x6e, 0x76, - 0x6f, 0x79, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x65, 0x6e, 0x76, - 0x6f, 0x79, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x30, 0x0a, 0x14, - 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, - 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x70, 0x75, 0x62, 0x6c, - 0x69, 0x63, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x32, - 0x0a, 0x15, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x69, - 0x6e, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x6c, - 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x4a, 0x73, - 0x6f, 0x6e, 0x12, 0x2c, 0x0a, 0x12, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x63, 0x6c, 0x75, 0x73, - 0x74, 0x65, 0x72, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, - 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x4a, 0x73, 0x6f, 0x6e, - 0x12, 0x38, 0x0a, 0x16, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, - 0x61, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, - 0x42, 0x02, 0x18, 0x01, 0x52, 0x14, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, - 0x6f, 0x61, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x32, 0x0a, 0x13, 0x6c, 0x6f, - 0x63, 0x61, 0x6c, 0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x70, 0x6f, 0x72, - 0x74, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x02, 0x18, 0x01, 0x52, 0x11, 0x6c, 0x6f, 0x63, - 0x61, 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x3f, - 0x0a, 0x1a, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, - 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x0f, 0x20, 0x01, - 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x17, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x57, 0x6f, 0x72, - 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x1a, - 0x73, 0x0a, 0x14, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, - 0x6f, 0x6e, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x45, 0x0a, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, - 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, - 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x3a, 0x02, 0x38, 0x01, 0x22, 0x71, 0x0a, 0x10, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, - 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x34, 0x0a, 0x16, 0x6f, 0x75, 0x74, 0x62, - 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x70, 0x6f, - 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x14, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, - 0x6e, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x27, - 0x0a, 0x0f, 0x64, 0x69, 0x61, 0x6c, 0x65, 0x64, 0x5f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, - 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x64, 0x69, 0x61, 0x6c, 0x65, 0x64, 0x44, - 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79, 0x22, 0x8e, 0x05, 0x0a, 0x0f, 0x42, 0x6f, 0x6f, 0x74, - 0x73, 0x74, 0x72, 0x61, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x73, - 0x74, 0x61, 0x74, 0x73, 0x64, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x09, 0x73, 0x74, 0x61, 0x74, 0x73, 0x64, 0x55, 0x72, 0x6c, 0x12, 0x23, 0x0a, 0x0d, 0x64, 0x6f, - 0x67, 0x73, 0x74, 0x61, 0x74, 0x73, 0x64, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0c, 0x64, 0x6f, 0x67, 0x73, 0x74, 0x61, 0x74, 0x73, 0x64, 0x55, 0x72, 0x6c, 0x12, - 0x1d, 0x0a, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x74, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, - 0x03, 0x28, 0x09, 0x52, 0x09, 0x73, 0x74, 0x61, 0x74, 0x73, 0x54, 0x61, 0x67, 0x73, 0x12, 0x30, - 0x0a, 0x14, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x5f, 0x62, 0x69, 0x6e, - 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x70, 0x72, - 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x42, 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, - 0x12, 0x26, 0x0a, 0x0f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x61, - 0x64, 0x64, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x73, 0x74, 0x61, 0x74, 0x73, - 0x42, 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x26, 0x0a, 0x0f, 0x72, 0x65, 0x61, 0x64, - 0x79, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0d, 0x72, 0x65, 0x61, 0x64, 0x79, 0x42, 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, - 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x5f, 0x6a, 0x73, 0x6f, - 0x6e, 0x5f, 0x74, 0x70, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6f, 0x76, 0x65, - 0x72, 0x72, 0x69, 0x64, 0x65, 0x4a, 0x73, 0x6f, 0x6e, 0x54, 0x70, 0x6c, 0x12, 0x30, 0x0a, 0x14, - 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x5f, - 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x73, 0x74, 0x61, 0x74, - 0x69, 0x63, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x32, - 0x0a, 0x15, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, - 0x72, 0x73, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x73, - 0x74, 0x61, 0x74, 0x69, 0x63, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x4a, 0x73, - 0x6f, 0x6e, 0x12, 0x28, 0x0a, 0x10, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x73, 0x69, 0x6e, 0x6b, - 0x73, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x73, 0x74, - 0x61, 0x74, 0x73, 0x53, 0x69, 0x6e, 0x6b, 0x73, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x2a, 0x0a, 0x11, - 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x6a, 0x73, 0x6f, - 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x43, 0x6f, - 0x6e, 0x66, 0x69, 0x67, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x30, 0x0a, 0x14, 0x73, 0x74, 0x61, 0x74, - 0x73, 0x5f, 0x66, 0x6c, 0x75, 0x73, 0x68, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, - 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x73, 0x74, 0x61, 0x74, 0x73, 0x46, 0x6c, 0x75, - 0x73, 0x68, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x2e, 0x0a, 0x13, 0x74, 0x72, - 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x6a, 0x73, 0x6f, - 0x6e, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, - 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x4c, 0x0a, 0x23, 0x74, 0x65, - 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x5f, 0x63, 0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x6f, - 0x72, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x64, 0x69, - 0x72, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1f, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, - 0x72, 0x79, 0x43, 0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x42, 0x69, 0x6e, 0x64, 0x53, - 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x44, 0x69, 0x72, 0x22, 0xf6, 0x01, 0x0a, 0x10, 0x41, 0x63, 0x63, - 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, - 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, - 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x32, 0x0a, 0x15, 0x64, 0x69, 0x73, 0x61, 0x62, - 0x6c, 0x65, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x6c, 0x6f, 0x67, 0x73, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x4c, - 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4c, 0x6f, 0x67, 0x73, 0x12, 0x3e, 0x0a, 0x04, 0x74, - 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, - 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, - 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x67, 0x53, 0x69, 0x6e, - 0x6b, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, - 0x61, 0x74, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, - 0x1f, 0x0a, 0x0b, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6a, 0x73, 0x6f, 0x6e, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, - 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, - 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x74, 0x65, 0x78, 0x74, 0x46, 0x6f, 0x72, 0x6d, 0x61, - 0x74, 0x22, 0xc3, 0x01, 0x0a, 0x0e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x45, 0x78, 0x74, 0x65, 0x6e, - 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x71, 0x75, - 0x69, 0x72, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x71, 0x75, - 0x69, 0x72, 0x65, 0x64, 0x12, 0x35, 0x0a, 0x09, 0x61, 0x72, 0x67, 0x75, 0x6d, 0x65, 0x6e, 0x74, - 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, - 0x52, 0x09, 0x61, 0x72, 0x67, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x63, - 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x0d, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, - 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x5f, 0x76, 0x65, 0x72, 0x73, - 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x65, 0x6e, 0x76, 0x6f, 0x79, - 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x2a, 0x56, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, - 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x4d, 0x4f, - 0x44, 0x45, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, - 0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x54, 0x52, 0x41, 0x4e, 0x53, - 0x50, 0x41, 0x52, 0x45, 0x4e, 0x54, 0x10, 0x01, 0x12, 0x15, 0x0a, 0x11, 0x50, 0x52, 0x4f, 0x58, - 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x10, 0x02, 0x2a, - 0x74, 0x0a, 0x0b, 0x4c, 0x6f, 0x67, 0x53, 0x69, 0x6e, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x12, 0x19, - 0x0a, 0x15, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, - 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x4c, 0x4f, 0x47, - 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x4c, 0x45, 0x10, - 0x01, 0x12, 0x18, 0x0a, 0x14, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, - 0x50, 0x45, 0x5f, 0x53, 0x54, 0x44, 0x45, 0x52, 0x52, 0x10, 0x02, 0x12, 0x18, 0x0a, 0x14, 0x4c, - 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x44, - 0x4f, 0x55, 0x54, 0x10, 0x03, 0x2a, 0x68, 0x0a, 0x0d, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, - 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x1b, 0x0a, 0x17, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, - 0x5f, 0x54, 0x4c, 0x53, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, - 0x54, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x5f, 0x54, 0x4c, - 0x53, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x54, 0x52, 0x49, 0x43, 0x54, 0x10, 0x01, 0x12, - 0x1e, 0x0a, 0x1a, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x5f, 0x54, 0x4c, 0x53, 0x5f, 0x4d, 0x4f, - 0x44, 0x45, 0x5f, 0x50, 0x45, 0x52, 0x4d, 0x49, 0x53, 0x53, 0x49, 0x56, 0x45, 0x10, 0x02, 0x42, - 0x98, 0x02, 0x0a, 0x21, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, - 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x42, 0x17, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, - 0x5a, 0x43, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, - 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, - 0x68, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x32, - 0x62, 0x65, 0x74, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1d, 0x48, 0x61, - 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, - 0x65, 0x73, 0x68, 0x2e, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xca, 0x02, 0x1d, 0x48, 0x61, - 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, - 0x65, 0x73, 0x68, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xe2, 0x02, 0x29, 0x48, 0x61, - 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, - 0x65, 0x73, 0x68, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, - 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x20, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, - 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, - 0x68, 0x3a, 0x3a, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, + 0x67, 0x73, 0x12, 0x30, 0x0a, 0x14, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6c, 0x69, 0x73, + 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x12, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, + 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x32, 0x0a, 0x15, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, + 0x5f, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0a, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x13, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x54, 0x72, 0x61, + 0x63, 0x69, 0x6e, 0x67, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x2c, 0x0a, 0x12, 0x6c, 0x6f, 0x63, 0x61, + 0x6c, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0b, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x43, 0x6c, 0x75, 0x73, 0x74, + 0x65, 0x72, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x38, 0x0a, 0x16, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, + 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, + 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x14, 0x6c, 0x6f, 0x63, 0x61, + 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, + 0x12, 0x32, 0x0a, 0x13, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, + 0x61, 0x64, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x02, 0x18, + 0x01, 0x52, 0x11, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, + 0x50, 0x6f, 0x72, 0x74, 0x12, 0x3f, 0x0a, 0x1a, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x77, 0x6f, + 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x70, 0x61, + 0x74, 0x68, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x17, 0x6c, 0x6f, + 0x63, 0x61, 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x6f, 0x63, 0x6b, 0x65, + 0x74, 0x50, 0x61, 0x74, 0x68, 0x1a, 0x73, 0x0a, 0x14, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x43, 0x6f, + 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, + 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, + 0x45, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, + 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, + 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x71, 0x0a, 0x10, 0x54, 0x72, + 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x34, + 0x0a, 0x16, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, + 0x6e, 0x65, 0x72, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x14, + 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, + 0x50, 0x6f, 0x72, 0x74, 0x12, 0x27, 0x0a, 0x0f, 0x64, 0x69, 0x61, 0x6c, 0x65, 0x64, 0x5f, 0x64, + 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x64, + 0x69, 0x61, 0x6c, 0x65, 0x64, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79, 0x22, 0x8e, 0x05, + 0x0a, 0x0f, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x73, 0x64, 0x5f, 0x75, 0x72, 0x6c, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x74, 0x61, 0x74, 0x73, 0x64, 0x55, 0x72, 0x6c, + 0x12, 0x23, 0x0a, 0x0d, 0x64, 0x6f, 0x67, 0x73, 0x74, 0x61, 0x74, 0x73, 0x64, 0x5f, 0x75, 0x72, + 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x64, 0x6f, 0x67, 0x73, 0x74, 0x61, 0x74, + 0x73, 0x64, 0x55, 0x72, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x74, + 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x73, 0x74, 0x61, 0x74, 0x73, + 0x54, 0x61, 0x67, 0x73, 0x12, 0x30, 0x0a, 0x14, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, + 0x75, 0x73, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x12, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x42, 0x69, + 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x26, 0x0a, 0x0f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, + 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0d, 0x73, 0x74, 0x61, 0x74, 0x73, 0x42, 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x26, + 0x0a, 0x0f, 0x72, 0x65, 0x61, 0x64, 0x79, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x61, 0x64, 0x64, + 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x72, 0x65, 0x61, 0x64, 0x79, 0x42, 0x69, + 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, + 0x64, 0x65, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x74, 0x70, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0f, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x4a, 0x73, 0x6f, 0x6e, 0x54, + 0x70, 0x6c, 0x12, 0x30, 0x0a, 0x14, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x5f, 0x63, 0x6c, 0x75, + 0x73, 0x74, 0x65, 0x72, 0x73, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x12, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, + 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x32, 0x0a, 0x15, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x5f, 0x6c, + 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x09, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x13, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x4c, 0x69, 0x73, 0x74, 0x65, + 0x6e, 0x65, 0x72, 0x73, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x28, 0x0a, 0x10, 0x73, 0x74, 0x61, 0x74, + 0x73, 0x5f, 0x73, 0x69, 0x6e, 0x6b, 0x73, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0e, 0x73, 0x74, 0x61, 0x74, 0x73, 0x53, 0x69, 0x6e, 0x6b, 0x73, 0x4a, 0x73, + 0x6f, 0x6e, 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, + 0x74, 0x61, 0x74, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x30, + 0x0a, 0x14, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x66, 0x6c, 0x75, 0x73, 0x68, 0x5f, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x73, 0x74, + 0x61, 0x74, 0x73, 0x46, 0x6c, 0x75, 0x73, 0x68, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, + 0x12, 0x2e, 0x0a, 0x13, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x74, + 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4a, 0x73, 0x6f, 0x6e, + 0x12, 0x4c, 0x0a, 0x23, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x5f, 0x63, 0x6f, + 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x73, 0x6f, 0x63, + 0x6b, 0x65, 0x74, 0x5f, 0x64, 0x69, 0x72, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1f, 0x74, + 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x43, 0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x6f, + 0x72, 0x42, 0x69, 0x6e, 0x64, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x44, 0x69, 0x72, 0x22, 0xf6, + 0x01, 0x0a, 0x10, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x73, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x32, 0x0a, + 0x15, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, + 0x72, 0x5f, 0x6c, 0x6f, 0x67, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x64, 0x69, + 0x73, 0x61, 0x62, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4c, 0x6f, 0x67, + 0x73, 0x12, 0x3e, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, + 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, + 0x4c, 0x6f, 0x67, 0x53, 0x69, 0x6e, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, + 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x1f, 0x0a, 0x0b, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x66, 0x6f, + 0x72, 0x6d, 0x61, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6a, 0x73, 0x6f, 0x6e, + 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x66, + 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x74, 0x65, 0x78, + 0x74, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x22, 0xc3, 0x01, 0x0a, 0x0e, 0x45, 0x6e, 0x76, 0x6f, + 0x79, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, + 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1a, + 0x0a, 0x08, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x08, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x12, 0x35, 0x0a, 0x09, 0x61, 0x72, + 0x67, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x09, 0x61, 0x72, 0x67, 0x75, 0x6d, 0x65, 0x6e, 0x74, + 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5f, 0x76, 0x65, 0x72, 0x73, + 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x65, 0x6e, 0x76, 0x6f, + 0x79, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0c, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x2a, 0x56, 0x0a, + 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x50, 0x52, + 0x4f, 0x58, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, + 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, + 0x5f, 0x54, 0x52, 0x41, 0x4e, 0x53, 0x50, 0x41, 0x52, 0x45, 0x4e, 0x54, 0x10, 0x01, 0x12, 0x15, + 0x0a, 0x11, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x44, 0x49, 0x52, + 0x45, 0x43, 0x54, 0x10, 0x02, 0x2a, 0x74, 0x0a, 0x0b, 0x4c, 0x6f, 0x67, 0x53, 0x69, 0x6e, 0x6b, + 0x54, 0x79, 0x70, 0x65, 0x12, 0x19, 0x0a, 0x15, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, + 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, + 0x16, 0x0a, 0x12, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, + 0x5f, 0x46, 0x49, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x4c, 0x4f, 0x47, 0x5f, 0x53, + 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x44, 0x45, 0x52, 0x52, 0x10, + 0x02, 0x12, 0x18, 0x0a, 0x14, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, + 0x50, 0x45, 0x5f, 0x53, 0x54, 0x44, 0x4f, 0x55, 0x54, 0x10, 0x03, 0x2a, 0x68, 0x0a, 0x0d, 0x4d, + 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x1b, 0x0a, 0x17, + 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x5f, 0x54, 0x4c, 0x53, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, + 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x4d, 0x55, 0x54, + 0x55, 0x41, 0x4c, 0x5f, 0x54, 0x4c, 0x53, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x54, 0x52, + 0x49, 0x43, 0x54, 0x10, 0x01, 0x12, 0x1e, 0x0a, 0x1a, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x5f, + 0x54, 0x4c, 0x53, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x50, 0x45, 0x52, 0x4d, 0x49, 0x53, 0x53, + 0x49, 0x56, 0x45, 0x10, 0x02, 0x42, 0x98, 0x02, 0x0a, 0x21, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, + 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x42, 0x17, 0x50, 0x72, 0x6f, + 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, + 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x43, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, + 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, + 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x3b, + 0x6d, 0x65, 0x73, 0x68, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, + 0x4d, 0xaa, 0x02, 0x1d, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, + 0x31, 0xca, 0x02, 0x1d, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, + 0x31, 0xe2, 0x02, 0x29, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, + 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x20, + 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, + 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1127,15 +1113,14 @@ var file_pbmesh_v2beta1_proxy_configuration_proto_depIdxs = []int32{ 13, // 9: hashicorp.consul.mesh.v2beta1.DynamicConfig.mesh_gateway_mode:type_name -> hashicorp.consul.mesh.v2beta1.MeshGatewayMode 14, // 10: hashicorp.consul.mesh.v2beta1.DynamicConfig.expose_config:type_name -> hashicorp.consul.mesh.v2beta1.ExposeConfig 7, // 11: hashicorp.consul.mesh.v2beta1.DynamicConfig.access_logs:type_name -> hashicorp.consul.mesh.v2beta1.AccessLogsConfig - 8, // 12: hashicorp.consul.mesh.v2beta1.DynamicConfig.envoy_extensions:type_name -> hashicorp.consul.mesh.v2beta1.EnvoyExtension - 1, // 13: hashicorp.consul.mesh.v2beta1.AccessLogsConfig.type:type_name -> hashicorp.consul.mesh.v2beta1.LogSinkType - 11, // 14: hashicorp.consul.mesh.v2beta1.EnvoyExtension.arguments:type_name -> google.protobuf.Struct - 15, // 15: hashicorp.consul.mesh.v2beta1.DynamicConfig.LocalConnectionEntry.value:type_name -> hashicorp.consul.mesh.v2beta1.ConnectionConfig - 16, // [16:16] is the sub-list for method output_type - 16, // [16:16] is the sub-list for method input_type - 16, // [16:16] is the sub-list for extension type_name - 16, // [16:16] is the sub-list for extension extendee - 0, // [0:16] is the sub-list for field type_name + 1, // 12: hashicorp.consul.mesh.v2beta1.AccessLogsConfig.type:type_name -> hashicorp.consul.mesh.v2beta1.LogSinkType + 11, // 13: hashicorp.consul.mesh.v2beta1.EnvoyExtension.arguments:type_name -> google.protobuf.Struct + 15, // 14: hashicorp.consul.mesh.v2beta1.DynamicConfig.LocalConnectionEntry.value:type_name -> hashicorp.consul.mesh.v2beta1.ConnectionConfig + 15, // [15:15] is the sub-list for method output_type + 15, // [15:15] is the sub-list for method input_type + 15, // [15:15] is the sub-list for extension type_name + 15, // [15:15] is the sub-list for extension extendee + 0, // [0:15] is the sub-list for field type_name } func init() { file_pbmesh_v2beta1_proxy_configuration_proto_init() } diff --git a/proto-public/pbmesh/v2beta1/proxy_configuration.proto b/proto-public/pbmesh/v2beta1/proxy_configuration.proto index eb47e16e2282..9a2d410d868d 100644 --- a/proto-public/pbmesh/v2beta1/proxy_configuration.proto +++ b/proto-public/pbmesh/v2beta1/proxy_configuration.proto @@ -60,18 +60,16 @@ message DynamicConfig { // AccessLogs configures the output and format of Envoy access logs AccessLogsConfig access_logs = 8; - repeated EnvoyExtension envoy_extensions = 9; - - string public_listener_json = 10; - string listener_tracing_json = 11; - string local_cluster_json = 12; + string public_listener_json = 9; + string listener_tracing_json = 10; + string local_cluster_json = 11; // deprecated: // local_workload_address, local_workload_port, and local_workload_socket_path // are deprecated and are only needed for migration of existing resources. - string local_workload_address = 13 [deprecated = true]; - uint32 local_workload_port = 14 [deprecated = true]; - string local_workload_socket_path = 15 [deprecated = true]; + string local_workload_address = 12 [deprecated = true]; + uint32 local_workload_port = 13 [deprecated = true]; + string local_workload_socket_path = 14 [deprecated = true]; } message TransparentProxy { diff --git a/proto-public/pbmesh/v2beta1/proxy_configuration_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/proxy_configuration_deepcopy.gen.go index 8c185f882017..bc5b81a9a6fb 100644 --- a/proto-public/pbmesh/v2beta1/proxy_configuration_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/proxy_configuration_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using ProxyConfiguration within kubernetes types, where deepcopy-gen is used. func (in *ProxyConfiguration) DeepCopyInto(out *ProxyConfiguration) { - p := proto.Clone(in).(*ProxyConfiguration) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyConfiguration. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *ProxyConfiguration) DeepCopyInterface() interface{} { // DeepCopyInto supports using DynamicConfig within kubernetes types, where deepcopy-gen is used. func (in *DynamicConfig) DeepCopyInto(out *DynamicConfig) { - p := proto.Clone(in).(*DynamicConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicConfig. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *DynamicConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using TransparentProxy within kubernetes types, where deepcopy-gen is used. func (in *TransparentProxy) DeepCopyInto(out *TransparentProxy) { - p := proto.Clone(in).(*TransparentProxy) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransparentProxy. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *TransparentProxy) DeepCopyInterface() interface{} { // DeepCopyInto supports using BootstrapConfig within kubernetes types, where deepcopy-gen is used. func (in *BootstrapConfig) DeepCopyInto(out *BootstrapConfig) { - p := proto.Clone(in).(*BootstrapConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BootstrapConfig. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *BootstrapConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using AccessLogsConfig within kubernetes types, where deepcopy-gen is used. func (in *AccessLogsConfig) DeepCopyInto(out *AccessLogsConfig) { - p := proto.Clone(in).(*AccessLogsConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessLogsConfig. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *AccessLogsConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using EnvoyExtension within kubernetes types, where deepcopy-gen is used. func (in *EnvoyExtension) DeepCopyInto(out *EnvoyExtension) { - p := proto.Clone(in).(*EnvoyExtension) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyExtension. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/proxy_state_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/proxy_state_deepcopy.gen.go index c6d34360e0f9..fbc6ed842098 100644 --- a/proto-public/pbmesh/v2beta1/proxy_state_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/proxy_state_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using ProxyStateTemplate within kubernetes types, where deepcopy-gen is used. func (in *ProxyStateTemplate) DeepCopyInto(out *ProxyStateTemplate) { - p := proto.Clone(in).(*ProxyStateTemplate) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyStateTemplate. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *ProxyStateTemplate) DeepCopyInterface() interface{} { // DeepCopyInto supports using ProxyState within kubernetes types, where deepcopy-gen is used. func (in *ProxyState) DeepCopyInto(out *ProxyState) { - p := proto.Clone(in).(*ProxyState) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyState. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/routing.pb.go b/proto-public/pbmesh/v2beta1/routing.pb.go index 163632eb3054..4b1f64877431 100644 --- a/proto-public/pbmesh/v2beta1/routing.pb.go +++ b/proto-public/pbmesh/v2beta1/routing.pb.go @@ -29,7 +29,7 @@ type MeshGatewayMode int32 const ( // MESH_GATEWAY_MODE_UNSPECIFIED represents no specific mode and should be - // used to indicate that a the decision on the mode will be made by other + // used to indicate that the decision on the mode will be made by other // configuration or default settings. MeshGatewayMode_MESH_GATEWAY_MODE_UNSPECIFIED MeshGatewayMode = 0 // MESH_GATEWAY_MODE_NONE is the mode to use when traffic should not be diff --git a/proto-public/pbmesh/v2beta1/routing.proto b/proto-public/pbmesh/v2beta1/routing.proto index 5c28840a72dc..b09d28a6458a 100644 --- a/proto-public/pbmesh/v2beta1/routing.proto +++ b/proto-public/pbmesh/v2beta1/routing.proto @@ -9,7 +9,7 @@ package hashicorp.consul.mesh.v2beta1; // +kubebuilder:validation:Type=string enum MeshGatewayMode { // MESH_GATEWAY_MODE_UNSPECIFIED represents no specific mode and should be - // used to indicate that a the decision on the mode will be made by other + // used to indicate that the decision on the mode will be made by other // configuration or default settings. MESH_GATEWAY_MODE_UNSPECIFIED = 0; diff --git a/proto-public/pbmesh/v2beta1/tcp_route_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/tcp_route_deepcopy.gen.go index c2bd4afc57f8..487209766f96 100644 --- a/proto-public/pbmesh/v2beta1/tcp_route_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/tcp_route_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using TCPRoute within kubernetes types, where deepcopy-gen is used. func (in *TCPRoute) DeepCopyInto(out *TCPRoute) { - p := proto.Clone(in).(*TCPRoute) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPRoute. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *TCPRoute) DeepCopyInterface() interface{} { // DeepCopyInto supports using TCPRouteRule within kubernetes types, where deepcopy-gen is used. func (in *TCPRouteRule) DeepCopyInto(out *TCPRouteRule) { - p := proto.Clone(in).(*TCPRouteRule) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPRouteRule. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *TCPRouteRule) DeepCopyInterface() interface{} { // DeepCopyInto supports using TCPBackendRef within kubernetes types, where deepcopy-gen is used. func (in *TCPBackendRef) DeepCopyInto(out *TCPBackendRef) { - p := proto.Clone(in).(*TCPBackendRef) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPBackendRef. Required by controller-gen. diff --git a/proto-public/pbresource/annotations_deepcopy.gen.go b/proto-public/pbresource/annotations_deepcopy.gen.go index a4265c38505c..0693ee89e2e5 100644 --- a/proto-public/pbresource/annotations_deepcopy.gen.go +++ b/proto-public/pbresource/annotations_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using ResourceTypeSpec within kubernetes types, where deepcopy-gen is used. func (in *ResourceTypeSpec) DeepCopyInto(out *ResourceTypeSpec) { - p := proto.Clone(in).(*ResourceTypeSpec) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceTypeSpec. Required by controller-gen. diff --git a/proto-public/pbresource/resource_deepcopy.gen.go b/proto-public/pbresource/resource_deepcopy.gen.go index 92fdb8da2f46..5b81e6f9dfed 100644 --- a/proto-public/pbresource/resource_deepcopy.gen.go +++ b/proto-public/pbresource/resource_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using Type within kubernetes types, where deepcopy-gen is used. func (in *Type) DeepCopyInto(out *Type) { - p := proto.Clone(in).(*Type) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Type. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *Type) DeepCopyInterface() interface{} { // DeepCopyInto supports using Tenancy within kubernetes types, where deepcopy-gen is used. func (in *Tenancy) DeepCopyInto(out *Tenancy) { - p := proto.Clone(in).(*Tenancy) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tenancy. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *Tenancy) DeepCopyInterface() interface{} { // DeepCopyInto supports using ID within kubernetes types, where deepcopy-gen is used. func (in *ID) DeepCopyInto(out *ID) { - p := proto.Clone(in).(*ID) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ID. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *ID) DeepCopyInterface() interface{} { // DeepCopyInto supports using Resource within kubernetes types, where deepcopy-gen is used. func (in *Resource) DeepCopyInto(out *Resource) { - p := proto.Clone(in).(*Resource) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Resource. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *Resource) DeepCopyInterface() interface{} { // DeepCopyInto supports using Status within kubernetes types, where deepcopy-gen is used. func (in *Status) DeepCopyInto(out *Status) { - p := proto.Clone(in).(*Status) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Status. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *Status) DeepCopyInterface() interface{} { // DeepCopyInto supports using Condition within kubernetes types, where deepcopy-gen is used. func (in *Condition) DeepCopyInto(out *Condition) { - p := proto.Clone(in).(*Condition) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition. Required by controller-gen. @@ -133,8 +133,8 @@ func (in *Condition) DeepCopyInterface() interface{} { // DeepCopyInto supports using Reference within kubernetes types, where deepcopy-gen is used. func (in *Reference) DeepCopyInto(out *Reference) { - p := proto.Clone(in).(*Reference) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Reference. Required by controller-gen. @@ -154,8 +154,8 @@ func (in *Reference) DeepCopyInterface() interface{} { // DeepCopyInto supports using Tombstone within kubernetes types, where deepcopy-gen is used. func (in *Tombstone) DeepCopyInto(out *Tombstone) { - p := proto.Clone(in).(*Tombstone) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tombstone. Required by controller-gen. @@ -175,8 +175,8 @@ func (in *Tombstone) DeepCopyInterface() interface{} { // DeepCopyInto supports using ReadRequest within kubernetes types, where deepcopy-gen is used. func (in *ReadRequest) DeepCopyInto(out *ReadRequest) { - p := proto.Clone(in).(*ReadRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReadRequest. Required by controller-gen. @@ -196,8 +196,8 @@ func (in *ReadRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using ReadResponse within kubernetes types, where deepcopy-gen is used. func (in *ReadResponse) DeepCopyInto(out *ReadResponse) { - p := proto.Clone(in).(*ReadResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReadResponse. Required by controller-gen. @@ -217,8 +217,8 @@ func (in *ReadResponse) DeepCopyInterface() interface{} { // DeepCopyInto supports using ListRequest within kubernetes types, where deepcopy-gen is used. func (in *ListRequest) DeepCopyInto(out *ListRequest) { - p := proto.Clone(in).(*ListRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ListRequest. Required by controller-gen. @@ -238,8 +238,8 @@ func (in *ListRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using ListResponse within kubernetes types, where deepcopy-gen is used. func (in *ListResponse) DeepCopyInto(out *ListResponse) { - p := proto.Clone(in).(*ListResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ListResponse. Required by controller-gen. @@ -259,8 +259,8 @@ func (in *ListResponse) DeepCopyInterface() interface{} { // DeepCopyInto supports using ListByOwnerRequest within kubernetes types, where deepcopy-gen is used. func (in *ListByOwnerRequest) DeepCopyInto(out *ListByOwnerRequest) { - p := proto.Clone(in).(*ListByOwnerRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ListByOwnerRequest. Required by controller-gen. @@ -280,8 +280,8 @@ func (in *ListByOwnerRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using ListByOwnerResponse within kubernetes types, where deepcopy-gen is used. func (in *ListByOwnerResponse) DeepCopyInto(out *ListByOwnerResponse) { - p := proto.Clone(in).(*ListByOwnerResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ListByOwnerResponse. Required by controller-gen. @@ -301,8 +301,8 @@ func (in *ListByOwnerResponse) DeepCopyInterface() interface{} { // DeepCopyInto supports using WriteRequest within kubernetes types, where deepcopy-gen is used. func (in *WriteRequest) DeepCopyInto(out *WriteRequest) { - p := proto.Clone(in).(*WriteRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WriteRequest. Required by controller-gen. @@ -322,8 +322,8 @@ func (in *WriteRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using WriteResponse within kubernetes types, where deepcopy-gen is used. func (in *WriteResponse) DeepCopyInto(out *WriteResponse) { - p := proto.Clone(in).(*WriteResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WriteResponse. Required by controller-gen. @@ -343,8 +343,8 @@ func (in *WriteResponse) DeepCopyInterface() interface{} { // DeepCopyInto supports using WriteStatusRequest within kubernetes types, where deepcopy-gen is used. func (in *WriteStatusRequest) DeepCopyInto(out *WriteStatusRequest) { - p := proto.Clone(in).(*WriteStatusRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WriteStatusRequest. Required by controller-gen. @@ -364,8 +364,8 @@ func (in *WriteStatusRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using WriteStatusResponse within kubernetes types, where deepcopy-gen is used. func (in *WriteStatusResponse) DeepCopyInto(out *WriteStatusResponse) { - p := proto.Clone(in).(*WriteStatusResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WriteStatusResponse. Required by controller-gen. @@ -385,8 +385,8 @@ func (in *WriteStatusResponse) DeepCopyInterface() interface{} { // DeepCopyInto supports using DeleteRequest within kubernetes types, where deepcopy-gen is used. func (in *DeleteRequest) DeepCopyInto(out *DeleteRequest) { - p := proto.Clone(in).(*DeleteRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeleteRequest. Required by controller-gen. @@ -406,8 +406,8 @@ func (in *DeleteRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using DeleteResponse within kubernetes types, where deepcopy-gen is used. func (in *DeleteResponse) DeepCopyInto(out *DeleteResponse) { - p := proto.Clone(in).(*DeleteResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeleteResponse. Required by controller-gen. @@ -427,8 +427,8 @@ func (in *DeleteResponse) DeepCopyInterface() interface{} { // DeepCopyInto supports using WatchListRequest within kubernetes types, where deepcopy-gen is used. func (in *WatchListRequest) DeepCopyInto(out *WatchListRequest) { - p := proto.Clone(in).(*WatchListRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WatchListRequest. Required by controller-gen. @@ -448,8 +448,8 @@ func (in *WatchListRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using WatchEvent within kubernetes types, where deepcopy-gen is used. func (in *WatchEvent) DeepCopyInto(out *WatchEvent) { - p := proto.Clone(in).(*WatchEvent) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WatchEvent. Required by controller-gen. diff --git a/proto-public/pbserverdiscovery/serverdiscovery_deepcopy.gen.go b/proto-public/pbserverdiscovery/serverdiscovery_deepcopy.gen.go index 6d5016561427..2bd82a8a891a 100644 --- a/proto-public/pbserverdiscovery/serverdiscovery_deepcopy.gen.go +++ b/proto-public/pbserverdiscovery/serverdiscovery_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using WatchServersRequest within kubernetes types, where deepcopy-gen is used. func (in *WatchServersRequest) DeepCopyInto(out *WatchServersRequest) { - p := proto.Clone(in).(*WatchServersRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WatchServersRequest. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *WatchServersRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using WatchServersResponse within kubernetes types, where deepcopy-gen is used. func (in *WatchServersResponse) DeepCopyInto(out *WatchServersResponse) { - p := proto.Clone(in).(*WatchServersResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WatchServersResponse. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *WatchServersResponse) DeepCopyInterface() interface{} { // DeepCopyInto supports using Server within kubernetes types, where deepcopy-gen is used. func (in *Server) DeepCopyInto(out *Server) { - p := proto.Clone(in).(*Server) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Server. Required by controller-gen. diff --git a/proto-public/pbtenancy/v1alpha1/namespace_deepcopy.gen.go b/proto-public/pbtenancy/v1alpha1/namespace_deepcopy.gen.go index 52ee3d7e7cc7..97af531ab333 100644 --- a/proto-public/pbtenancy/v1alpha1/namespace_deepcopy.gen.go +++ b/proto-public/pbtenancy/v1alpha1/namespace_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using Namespace within kubernetes types, where deepcopy-gen is used. func (in *Namespace) DeepCopyInto(out *Namespace) { - p := proto.Clone(in).(*Namespace) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Namespace. Required by controller-gen. diff --git a/proto/private/pbconfigentry/config_entry.gen.go b/proto/private/pbconfigentry/config_entry.gen.go index 258d8dbb6df6..6f9b53e01db7 100644 --- a/proto/private/pbconfigentry/config_entry.gen.go +++ b/proto/private/pbconfigentry/config_entry.gen.go @@ -1822,19 +1822,19 @@ func RetryFilterToStructs(s *RetryFilter, t *structs.RetryFilter) { if s == nil { return } - t.NumRetries = &s.NumRetries + t.NumRetries = s.NumRetries t.RetryOn = s.RetryOn t.RetryOnStatusCodes = s.RetryOnStatusCodes - t.RetryOnConnectFailure = &s.RetryOnConnectFailure + t.RetryOnConnectFailure = s.RetryOnConnectFailure } func RetryFilterFromStructs(t *structs.RetryFilter, s *RetryFilter) { if s == nil { return } - s.NumRetries = *t.NumRetries + s.NumRetries = t.NumRetries s.RetryOn = t.RetryOn s.RetryOnStatusCodes = t.RetryOnStatusCodes - s.RetryOnConnectFailure = *t.RetryOnConnectFailure + s.RetryOnConnectFailure = t.RetryOnConnectFailure } func RetryPolicyBackOffToStructs(s *RetryPolicyBackOff, t *structs.RetryPolicyBackOff) { if s == nil { diff --git a/sdk/.copywrite.hcl b/sdk/.copywrite.hcl new file mode 100644 index 000000000000..34d99ba25e12 --- /dev/null +++ b/sdk/.copywrite.hcl @@ -0,0 +1,8 @@ +schema_version = 1 + +project { + license = "MPL-2.0" + copyright_year = 2023 + + header_ignore = [] +} diff --git a/sdk/go.mod b/sdk/go.mod index 9fd95927b085..f4adaf73ba79 100644 --- a/sdk/go.mod +++ b/sdk/go.mod @@ -9,7 +9,7 @@ require ( github.com/hashicorp/go-version v1.2.1 github.com/pkg/errors v0.9.1 github.com/stretchr/testify v1.8.3 - golang.org/x/sys v0.10.0 + golang.org/x/sys v0.13.0 ) require ( diff --git a/sdk/go.sum b/sdk/go.sum index 170d4464fc55..490559d90093 100644 --- a/sdk/go.sum +++ b/sdk/go.sum @@ -49,8 +49,8 @@ golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= -golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= diff --git a/sdk/testutil/retry/counter.go b/sdk/testutil/retry/counter.go index 96a37ab9d2fc..ffd509f1a414 100644 --- a/sdk/testutil/retry/counter.go +++ b/sdk/testutil/retry/counter.go @@ -1,3 +1,6 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + package retry import "time" diff --git a/sdk/testutil/retry/timer.go b/sdk/testutil/retry/timer.go index 16433e9ec7b0..be4f5e92f407 100644 --- a/sdk/testutil/retry/timer.go +++ b/sdk/testutil/retry/timer.go @@ -1,3 +1,6 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + package retry import "time" diff --git a/test-integ/Makefile b/test-integ/Makefile new file mode 100644 index 000000000000..0fd35d4eda7e --- /dev/null +++ b/test-integ/Makefile @@ -0,0 +1,42 @@ +SHELL := /bin/bash + +.PHONY: noop +noop: + +##@ Build + +.PHONY: tidy +tidy: ## Run go mod tidy. + go mod tidy + +##@ Checks + +.PHONY: format +format: ## Format the go files. + @for f in $$(find . -name '*.go' -print); do \ + gofmt -s -w $$f ; \ + done + +.PHONY: lint +lint: ## Run the full linting rules. + golangci-lint run -v + +.PHONY: vet +vet: ## Run go vet. + go vet ./... + +##@ Help + +# The help target prints out all targets with their descriptions organized +# beneath their categories. The categories are represented by '##@' and the +# target descriptions by '##'. The awk commands is responsible for reading the +# entire set of makefiles included in this invocation, looking for lines of the +# file as xyz: ## something, and then pretty-format the target and help. Then, +# if there's a line with ##@ something, that gets pretty-printed as a category. +# More info on the usage of ANSI control characters for terminal formatting: +# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters +# More info on the awk command: +# http://linuxcommand.org/lc3_adv_awk.php +.PHONY: help +help: ## Display this help. + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) diff --git a/test-integ/README.md b/test-integ/README.md index ebc611efa2bc..f7232dec25bb 100644 --- a/test-integ/README.md +++ b/test-integ/README.md @@ -1,3 +1,200 @@ # test-integ -Go integration tests for consul. `/test/integration` also holds integration tests; they need migrating. \ No newline at end of file +Go integration tests for consul. `/test/integration` also holds integration tests; they need migrating. + +These should use the [testing/deployer framework](../testing/deployer) to bring +up some local testing infrastructure and fixtures to run test assertions against. + +Where reasonably possible, try to bring up infrastructure interesting enough to +be able to run many related sorts of test against it, rather than waiting for +many similar clusters to be provisioned and torn down. This will help ensure +that the integration tests do not consume CPU cycles needlessly. + +## Prerequisites + +Before you can run these tests, a fresh dev build should be created and tagged +for automatic use by tests using `utils.TargetImages()`. This can be done by +the toplevel consul make target: + + make test-deployer-setup + +You can run the entire set of deployer integration tests using: + + make test-deployer # everything except peering_commontopo + make test-deployer-peering # just peering_commontopo + +You can also run them one by one if you like: + + go test ./catalogv2 -run TestBasicL4ExplicitDestinations -v + +You can have the logs stream unbuffered directly to your terminal which can +help diagnose stuck tests that would otherwise need to fully timeout before the +logs would print by also setting the `NOLOGBUFFER=1` environment variable. + +## Getting started + +Deployer tests have three main parts: + +1. Declarative topology description. +2. Launching the infrastructure defined by that description. +3. Making test assertions about the infrastructure. + +Some tests may also have an optional _mutation_ phase followed by additional +assertions. These are only needed if the test needs to observe a reaction in +the system to a change in the environment or configuration. + +### Topology description + +Test authors craft a declarative description of the infrastructure necessary to exist for the test. +These are also referred to as a "topology". + +These are comprised of 4 main parts: + +- **Images**: The set of docker images and specific versions that will be used + by default if not overridden on each Cluster or Node. + + - Consul CE + - Consul Enterprise + - Consul Dataplane + - Envoy Proxy + +- **Networks**: The non-overlapping networks that should exist for use by the Clusters. + +- **Clusters**: The unique Consul clusters that should exist. + + - **Nodes**: A "box with ip address(es)". This should feel a bit like a VM or + a Kubernetes Pod as an enclosing entity. + + - **Workloads**: The list of service instances (v1) or workloads + (v2) that will execute on the given node. v2 Services will + be implied by similarly named workloads here unless opted + out. This helps define a v1-compatible topology and + repurpose it for v2 without reworking it. + + - **Services** (v2): v2 Service definitions to define explicitly, in addition + to the inferred ones. + + - **InitialConfigEntries** (v1): Config entries that should be created as + part of the fixture and that make sense to + include as part of the test definition, + rather than something created during the + test assertion phase. + + - **InitialResources** (v2): v2 Resources that should be created as part of + the fixture and that make sense to include as + part of the test definition, rather than + something created during the test assertion + phase. + +- **Peerings**: The peering relationships between Clusters to establish. + +In the [topoutil](./topoutil) package there are some helpers for defining +common sets of nodes or workloads like Consul Servers, Mesh Gateways, or [fortio +servers](https://github.com/fortio/fortio) + +#### Useful topology concepts + +Consul has a lot of independent configurables that can greatly increase the +testing configuration space required to flush out any bugs. The topology +definition was designed to be easily "exploded" to create testing microcosms on +a variety of axes: + +- agentful (clients) vs agentless (dataplane) +- tenancies (partitions, namespaces) +- locally or across a peering +- catalog v1 or v2 object model + +Since the topology is just a declarative struct, a test author could rewrite +any one of these attributes with a single field (such as `Node.Kind` or +`Node.Version`) and cause the identical test to run against the other +configuration. With the addition of a few `if enterprise {}` blocks and `for` +loops, a test author could easily write one test of a behavior and execute it +to cover agentless, agentful, non-default tenancy, and v1/v2 in a few extra +lines of code. + +#### Non-optional security settings + +The test framework always enables ACLs in default deny mode and provisions +minimal-permission tokens automatically to the various containers that need +them. + +TLS certificates are similarly minted and distributed to all components that +need them. + +### Launching a topology + +There is a [sprawltest](../testing/deployer/sprawl/sprawltest) package that has +utilities to bring up a topology in the context of a Go test. This is basically a one-liner: + + sp := sprawltest.Launch(t, config) + +After this line returns you will have a handle (`sp`) to the running cluster +and can use it to get ready-made api clients, http clients, gRPC resource +client, or test sockets open to a variety of the topology components for use in +authoring test code. + +This helper will rig up a `t.Cleanup` handler that will destroy all resources +created during the test. This can be opted-out of by setting the +`SPRAWL_KEEP_RUNNING=1` environment variable before running the tests. + +### Test assertions + +Typical service mesh tests want to ensure that use of a service from another +service behaves in a certain way. Because the entire set of components is known +declaratively, we can process it into a flat list of known source/destination +relationships: + + ships := topology.ComputeRelationships() + +This works hand-in-hand with the topology concepts mentioned above to +programmatically verify independent subunits of a topology that may exist (this +is helpful for things like testing multiple tenancy configurations without +duplicating all of the assertion code). + +This can also be pretty printed to the log for diagnostic purposes with: + + t.Log(topology.RenderRelationships(ships)) + +Which looks like this: + + $ NOLOGBUFFER=1 go test ./catalogv2/ -run TestBasicL4ExplicitDestinations -v + ...(skipping a bunch of output)... + 2023-11-08T11:48:04.395-0600 [INFO] TestBasicL4ExplicitDestinations: topology is ready for use: elapsed=33.510298357s + explicit_destinations_test.go:55: DOWN |node |service |port |UP |service | + dc1 |default/dc1-box2 |default/default/single-client |5000 |dc1 |default/default/single-server | + dc1 |default/dc1-box4 |default/default/multi-client |5000 |dc1 |default/default/multi-server | + dc1 |default/dc1-box4 |default/default/multi-client |5001 |dc1 |default/default/multi-server | + | | | | | | + + === RUN TestBasicL4ExplicitDestinations/relationship:_default/default/single-client_on_default/dc1-box2_in_dc1_via_:5000_=>_default/default/single-server_in_dc1_port_http + service.go:224: making call to http://10.238.170.5:5000 + service.go:245: ...got response code 200 + === RUN TestBasicL4ExplicitDestinations/relationship:_default/default/multi-client_on_default/dc1-box4_in_dc1_via_:5000_=>_default/default/multi-server_in_dc1_port_http + service.go:224: making call to http://10.238.170.7:5000 + service.go:245: ...got response code 200 + === RUN TestBasicL4ExplicitDestinations/relationship:_default/default/multi-client_on_default/dc1-box4_in_dc1_via_:5001_=>_default/default/multi-server_in_dc1_port_http-alt + service.go:224: making call to http://10.238.170.7:5001 + service.go:245: ...got response code 200 + 2023-11-08T11:48:04.420-0600 [INFO] TestBasicL4ExplicitDestinations.tfgen: Running 'terraform destroy'... + --- PASS: TestBasicL4ExplicitDestinations (40.60s) + --- PASS: TestBasicL4ExplicitDestinations/relationship:_default/default/single-client_on_default/dc1-box2_in_dc1_via_:5000_=>_default/default/single-server_in_dc1_port_http (0.01s) + --- PASS: TestBasicL4ExplicitDestinations/relationship:_default/default/multi-client_on_default/dc1-box4_in_dc1_via_:5000_=>_default/default/multi-server_in_dc1_port_http (0.01s) + --- PASS: TestBasicL4ExplicitDestinations/relationship:_default/default/multi-client_on_default/dc1-box4_in_dc1_via_:5001_=>_default/default/multi-server_in_dc1_port_http-alt (0.01s) + PASS + ok github.com/hashicorp/consul/test-integ/catalogv2 40.612s + +There is a ready-made helper to assist with making common inquiries to Consul +and Envoy that you can create in your test: + + asserter := topoutil.NewAsserter(sp) + + asserter.UpstreamEndpointStatus(t, svc, clusterPrefix+".", "HEALTHY", 1) + +## Examples + +- `catalogv2` + - [Explicit L4 destinations](./catalogv2/explicit_destinations_test.go) + - [Implicit L4 destinations](./catalogv2/implicit_destinations_test.go) + - [Explicit L7 destinations with traffic splits](./catalogv2/explicit_destinations_l7_test.go) +- [`peering_commontopo`](./peering_commontopo) + - A variety of extensive v1 Peering tests. diff --git a/test-integ/catalogv2/explicit_destinations_l7_test.go b/test-integ/catalogv2/explicit_destinations_l7_test.go new file mode 100644 index 000000000000..9be6ce93f018 --- /dev/null +++ b/test-integ/catalogv2/explicit_destinations_l7_test.go @@ -0,0 +1,448 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package catalogv2 + +import ( + "fmt" + "testing" + + pbauth "github.com/hashicorp/consul/proto-public/pbauth/v2beta1" + pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" + pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" + "github.com/hashicorp/consul/proto-public/pbresource" + libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert" + "github.com/hashicorp/consul/test/integration/consul-container/libs/utils" + "github.com/hashicorp/consul/testing/deployer/sprawl/sprawltest" + "github.com/hashicorp/consul/testing/deployer/topology" + + "github.com/hashicorp/consul/test-integ/topoutil" +) + +func TestSplitterFeaturesL7ExplicitDestinations(t *testing.T) { + cfg := testSplitterFeaturesL7ExplicitDestinationsCreator{}.NewConfig(t) + + sp := sprawltest.Launch(t, cfg) + + var ( + asserter = topoutil.NewAsserter(sp) + + topo = sp.Topology() + cluster = topo.Clusters["dc1"] + + ships = topo.ComputeRelationships() + ) + + clientV2 := sp.ResourceServiceClientForCluster(cluster.Name) + + t.Log(topology.RenderRelationships(ships)) + + // Make sure things are in v2. + libassert.CatalogV2ServiceHasEndpointCount(t, clientV2, "static-client", nil, 1) + libassert.CatalogV2ServiceHasEndpointCount(t, clientV2, "static-server-v1", nil, 1) + libassert.CatalogV2ServiceHasEndpointCount(t, clientV2, "static-server-v2", nil, 1) + libassert.CatalogV2ServiceHasEndpointCount(t, clientV2, "static-server", nil, 0) + + // Check relationships + for _, ship := range ships { + t.Run("relationship: "+ship.String(), func(t *testing.T) { + var ( + wrk = ship.Caller + dest = ship.Destination + ) + + v1ID := dest.ID + v1ID.Name = "static-server-v1" + v1ClusterPrefix := clusterPrefix(dest.PortName, v1ID, dest.Cluster) + + v2ID := dest.ID + v2ID.Name = "static-server-v2" + v2ClusterPrefix := clusterPrefix(dest.PortName, v2ID, dest.Cluster) + + // we expect 2 clusters, one for each leg of the split + asserter.DestinationEndpointStatus(t, wrk, v1ClusterPrefix+".", "HEALTHY", 1) + asserter.DestinationEndpointStatus(t, wrk, v2ClusterPrefix+".", "HEALTHY", 1) + + // Both should be possible. + v1Expect := fmt.Sprintf("%s::%s", cluster.Name, v1ID.String()) + v2Expect := fmt.Sprintf("%s::%s", cluster.Name, v2ID.String()) + + switch dest.PortName { + case "tcp": + asserter.CheckBlankspaceNameTrafficSplitViaTCP(t, wrk, dest, + map[string]int{v1Expect: 10, v2Expect: 90}) + case "grpc": + asserter.CheckBlankspaceNameTrafficSplitViaGRPC(t, wrk, dest, + map[string]int{v1Expect: 10, v2Expect: 90}) + case "http": + asserter.CheckBlankspaceNameTrafficSplitViaHTTP(t, wrk, dest, false, "/", + map[string]int{v1Expect: 10, v2Expect: 90}) + case "http2": + asserter.CheckBlankspaceNameTrafficSplitViaHTTP(t, wrk, dest, true, "/", + map[string]int{v1Expect: 10, v2Expect: 90}) + default: + t.Fatalf("unexpected port name: %s", dest.PortName) + } + }) + } +} + +type testSplitterFeaturesL7ExplicitDestinationsCreator struct{} + +func (c testSplitterFeaturesL7ExplicitDestinationsCreator) NewConfig(t *testing.T) *topology.Config { + const clusterName = "dc1" + + servers := topoutil.NewTopologyServerSet(clusterName+"-server", 3, []string{clusterName, "wan"}, nil) + + cluster := &topology.Cluster{ + Enterprise: utils.IsEnterprise(), + Name: clusterName, + Nodes: servers, + } + + lastNode := 0 + nodeName := func() string { + lastNode++ + return fmt.Sprintf("%s-box%d", clusterName, lastNode) + } + + c.topologyConfigAddNodes(t, cluster, nodeName, "default", "default") + if cluster.Enterprise { + c.topologyConfigAddNodes(t, cluster, nodeName, "part1", "default") + c.topologyConfigAddNodes(t, cluster, nodeName, "part1", "nsa") + c.topologyConfigAddNodes(t, cluster, nodeName, "default", "nsa") + } + + return &topology.Config{ + Images: utils.TargetImages(), + Networks: []*topology.Network{ + {Name: clusterName}, + {Name: "wan", Type: "wan"}, + }, + Clusters: []*topology.Cluster{ + cluster, + }, + } +} + +func (c testSplitterFeaturesL7ExplicitDestinationsCreator) topologyConfigAddNodes( + t *testing.T, + cluster *topology.Cluster, + nodeName func() string, + partition, + namespace string, +) { + clusterName := cluster.Name + + newID := func(name string) topology.ID { + return topology.ID{ + Partition: partition, + Namespace: namespace, + Name: name, + } + } + + tenancy := &pbresource.Tenancy{ + Partition: partition, + Namespace: namespace, + PeerName: "local", + } + + v1ServerNode := &topology.Node{ + Kind: topology.NodeKindDataplane, + Version: topology.NodeVersionV2, + Partition: partition, + Name: nodeName(), + Workloads: []*topology.Workload{ + topoutil.NewBlankspaceWorkloadWithDefaults( + clusterName, + newID("static-server-v1"), + topology.NodeVersionV2, + func(wrk *topology.Workload) { + wrk.Meta = map[string]string{ + "version": "v1", + } + wrk.WorkloadIdentity = "static-server-v1" + }, + ), + }, + } + v2ServerNode := &topology.Node{ + Kind: topology.NodeKindDataplane, + Version: topology.NodeVersionV2, + Partition: partition, + Name: nodeName(), + Workloads: []*topology.Workload{ + topoutil.NewBlankspaceWorkloadWithDefaults( + clusterName, + newID("static-server-v2"), + topology.NodeVersionV2, + func(wrk *topology.Workload) { + wrk.Meta = map[string]string{ + "version": "v2", + } + wrk.WorkloadIdentity = "static-server-v2" + }, + ), + }, + } + clientNode := &topology.Node{ + Kind: topology.NodeKindDataplane, + Version: topology.NodeVersionV2, + Partition: partition, + Name: nodeName(), + Workloads: []*topology.Workload{ + topoutil.NewBlankspaceWorkloadWithDefaults( + clusterName, + newID("static-client"), + topology.NodeVersionV2, + func(wrk *topology.Workload) { + wrk.Destinations = []*topology.Destination{ + { + ID: newID("static-server"), + PortName: "http", + LocalAddress: "0.0.0.0", // needed for an assertion + LocalPort: 5000, + }, + { + ID: newID("static-server"), + PortName: "http2", + LocalAddress: "0.0.0.0", // needed for an assertion + LocalPort: 5001, + }, + { + ID: newID("static-server"), + PortName: "grpc", + LocalAddress: "0.0.0.0", // needed for an assertion + LocalPort: 5002, + }, + { + ID: newID("static-server"), + PortName: "tcp", + LocalAddress: "0.0.0.0", // needed for an assertion + LocalPort: 5003, + }, + } + }, + ), + }, + } + + v1TrafficPerms := sprawltest.MustSetResourceData(t, &pbresource.Resource{ + Id: &pbresource.ID{ + Type: pbauth.TrafficPermissionsType, + Name: "static-server-v1-perms", + Tenancy: tenancy, + }, + }, &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "static-server-v1", + }, + Action: pbauth.Action_ACTION_ALLOW, + Permissions: []*pbauth.Permission{{ + Sources: []*pbauth.Source{{ + IdentityName: "static-client", + Namespace: namespace, + }}, + }}, + }) + v2TrafficPerms := sprawltest.MustSetResourceData(t, &pbresource.Resource{ + Id: &pbresource.ID{ + Type: pbauth.TrafficPermissionsType, + Name: "static-server-v2-perms", + Tenancy: tenancy, + }, + }, &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "static-server-v2", + }, + Action: pbauth.Action_ACTION_ALLOW, + Permissions: []*pbauth.Permission{{ + Sources: []*pbauth.Source{{ + IdentityName: "static-client", + Namespace: namespace, + }}, + }}, + }) + + staticServerService := sprawltest.MustSetResourceData(t, &pbresource.Resource{ + Id: &pbresource.ID{ + Type: pbcatalog.ServiceType, + Name: "static-server", + Tenancy: tenancy, + }, + }, &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + // This will result in a 50/50 uncontrolled split. + Prefixes: []string{"static-server-"}, + }, + Ports: []*pbcatalog.ServicePort{ + { + TargetPort: "http", + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + }, + { + TargetPort: "http2", + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2, + }, + { + TargetPort: "grpc", + Protocol: pbcatalog.Protocol_PROTOCOL_GRPC, + }, + { + TargetPort: "tcp", + Protocol: pbcatalog.Protocol_PROTOCOL_TCP, + }, + { + TargetPort: "mesh", + Protocol: pbcatalog.Protocol_PROTOCOL_MESH, + }, + }, + }) + + httpServerRoute := sprawltest.MustSetResourceData(t, &pbresource.Resource{ + Id: &pbresource.ID{ + Type: pbmesh.HTTPRouteType, + Name: "static-server-http-route", + Tenancy: tenancy, + }, + }, &pbmesh.HTTPRoute{ + ParentRefs: []*pbmesh.ParentReference{ + { + Ref: &pbresource.Reference{ + Type: pbcatalog.ServiceType, + Name: "static-server", + Tenancy: tenancy, + }, + Port: "http", + }, + { + Ref: &pbresource.Reference{ + Type: pbcatalog.ServiceType, + Name: "static-server", + Tenancy: tenancy, + }, + Port: "http2", + }, + }, + Rules: []*pbmesh.HTTPRouteRule{{ + BackendRefs: []*pbmesh.HTTPBackendRef{ + { + BackendRef: &pbmesh.BackendReference{ + Ref: &pbresource.Reference{ + Type: pbcatalog.ServiceType, + Name: "static-server-v1", + Tenancy: tenancy, + }, + }, + Weight: 10, + }, + { + BackendRef: &pbmesh.BackendReference{ + Ref: &pbresource.Reference{ + Type: pbcatalog.ServiceType, + Name: "static-server-v2", + Tenancy: tenancy, + }, + }, + Weight: 90, + }, + }, + }}, + }) + grpcServerRoute := sprawltest.MustSetResourceData(t, &pbresource.Resource{ + Id: &pbresource.ID{ + Type: pbmesh.GRPCRouteType, + Name: "static-server-grpc-route", + Tenancy: tenancy, + }, + }, &pbmesh.GRPCRoute{ + ParentRefs: []*pbmesh.ParentReference{{ + Ref: &pbresource.Reference{ + Type: pbcatalog.ServiceType, + Name: "static-server", + Tenancy: tenancy, + }, + Port: "grpc", + }}, + Rules: []*pbmesh.GRPCRouteRule{{ + BackendRefs: []*pbmesh.GRPCBackendRef{ + { + BackendRef: &pbmesh.BackendReference{ + Ref: &pbresource.Reference{ + Type: pbcatalog.ServiceType, + Name: "static-server-v1", + Tenancy: tenancy, + }, + }, + Weight: 10, + }, + { + BackendRef: &pbmesh.BackendReference{ + Ref: &pbresource.Reference{ + Type: pbcatalog.ServiceType, + Name: "static-server-v2", + Tenancy: tenancy, + }, + }, + Weight: 90, + }, + }, + }}, + }) + tcpServerRoute := sprawltest.MustSetResourceData(t, &pbresource.Resource{ + Id: &pbresource.ID{ + Type: pbmesh.TCPRouteType, + Name: "static-server-tcp-route", + Tenancy: tenancy, + }, + }, &pbmesh.TCPRoute{ + ParentRefs: []*pbmesh.ParentReference{{ + Ref: &pbresource.Reference{ + Type: pbcatalog.ServiceType, + Name: "static-server", + Tenancy: tenancy, + }, + Port: "tcp", + }}, + Rules: []*pbmesh.TCPRouteRule{{ + BackendRefs: []*pbmesh.TCPBackendRef{ + { + BackendRef: &pbmesh.BackendReference{ + Ref: &pbresource.Reference{ + Type: pbcatalog.ServiceType, + Name: "static-server-v1", + Tenancy: tenancy, + }, + }, + Weight: 10, + }, + { + BackendRef: &pbmesh.BackendReference{ + Ref: &pbresource.Reference{ + Type: pbcatalog.ServiceType, + Name: "static-server-v2", + Tenancy: tenancy, + }, + }, + Weight: 90, + }, + }, + }}, + }) + + cluster.Nodes = append(cluster.Nodes, + clientNode, + v1ServerNode, + v2ServerNode, + ) + + cluster.InitialResources = append(cluster.InitialResources, + staticServerService, + v1TrafficPerms, + v2TrafficPerms, + httpServerRoute, + tcpServerRoute, + grpcServerRoute, + ) +} diff --git a/test-integ/catalogv2/explicit_destinations_test.go b/test-integ/catalogv2/explicit_destinations_test.go new file mode 100644 index 000000000000..2c033846308d --- /dev/null +++ b/test-integ/catalogv2/explicit_destinations_test.go @@ -0,0 +1,280 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package catalogv2 + +import ( + "fmt" + "testing" + + pbauth "github.com/hashicorp/consul/proto-public/pbauth/v2beta1" + "github.com/hashicorp/consul/proto-public/pbresource" + libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert" + "github.com/hashicorp/consul/test/integration/consul-container/libs/utils" + "github.com/hashicorp/consul/testing/deployer/sprawl/sprawltest" + "github.com/hashicorp/consul/testing/deployer/topology" + + "github.com/hashicorp/consul/test-integ/topoutil" +) + +// TestBasicL4ExplicitDestinations sets up the following: +// +// - 1 cluster (no peering / no wanfed) +// - 3 servers in that cluster +// - v2 arch is activated +// - for each tenancy, only using v2 constructs: +// - a client with one explicit destination to a single port service +// - a client with multiple explicit destinations to multiple ports of the +// same multiport service +// +// When this test is executed in CE it will only use the default/default +// tenancy. +// +// When this test is executed in Enterprise it will additionally test the same +// things within these tenancies: +// +// - part1/default +// - default/nsa +// - part1/nsa +func TestBasicL4ExplicitDestinations(t *testing.T) { + cfg := testBasicL4ExplicitDestinationsCreator{}.NewConfig(t) + + sp := sprawltest.Launch(t, cfg) + + var ( + asserter = topoutil.NewAsserter(sp) + + topo = sp.Topology() + cluster = topo.Clusters["dc1"] + + ships = topo.ComputeRelationships() + ) + + clientV2 := sp.ResourceServiceClientForCluster(cluster.Name) + + t.Log(topology.RenderRelationships(ships)) + + // Make sure things are in v2. + for _, name := range []string{ + "single-server", + "single-client", + "multi-server", + "multi-client", + } { + libassert.CatalogV2ServiceHasEndpointCount(t, clientV2, name, nil, 1) + } + + // Check relationships + for _, ship := range ships { + t.Run("relationship: "+ship.String(), func(t *testing.T) { + var ( + wrk = ship.Caller + dest = ship.Destination + ) + + clusterPrefix := clusterPrefixForDestination(dest) + + asserter.DestinationEndpointStatus(t, wrk, clusterPrefix+".", "HEALTHY", 1) + asserter.HTTPServiceEchoes(t, wrk, dest.LocalPort, "") + asserter.FortioFetch2FortioName(t, wrk, dest, cluster.Name, dest.ID) + }) + } +} + +type testBasicL4ExplicitDestinationsCreator struct{} + +func (c testBasicL4ExplicitDestinationsCreator) NewConfig(t *testing.T) *topology.Config { + const clusterName = "dc1" + + servers := topoutil.NewTopologyServerSet(clusterName+"-server", 3, []string{clusterName, "wan"}, nil) + + cluster := &topology.Cluster{ + Enterprise: utils.IsEnterprise(), + Name: clusterName, + Nodes: servers, + } + + lastNode := 0 + nodeName := func() string { + lastNode++ + return fmt.Sprintf("%s-box%d", clusterName, lastNode) + } + + c.topologyConfigAddNodes(t, cluster, nodeName, "default", "default") + if cluster.Enterprise { + c.topologyConfigAddNodes(t, cluster, nodeName, "part1", "default") + c.topologyConfigAddNodes(t, cluster, nodeName, "part1", "nsa") + c.topologyConfigAddNodes(t, cluster, nodeName, "default", "nsa") + } + + return &topology.Config{ + Images: utils.TargetImages(), + Networks: []*topology.Network{ + {Name: clusterName}, + {Name: "wan", Type: "wan"}, + }, + Clusters: []*topology.Cluster{ + cluster, + }, + } +} + +func (c testBasicL4ExplicitDestinationsCreator) topologyConfigAddNodes( + t *testing.T, + cluster *topology.Cluster, + nodeName func() string, + partition, + namespace string, +) { + clusterName := cluster.Name + + newID := func(name string) topology.ID { + return topology.ID{ + Partition: partition, + Namespace: namespace, + Name: name, + } + } + + tenancy := &pbresource.Tenancy{ + Partition: partition, + Namespace: namespace, + PeerName: "local", + } + + singleportServerNode := &topology.Node{ + Kind: topology.NodeKindDataplane, + Version: topology.NodeVersionV2, + Partition: partition, + Name: nodeName(), + Workloads: []*topology.Workload{ + topoutil.NewFortioWorkloadWithDefaults( + clusterName, + newID("single-server"), + topology.NodeVersionV2, + func(wrk *topology.Workload) { + wrk.WorkloadIdentity = "single-server-identity" + }, + ), + }, + } + singleportClientNode := &topology.Node{ + Kind: topology.NodeKindDataplane, + Version: topology.NodeVersionV2, + Partition: partition, + Name: nodeName(), + Workloads: []*topology.Workload{ + topoutil.NewFortioWorkloadWithDefaults( + clusterName, + newID("single-client"), + topology.NodeVersionV2, + func(wrk *topology.Workload) { + delete(wrk.Ports, "grpc") // v2 mode turns this on, so turn it off + delete(wrk.Ports, "http2") // v2 mode turns this on, so turn it off + wrk.WorkloadIdentity = "single-client-identity" + wrk.Destinations = []*topology.Destination{{ + ID: newID("single-server"), + PortName: "http", + LocalAddress: "0.0.0.0", // needed for an assertion + LocalPort: 5000, + }} + }, + ), + }, + } + singleportTrafficPerms := sprawltest.MustSetResourceData(t, &pbresource.Resource{ + Id: &pbresource.ID{ + Type: pbauth.TrafficPermissionsType, + Name: "single-server-perms", + Tenancy: tenancy, + }, + }, &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "single-server-identity", + }, + Action: pbauth.Action_ACTION_ALLOW, + Permissions: []*pbauth.Permission{{ + Sources: []*pbauth.Source{{ + IdentityName: "single-client-identity", + Namespace: namespace, + }}, + }}, + }) + + multiportServerNode := &topology.Node{ + Kind: topology.NodeKindDataplane, + Version: topology.NodeVersionV2, + Partition: partition, + Name: nodeName(), + Workloads: []*topology.Workload{ + topoutil.NewFortioWorkloadWithDefaults( + clusterName, + newID("multi-server"), + topology.NodeVersionV2, + func(wrk *topology.Workload) { + wrk.WorkloadIdentity = "multi-server-identity" + }, + ), + }, + } + multiportClientNode := &topology.Node{ + Kind: topology.NodeKindDataplane, + Version: topology.NodeVersionV2, + Partition: partition, + Name: nodeName(), + Workloads: []*topology.Workload{ + topoutil.NewFortioWorkloadWithDefaults( + clusterName, + newID("multi-client"), + topology.NodeVersionV2, + func(wrk *topology.Workload) { + wrk.WorkloadIdentity = "multi-client-identity" + wrk.Destinations = []*topology.Destination{ + { + ID: newID("multi-server"), + PortName: "http", + LocalAddress: "0.0.0.0", // needed for an assertion + LocalPort: 5000, + }, + { + ID: newID("multi-server"), + PortName: "http2", + LocalAddress: "0.0.0.0", // needed for an assertion + LocalPort: 5001, + }, + } + }, + ), + }, + } + multiportTrafficPerms := sprawltest.MustSetResourceData(t, &pbresource.Resource{ + Id: &pbresource.ID{ + Type: pbauth.TrafficPermissionsType, + Name: "multi-server-perms", + Tenancy: tenancy, + }, + }, &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "multi-server-identity", + }, + Action: pbauth.Action_ACTION_ALLOW, + Permissions: []*pbauth.Permission{{ + Sources: []*pbauth.Source{{ + IdentityName: "multi-client-identity", + Namespace: namespace, + }}, + }}, + }) + + cluster.Nodes = append(cluster.Nodes, + singleportClientNode, + singleportServerNode, + multiportClientNode, + multiportServerNode, + ) + + cluster.InitialResources = append(cluster.InitialResources, + singleportTrafficPerms, + multiportTrafficPerms, + ) +} diff --git a/test-integ/catalogv2/helpers_test.go b/test-integ/catalogv2/helpers_test.go new file mode 100644 index 000000000000..7e6f43265097 --- /dev/null +++ b/test-integ/catalogv2/helpers_test.go @@ -0,0 +1,31 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package catalogv2 + +import ( + "strings" + + "github.com/hashicorp/consul/testing/deployer/topology" +) + +// Deprecated: clusterPrefixForDestination +func clusterPrefixForUpstream(dest *topology.Destination) string { + return clusterPrefixForDestination(dest) +} + +func clusterPrefixForDestination(dest *topology.Destination) string { + if dest.Peer == "" { + return clusterPrefix(dest.PortName, dest.ID, dest.Cluster) + } else { + return strings.Join([]string{dest.ID.Name, dest.ID.Namespace, dest.Peer, "external"}, ".") + } +} + +func clusterPrefix(port string, svcID topology.ID, cluster string) string { + if svcID.PartitionOrDefault() == "default" { + return strings.Join([]string{port, svcID.Name, svcID.Namespace, cluster, "internal"}, ".") + } else { + return strings.Join([]string{port, svcID.Name, svcID.Namespace, svcID.Partition, cluster, "internal-v1"}, ".") + } +} diff --git a/test-integ/catalogv2/implicit_destinations_test.go b/test-integ/catalogv2/implicit_destinations_test.go new file mode 100644 index 000000000000..ffd7683414fb --- /dev/null +++ b/test-integ/catalogv2/implicit_destinations_test.go @@ -0,0 +1,214 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package catalogv2 + +import ( + "fmt" + "testing" + + pbauth "github.com/hashicorp/consul/proto-public/pbauth/v2beta1" + "github.com/hashicorp/consul/proto-public/pbresource" + libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert" + "github.com/hashicorp/consul/test/integration/consul-container/libs/utils" + "github.com/hashicorp/consul/testing/deployer/sprawl/sprawltest" + "github.com/hashicorp/consul/testing/deployer/topology" + + "github.com/hashicorp/consul/test-integ/topoutil" +) + +// TestBasicL4ImplicitDestinations sets up the following: +// +// - 1 cluster (no peering / no wanfed) +// - 3 servers in that cluster +// - v2 arch is activated +// - for each tenancy, only using v2 constructs: +// - a server exposing 2 tcp ports +// - a client with transparent proxy enabled and no explicit upstreams +// - a traffic permission granting the client access to the service on all ports +// +// When this test is executed in CE it will only use the default/default +// tenancy. +// +// When this test is executed in Enterprise it will additionally test the same +// things within these tenancies: +// +// - part1/default +// - default/nsa +// - part1/nsa +func TestBasicL4ImplicitDestinations(t *testing.T) { + cfg := testBasicL4ImplicitDestinationsCreator{}.NewConfig(t) + + sp := sprawltest.Launch(t, cfg) + + var ( + asserter = topoutil.NewAsserter(sp) + + topo = sp.Topology() + cluster = topo.Clusters["dc1"] + + ships = topo.ComputeRelationships() + ) + + clientV2 := sp.ResourceServiceClientForCluster(cluster.Name) + + t.Log(topology.RenderRelationships(ships)) + + // Make sure things are truly in v2 not v1. + for _, name := range []string{ + "static-server", + "static-client", + } { + libassert.CatalogV2ServiceHasEndpointCount(t, clientV2, name, nil, 1) + } + + // Check relationships + for _, ship := range ships { + t.Run("relationship: "+ship.String(), func(t *testing.T) { + var ( + wrk = ship.Caller + dest = ship.Destination + ) + + clusterPrefix := clusterPrefixForDestination(dest) + + asserter.DestinationEndpointStatus(t, wrk, clusterPrefix+".", "HEALTHY", 1) + if dest.LocalPort > 0 { + asserter.HTTPServiceEchoes(t, wrk, dest.LocalPort, "") + } + asserter.FortioFetch2FortioName(t, wrk, dest, cluster.Name, dest.ID) + }) + } +} + +type testBasicL4ImplicitDestinationsCreator struct{} + +func (c testBasicL4ImplicitDestinationsCreator) NewConfig(t *testing.T) *topology.Config { + const clusterName = "dc1" + + servers := topoutil.NewTopologyServerSet(clusterName+"-server", 3, []string{clusterName, "wan"}, nil) + + cluster := &topology.Cluster{ + Enterprise: utils.IsEnterprise(), + Name: clusterName, + Nodes: servers, + } + + lastNode := 0 + nodeName := func() string { + lastNode++ + return fmt.Sprintf("%s-box%d", clusterName, lastNode) + } + + c.topologyConfigAddNodes(t, cluster, nodeName, "default", "default") + if cluster.Enterprise { + c.topologyConfigAddNodes(t, cluster, nodeName, "part1", "default") + c.topologyConfigAddNodes(t, cluster, nodeName, "part1", "nsa") + c.topologyConfigAddNodes(t, cluster, nodeName, "default", "nsa") + } + + return &topology.Config{ + Images: utils.TargetImages(), + Networks: []*topology.Network{ + {Name: clusterName}, + {Name: "wan", Type: "wan"}, + }, + Clusters: []*topology.Cluster{ + cluster, + }, + } +} + +func (c testBasicL4ImplicitDestinationsCreator) topologyConfigAddNodes( + t *testing.T, + cluster *topology.Cluster, + nodeName func() string, + partition, + namespace string, +) { + clusterName := cluster.Name + + newID := func(name string) topology.ID { + return topology.ID{ + Partition: partition, + Namespace: namespace, + Name: name, + } + } + + tenancy := &pbresource.Tenancy{ + Partition: partition, + Namespace: namespace, + PeerName: "local", + } + + serverNode := &topology.Node{ + Kind: topology.NodeKindDataplane, + Version: topology.NodeVersionV2, + Partition: partition, + Name: nodeName(), + Workloads: []*topology.Workload{ + topoutil.NewFortioWorkloadWithDefaults( + clusterName, + newID("static-server"), + topology.NodeVersionV2, + func(wrk *topology.Workload) { + wrk.EnableTransparentProxy = true + }, + ), + }, + } + clientNode := &topology.Node{ + Kind: topology.NodeKindDataplane, + Version: topology.NodeVersionV2, + Partition: partition, + Name: nodeName(), + Workloads: []*topology.Workload{ + topoutil.NewFortioWorkloadWithDefaults( + clusterName, + newID("static-client"), + topology.NodeVersionV2, + func(wrk *topology.Workload) { + wrk.EnableTransparentProxy = true + wrk.ImpliedDestinations = []*topology.Destination{ + { + ID: newID("static-server"), + PortName: "http", + }, + { + ID: newID("static-server"), + PortName: "http2", + }, + } + }, + ), + }, + } + trafficPerms := sprawltest.MustSetResourceData(t, &pbresource.Resource{ + Id: &pbresource.ID{ + Type: pbauth.TrafficPermissionsType, + Name: "static-server-perms", + Tenancy: tenancy, + }, + }, &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "static-server", + }, + Action: pbauth.Action_ACTION_ALLOW, + Permissions: []*pbauth.Permission{{ + Sources: []*pbauth.Source{{ + IdentityName: "static-client", + Namespace: namespace, + }}, + }}, + }) + + cluster.Nodes = append(cluster.Nodes, + clientNode, + serverNode, + ) + + cluster.InitialResources = append(cluster.InitialResources, + trafficPerms, + ) +} diff --git a/test-integ/connect/snapshot_test.go b/test-integ/connect/snapshot_test.go new file mode 100644 index 000000000000..48978bac0473 --- /dev/null +++ b/test-integ/connect/snapshot_test.go @@ -0,0 +1,185 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package connect + +import ( + "testing" + + "github.com/hashicorp/consul/api" + "github.com/hashicorp/consul/test/integration/consul-container/libs/utils" + "github.com/hashicorp/consul/testing/deployer/sprawl/sprawltest" + "github.com/hashicorp/consul/testing/deployer/topology" + "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/test-integ/topoutil" +) + +// Test_Snapshot_Restore_Agentless verifies consul agent can continue +// to push envoy confgi after restoring from a snapshot. +// +// - This test is to detect server agent frozen after restoring from a snapshot +// (https://github.com/hashicorp/consul/pull/18636) +// +// - This bug only appeared in agentless mode +// +// Steps: +// 1. The test spins up a one-server cluster with static-server and static-client. +// 2. A snapshot is taken and the cluster is restored from the snapshot +// 3. A new static-server replaces the old one +// 4. At the end, we assert the static-client's destination is updated with the +// new static-server +func Test_Snapshot_Restore_Agentless(t *testing.T) { + t.Parallel() + + staticServerSID := topology.NewID("static-server", "default", "default") + staticClientSID := topology.NewID("static-client", "default", "default") + + clu := &topology.Config{ + Images: utils.TargetImages(), + Networks: []*topology.Network{ + {Name: "dc1"}, + }, + Clusters: []*topology.Cluster{ + { + Name: "dc1", + Nodes: []*topology.Node{ + { + Kind: topology.NodeKindServer, + // NOTE: uncomment the following lines to trigger the agent frozen bug + // Images: topology.Images{ + // ConsulEnterprise: "hashicorp/consul-enterprise:1.16.1-ent", + // }, + Name: "dc1-server1", + Addresses: []*topology.Address{ + {Network: "dc1"}, + }, + }, + { + Kind: topology.NodeKindDataplane, + Name: "dc1-client1", + Workloads: []*topology.Workload{ + { + ID: staticServerSID, + Image: "docker.mirror.hashicorp.services/fortio/fortio", + Port: 8080, + EnvoyAdminPort: 19000, + CheckTCP: "127.0.0.1:8080", + Command: []string{ + "server", + "-http-port", "8080", + "-redirect-port", "-disabled", + }, + }, + }, + }, + { + Kind: topology.NodeKindDataplane, + Name: "dc1-client2", + Workloads: []*topology.Workload{ + { + ID: staticClientSID, + Image: "docker.mirror.hashicorp.services/fortio/fortio", + Port: 8080, + EnvoyAdminPort: 19000, + CheckTCP: "127.0.0.1:8080", + Command: []string{ + "server", + "-http-port", "8080", + "-redirect-port", "-disabled", + }, + Destinations: []*topology.Destination{ + { + ID: staticServerSID, + LocalPort: 5000, + }, + }, + }, + }, + }, + // Client3 for second static-server + { + Kind: topology.NodeKindDataplane, + Name: "dc1-client3", + Disabled: true, + Workloads: []*topology.Workload{ + { + ID: staticServerSID, + Image: "docker.mirror.hashicorp.services/fortio/fortio", + Port: 8080, + EnvoyAdminPort: 19000, + CheckTCP: "127.0.0.1:8080", + Command: []string{ + "server", + "-http-port", "8080", + "-redirect-port", "-disabled", + }, + }, + }, + }, + }, + Enterprise: utils.IsEnterprise(), + InitialConfigEntries: []api.ConfigEntry{ + &api.ProxyConfigEntry{ + Kind: api.ProxyDefaults, + Name: "global", + Config: map[string]any{ + "protocol": "http", + }, + }, + &api.ServiceConfigEntry{ + Kind: api.ServiceDefaults, + Name: "static-server", + }, + &api.ServiceIntentionsConfigEntry{ + Kind: api.ServiceIntentions, + Name: "static-server", + Sources: []*api.SourceIntention{ + { + Name: "static-client", + Action: api.IntentionActionAllow, + }, + }, + }, + }, + }, + }, + } + sp := sprawltest.Launch(t, clu) + asserter := topoutil.NewAsserter(sp) + + staticClient := sp.Topology().Clusters["dc1"].WorkloadByID( + topology.NewNodeID("dc1-client2", "default"), + staticClientSID, + ) + asserter.FortioFetch2HeaderEcho(t, staticClient, &topology.Destination{ + ID: staticServerSID, + LocalPort: 5000, + }) + staticServer := sp.Topology().Clusters["dc1"].WorkloadByID( + topology.NewNodeID("dc1-client1", "default"), + staticServerSID, + ) + asserter.HTTPStatus(t, staticServer, staticServer.Port, 200) + + t.Log("Take a snapshot of the cluster and restore ...") + err := sp.SnapshotSave("dc1") + require.NoError(t, err) + + // Shutdown existing static-server + cfg := sp.Config() + cluster := cfg.Cluster("dc1") + cluster.Nodes[1].Disabled = true // client 1 -- static-server + require.NoError(t, sp.Relaunch(cfg)) + // verify static-server is down + asserter.HTTPStatus(t, staticServer, staticServer.Port, 504) + + // Add a new static-server + cfg = sp.Config() + cluster = cfg.Cluster("dc1") + cluster.Nodes[3].Disabled = false // client 3 -- new static-server + require.NoError(t, sp.Relaunch(cfg)) + + // Ensure the static-client connected to the new static-server + asserter.HTTPServiceEchoes(t, staticClient, staticClient.Port, "") +} diff --git a/test-integ/go.mod b/test-integ/go.mod index f86dfd043330..19ef1173388d 100644 --- a/test-integ/go.mod +++ b/test-integ/go.mod @@ -3,20 +3,21 @@ module github.com/hashicorp/consul/test-integ go 1.20 require ( - github.com/hashicorp/consul/api v1.24.0 - github.com/hashicorp/consul/sdk v0.14.1 + github.com/hashicorp/consul/api v1.26.1 + github.com/hashicorp/consul/proto-public v0.5.1 + github.com/hashicorp/consul/sdk v0.15.0 github.com/hashicorp/consul/test/integration/consul-container v0.0.0-20230628201853-bdf4fad7c5a5 github.com/hashicorp/consul/testing/deployer v0.0.0-20230811171106-4a0afb5d1373 github.com/hashicorp/go-cleanhttp v0.5.2 github.com/itchyny/gojq v0.12.13 github.com/mitchellh/copystructure v1.2.0 + github.com/rboyer/blankspace v0.2.1 github.com/stretchr/testify v1.8.4 + golang.org/x/net v0.17.0 + google.golang.org/grpc v1.57.2 ) require ( - cloud.google.com/go/compute v1.20.1 // indirect - cloud.google.com/go/compute/metadata v0.2.3 // indirect - cloud.google.com/go/iam v1.1.1 // indirect dario.cat/mergo v1.0.0 // indirect fortio.org/dflag v1.5.2 // indirect fortio.org/fortio v1.54.0 // indirect @@ -24,217 +25,87 @@ require ( fortio.org/sets v1.0.2 // indirect fortio.org/version v1.0.2 // indirect github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect - github.com/DataDog/datadog-go v4.8.2+incompatible // indirect github.com/Microsoft/go-winio v0.6.1 // indirect github.com/agext/levenshtein v1.2.3 // indirect - github.com/aliyun/alibaba-cloud-sdk-go v1.62.156 // indirect github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect - github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e // indirect github.com/armon/go-metrics v0.4.1 // indirect - github.com/armon/go-radix v1.0.0 // indirect - github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect github.com/avast/retry-go v3.0.0+incompatible // indirect - github.com/aws/aws-sdk-go v1.44.289 // indirect - github.com/benbjohnson/immutable v0.4.0 // indirect github.com/beorn7/perks v1.0.1 // indirect - github.com/boltdb/bolt v1.3.1 // indirect - github.com/cenkalti/backoff/v3 v3.0.0 // indirect github.com/cenkalti/backoff/v4 v4.2.1 // indirect - github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect - github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible // indirect - github.com/circonus-labs/circonusllhist v0.1.3 // indirect - github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 // indirect github.com/containerd/containerd v1.7.3 // indirect - github.com/coreos/etcd v3.3.27+incompatible // indirect - github.com/coreos/go-oidc v2.1.0+incompatible // indirect - github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf // indirect - github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf // indirect github.com/cpuguy83/dockercfg v0.3.1 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/docker/distribution v2.8.2+incompatible // indirect github.com/docker/docker v24.0.5+incompatible // indirect github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-units v0.5.0 // indirect - github.com/emicklei/go-restful/v3 v3.10.1 // indirect - github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f // indirect - github.com/envoyproxy/protoc-gen-validate v0.10.1 // indirect github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/fatih/color v1.14.1 // indirect - github.com/fsnotify/fsnotify v1.6.0 // indirect github.com/go-jose/go-jose/v3 v3.0.0 // indirect - github.com/go-logr/logr v1.2.4 // indirect - github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-openapi/analysis v0.21.4 // indirect - github.com/go-openapi/errors v0.20.3 // indirect - github.com/go-openapi/jsonpointer v0.19.5 // indirect - github.com/go-openapi/jsonreference v0.20.0 // indirect - github.com/go-openapi/loads v0.21.2 // indirect - github.com/go-openapi/runtime v0.25.0 // indirect - github.com/go-openapi/spec v0.20.8 // indirect - github.com/go-openapi/strfmt v0.21.3 // indirect - github.com/go-openapi/swag v0.22.3 // indirect - github.com/go-openapi/validate v0.22.1 // indirect - github.com/go-ozzo/ozzo-validation v3.6.0+incompatible // indirect + github.com/go-test/deep v1.1.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect - github.com/golang/snappy v0.0.4 // indirect github.com/google/btree v1.0.1 // indirect - github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-cmp v0.5.9 // indirect - github.com/google/gofuzz v1.2.0 // indirect - github.com/google/s2a-go v0.1.4 // indirect github.com/google/uuid v1.3.0 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect - github.com/googleapis/gax-go/v2 v2.11.0 // indirect - github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 // indirect github.com/hashicorp/consul v1.16.1 // indirect - github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706 // indirect - github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69 // indirect - github.com/hashicorp/consul/envoyextensions v0.4.1 // indirect - github.com/hashicorp/consul/proto-public v0.4.1 // indirect + github.com/hashicorp/consul-server-connection-manager v0.1.4 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect - github.com/hashicorp/go-bexpr v0.1.2 // indirect - github.com/hashicorp/go-connlimit v0.3.0 // indirect github.com/hashicorp/go-hclog v1.5.0 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect - github.com/hashicorp/go-memdb v1.3.4 // indirect github.com/hashicorp/go-msgpack v1.1.5 // indirect - github.com/hashicorp/go-msgpack/v2 v2.0.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/go-plugin v1.4.5 // indirect - github.com/hashicorp/go-raftchunking v0.7.0 // indirect - github.com/hashicorp/go-retryablehttp v0.6.7 // indirect + github.com/hashicorp/go-netaddrs v0.1.0 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect - github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6 // indirect - github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 // indirect - github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 // indirect - github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect github.com/hashicorp/go-sockaddr v1.0.2 // indirect - github.com/hashicorp/go-syslog v1.0.0 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect github.com/hashicorp/go-version v1.2.1 // indirect github.com/hashicorp/golang-lru v0.5.4 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/hashicorp/hcl/v2 v2.16.2 // indirect - github.com/hashicorp/hcp-scada-provider v0.2.3 // indirect - github.com/hashicorp/hcp-sdk-go v0.61.0 // indirect - github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038 // indirect github.com/hashicorp/memberlist v0.5.0 // indirect - github.com/hashicorp/net-rpc-msgpackrpc/v2 v2.0.0 // indirect - github.com/hashicorp/raft v1.5.0 // indirect - github.com/hashicorp/raft-autopilot v0.1.6 // indirect - github.com/hashicorp/raft-boltdb/v2 v2.2.2 // indirect - github.com/hashicorp/raft-wal v0.3.0 // indirect github.com/hashicorp/serf v0.10.1 // indirect - github.com/hashicorp/vault-plugin-auth-alicloud v0.14.0 // indirect - github.com/hashicorp/vault/api v1.8.3 // indirect - github.com/hashicorp/vault/api/auth/gcp v0.3.0 // indirect - github.com/hashicorp/vault/sdk v0.7.0 // indirect - github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 // indirect - github.com/imdario/mergo v0.3.15 // indirect github.com/itchyny/timefmt-go v0.1.5 // indirect - github.com/jmespath/go-jmespath v0.4.0 // indirect - github.com/josharian/intern v1.0.0 // indirect - github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/compress v1.16.7 // indirect github.com/magiconair/properties v1.8.7 // indirect - github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.19 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/miekg/dns v1.1.50 // indirect - github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect - github.com/mitchellh/go-testing-interface v1.14.0 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect - github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452 // indirect - github.com/mitchellh/hashstructure/v2 v2.0.2 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect - github.com/mitchellh/pointerstructure v1.2.1 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/moby/patternmatcher v0.5.0 // indirect github.com/moby/sys/sequential v0.5.0 // indirect github.com/moby/term v0.5.0 // indirect - github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect - github.com/modern-go/reflect2 v1.0.2 // indirect github.com/morikuni/aec v1.0.0 // indirect - github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/oklog/run v1.0.0 // indirect - github.com/oklog/ulid v1.3.1 // indirect - github.com/oklog/ulid/v2 v2.1.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.0-rc4 // indirect github.com/opencontainers/runc v1.1.8 // indirect - github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect github.com/otiai10/copy v1.10.0 // indirect - github.com/patrickmn/go-cache v2.1.0+incompatible // indirect - github.com/pierrec/lz4 v2.6.1+incompatible // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect github.com/prometheus/client_golang v1.14.0 // indirect - github.com/prometheus/client_model v0.3.0 // indirect + github.com/prometheus/client_model v0.4.0 // indirect github.com/prometheus/common v0.39.0 // indirect github.com/prometheus/procfs v0.8.0 // indirect github.com/rboyer/safeio v0.2.3 // indirect - github.com/ryanuber/go-glob v1.0.0 // indirect github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 // indirect - github.com/segmentio/fasthash v1.0.3 // indirect github.com/sirupsen/logrus v1.9.3 // indirect - github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect - github.com/stretchr/objx v0.5.0 // indirect github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569 // indirect github.com/testcontainers/testcontainers-go v0.22.0 // indirect - github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 // indirect - github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect - github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect - github.com/xeipuuv/gojsonschema v1.2.0 // indirect github.com/zclconf/go-cty v1.12.1 // indirect - go.etcd.io/bbolt v1.3.7 // indirect - go.mongodb.org/mongo-driver v1.11.0 // indirect - go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/otel v1.16.0 // indirect - go.opentelemetry.io/otel/metric v1.16.0 // indirect - go.opentelemetry.io/otel/sdk v1.16.0 // indirect - go.opentelemetry.io/otel/sdk/metric v0.39.0 // indirect - go.opentelemetry.io/otel/trace v1.16.0 // indirect - go.opentelemetry.io/proto/otlp v0.19.0 // indirect - go.uber.org/atomic v1.9.0 // indirect - golang.org/x/crypto v0.12.0 // indirect + golang.org/x/crypto v0.14.0 // indirect golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 // indirect golang.org/x/mod v0.12.0 // indirect - golang.org/x/net v0.14.0 // indirect - golang.org/x/oauth2 v0.8.0 // indirect - golang.org/x/sync v0.3.0 // indirect - golang.org/x/sys v0.11.0 // indirect - golang.org/x/term v0.11.0 // indirect - golang.org/x/text v0.12.0 // indirect - golang.org/x/time v0.3.0 // indirect + golang.org/x/sys v0.13.0 // indirect + golang.org/x/text v0.13.0 // indirect golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 // indirect - google.golang.org/api v0.126.0 // indirect - google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230803162519-f966b187b2e5 // indirect - google.golang.org/grpc v1.57.0 // indirect google.golang.org/protobuf v1.31.0 // indirect - gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/ini.v1 v1.66.2 // indirect - gopkg.in/square/go-jose.v2 v2.5.1 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.26.2 // indirect - k8s.io/apimachinery v0.26.2 // indirect - k8s.io/client-go v0.26.2 // indirect - k8s.io/klog/v2 v2.90.1 // indirect - k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect - k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect - sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect - sigs.k8s.io/yaml v1.3.0 // indirect ) replace ( diff --git a/test-integ/go.sum b/test-integ/go.sum index e5edc4188f32..898d5bb8226e 100644 --- a/test-integ/go.sum +++ b/test-integ/go.sum @@ -1,56 +1,5 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= -cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= -cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= -cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= -cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= -cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= -cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= -cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= -cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= -cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= -cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= -cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= -cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= -cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= -cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= -cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= -cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= -cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= -cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= -cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= -cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= -cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= -cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= -cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= -cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= -cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/compute v1.20.1 h1:6aKEtlUiwEpJzM001l0yFkpXmUVXaN8W+fbkb2AZNbg= -cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= -cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= -cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= -cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= -cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v1.1.1 h1:lW7fzj15aVIXYHREOqjRBV9PsH0Z6u8Y46a1YGvQP4Y= -cloud.google.com/go/iam v1.1.1/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU= -cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= -cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= -cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= -cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= -cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= -cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= -dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= fortio.org/assert v1.1.4 h1:Za1RaG+OjsTMpQS3J3UCvTF6wc4+IOHCz+jAOU37Y4o= fortio.org/dflag v1.5.2 h1:F9XVRj4Qr2IbJP7BMj7XZc9wB0Q/RZ61Ool+4YPVad8= fortio.org/dflag v1.5.2/go.mod h1:ppb/A8u+KKg+qUUYZNYuvRnXuVb8IsdHb/XGzsmjkN8= @@ -65,98 +14,42 @@ fortio.org/version v1.0.2/go.mod h1:2JQp9Ax+tm6QKiGuzR5nJY63kFeANcgrZ0osoQFDVm0= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 h1:EKPd1INOIyr5hWOWhvpmQpY6tKjeG0hT1s3AMC/9fic= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/DataDog/datadog-go v2.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= -github.com/DataDog/datadog-go v4.8.2+incompatible h1:qbcKSx29aBLD+5QLvlQZlGmRMF/FfGqFLFev/1TDzRo= -github.com/DataDog/datadog-go v4.8.2+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/Microsoft/hcsshim v0.10.0-rc.8 h1:YSZVvlIIDD1UxQpJp0h+dnpLUw+TrY0cx8obKsp3bek= -github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/aliyun/alibaba-cloud-sdk-go v1.62.156 h1:K4N91T1+RlSlx+t2dujeDviy4ehSGVjEltluDgmeHS4= -github.com/aliyun/alibaba-cloud-sdk-go v1.62.156/go.mod h1:Api2AkmMgGaSUAhmk76oaFObkoeCPc/bKAqcyplPODs= -github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw= github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= -github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e h1:QEF07wC0T1rKkctt1RINW/+RMTVmiwxETico2l3gxJA= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= -github.com/armon/go-metrics v0.0.0-20190430140413-ec5e00d3c878/go.mod h1:3AMJUQhVx52RsWOnlkpikZr01T/yAVN2gn0861vByNg= -github.com/armon/go-metrics v0.3.9/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJA= github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ= -github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/avast/retry-go v3.0.0+incompatible h1:4SOWQ7Qs+oroOTQOYnAHqelpCO0biHSxpiH9JdtuBj0= github.com/avast/retry-go v3.0.0+incompatible/go.mod h1:XtSnn+n/sHqQIpZ10K1qAevBhOOCWBLXXy3hyiqqBrY= -github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go v1.44.289 h1:5CVEjiHFvdiVlKPBzv0rjG4zH/21W/onT18R5AH/qx0= -github.com/aws/aws-sdk-go v1.44.289/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/benbjohnson/immutable v0.4.0 h1:CTqXbEerYso8YzVPxmWxh2gnoRQbbB9X1quUC8+vGZA= -github.com/benbjohnson/immutable v0.4.0/go.mod h1:iAr8OjJGLnLmVUr9MZ/rz4PWUy6Ouc2JLYuMArmvAJM= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/boltdb/bolt v1.3.1 h1:JQmyP4ZBrce+ZQu0dY660FMfatumYDLun9hBCUVIkF4= -github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= -github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c= -github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g= -github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= -github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible h1:C29Ae4G5GtYyYMm1aztcyj/J5ckgJm2zwdDajFbx1NY= github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= -github.com/circonus-labs/circonusllhist v0.1.3 h1:TJH+oke8D16535+jHExHj4nQvzlZrj7ug5D7I/orNUA= github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= -github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k= -github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/containerd/containerd v1.7.3 h1:cKwYKkP1eTj54bP3wCdXXBymmKRQMrWjkLSWZZJDa8o= github.com/containerd/containerd v1.7.3/go.mod h1:32FOM4/O0RkNg7AjQj3hDzN9cUGtu+HMvaKUNiqCZB8= -github.com/coreos/etcd v3.3.27+incompatible h1:QIudLb9KeBsE5zyYxd1mjzRSkzLg9Wf9QlRwFgd6oTA= -github.com/coreos/etcd v3.3.27+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/go-oidc v2.1.0+incompatible h1:sdJrfw8akMnCuUlaZU3tE/uYXFgfqom8DBE9so9EBsM= -github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= -github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf h1:iW4rZ826su+pqaw19uhpSCzhj44qo35pNgKFGqzDKkU= -github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf h1:GOPo6vn/vTN+3IwZBvXX0y5doJfSC7My0cdzelyOCsQ= -github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/dockercfg v0.3.1 h1:/FpZ+JaygUR/lZP2NlFI2DVfrOEMAIKP5wWEJdoYe9E= github.com/cpuguy83/dockercfg v0.3.1/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -171,408 +64,112 @@ github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKoh github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= -github.com/emicklei/go-restful/v3 v3.10.1 h1:rc42Y5YTp7Am7CS630D7JmhRjq4UlEUuEKfrDac4bSQ= -github.com/emicklei/go-restful/v3 v3.10.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= -github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= -github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f h1:7T++XKzy4xg7PKy+bM+Sa9/oe1OC88yz2hXQUISoXfA= -github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f/go.mod h1:sfYdkwUW4BA3PbKjySwjJy+O4Pu0h62rlqCMHNk+K+Q= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v0.10.1 h1:c0g45+xCJhdgFGw7a5QAfdS4byAbud7miNWJ1WwEVf8= -github.com/envoyproxy/protoc-gen-validate v0.10.1/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch/v5 v5.5.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w= github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg= -github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo= -github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= -github.com/frankban/quicktest v1.10.0/go.mod h1:ui7WezCLWMWxVWr1GETZY3smRy0G4KWq9vcPtJmFl7Y= -github.com/frankban/quicktest v1.13.0 h1:yNZif1OkDfNoDfb9zZa9aXIpejNR4F23Wely0c+Qdqk= -github.com/frankban/quicktest v1.13.0/go.mod h1:qLE0fzW0VuyUAJgPU19zByoIr0HtCHN/r/VLSOOIySU= -github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= -github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= -github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo= github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-ldap/ldap/v3 v3.1.10/go.mod h1:5Zun81jBTabRaI8lzN7E1JjyEl1g6zI6u9pd8luAK4Q= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= -github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= -github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/go-openapi/analysis v0.21.2/go.mod h1:HZwRk4RRisyG8vx2Oe6aqeSQcoxRp47Xkp3+K6q+LdY= -github.com/go-openapi/analysis v0.21.4 h1:ZDFLvSNxpDaomuCueM0BlSXxpANBlFYiBvr+GXrvIHc= -github.com/go-openapi/analysis v0.21.4/go.mod h1:4zQ35W4neeZTqh3ol0rv/O8JBbka9QyAgQRPp9y3pfo= -github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= -github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= -github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= -github.com/go-openapi/errors v0.20.3 h1:rz6kiC84sqNQoqrtulzaL/VERgkoCyB6WdEkc2ujzUc= -github.com/go-openapi/errors v0.20.3/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk= -github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY= -github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns= -github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA= -github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo= -github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g= -github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro= -github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw= -github.com/go-openapi/runtime v0.25.0 h1:7yQTCdRbWhX8vnIjdzU8S00tBYf7Sg71EBeorlPHvhc= -github.com/go-openapi/runtime v0.25.0/go.mod h1:Ux6fikcHXyyob6LNWxtE96hWwjBPYF0DXgVFuMTneOs= -github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I= -github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= -github.com/go-openapi/spec v0.20.8 h1:ubHmXNY3FCIOinT8RNrrPfGc9t7I1qhPtdOGoG2AxRU= -github.com/go-openapi/spec v0.20.8/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= -github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg= -github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k= -github.com/go-openapi/strfmt v0.21.3 h1:xwhj5X6CjXEZZHMWy1zKJxvW9AfHC9pkyUjLvHtKG7o= -github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg= -github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= -github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= -github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= -github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= -github.com/go-openapi/validate v0.22.1 h1:G+c2ub6q47kfX1sOBLwIQwzBVt8qmOAARyo/9Fqs9NU= -github.com/go-openapi/validate v0.22.1/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= -github.com/go-ozzo/ozzo-validation v3.6.0+incompatible h1:msy24VGS42fKO9K1vLz82/GeYW1cILu7Nuuj1N3BBkE= -github.com/go-ozzo/ozzo-validation v3.6.0+incompatible/go.mod h1:gsEKFIVnabGBt6mXmxK0MoFy+cZoTJY6mu5Ll3LVLBU= -github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg= github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= -github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0= -github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY= -github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg= -github.com/gobuffalo/envy v1.6.15/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI= -github.com/gobuffalo/envy v1.7.0/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI= -github.com/gobuffalo/flect v0.1.0/go.mod h1:d2ehjJqGOH/Kjqcoz+F7jHTBbmDb38yXA598Hb50EGs= -github.com/gobuffalo/flect v0.1.1/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI= -github.com/gobuffalo/flect v0.1.3/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI= -github.com/gobuffalo/genny v0.0.0-20190329151137-27723ad26ef9/go.mod h1:rWs4Z12d1Zbf19rlsn0nurr75KqhYp52EAGGxTbBhNk= -github.com/gobuffalo/genny v0.0.0-20190403191548-3ca520ef0d9e/go.mod h1:80lIj3kVJWwOrXWWMRzzdhW3DsrdjILVil/SFKBzF28= -github.com/gobuffalo/genny v0.1.0/go.mod h1:XidbUqzak3lHdS//TPu2OgiFB+51Ur5f7CSnXZ/JDvo= -github.com/gobuffalo/genny v0.1.1/go.mod h1:5TExbEyY48pfunL4QSXxlDOmdsD44RRq4mVZ0Ex28Xk= -github.com/gobuffalo/gitgen v0.0.0-20190315122116-cc086187d211/go.mod h1:vEHJk/E9DmhejeLeNt7UVvlSGv3ziL+djtTr3yyzcOw= -github.com/gobuffalo/gogen v0.0.0-20190315121717-8f38393713f5/go.mod h1:V9QVDIxsgKNZs6L2IYiGR8datgMhB577vzTDqypH360= -github.com/gobuffalo/gogen v0.1.0/go.mod h1:8NTelM5qd8RZ15VjQTFkAW6qOMx5wBbW4dSCS3BY8gg= -github.com/gobuffalo/gogen v0.1.1/go.mod h1:y8iBtmHmGc4qa3urIyo1shvOD8JftTtfcKi+71xfDNE= -github.com/gobuffalo/logger v0.0.0-20190315122211-86e12af44bc2/go.mod h1:QdxcLw541hSGtBnhUc4gaNIXRjiDppFGaDqzbrBd3v8= -github.com/gobuffalo/mapi v1.0.1/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc= -github.com/gobuffalo/mapi v1.0.2/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc= -github.com/gobuffalo/packd v0.0.0-20190315124812-a385830c7fc0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4= -github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4= -github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ= -github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0= -github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= -github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE= -github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= -github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= -github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= -github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= -github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54= -github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= -github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc= -github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= -github.com/google/tcpproxy v0.0.0-20180808230851-dfa16c61dad2 h1:AtvtonGEH/fZK0XPNNBdB6swgy7Iudfx88wzyIpwqJ8= -github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/enterprise-certificate-proxy v0.2.3 h1:yk9/cqRKtT9wXZSsRH9aurXEpJX+U6FLtpYTdC3R06k= -github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= -github.com/googleapis/gax-go/v2 v2.11.0 h1:9V9PWXEsWnPpQhu/PeQIkS4eGzMlTLGgt80cUUI8Ki4= -github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI= -github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw= -github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= -github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 h1:lLT7ZLSzGLI08vc9cpd+tYmNWjdKDqyr/2L+f6U12Fk= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w= -github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706 h1:1ZEjnveDe20yFa6lSkfdQZm5BR/b271n0MsB5R2L3us= -github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706/go.mod h1:1Cs8FlmD1BfSQXJGcFLSV5FuIx1AbJP+EJGdxosoS2g= -github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69 h1:wzWurXrxfSyG1PHskIZlfuXlTSCj1Tsyatp9DtaasuY= -github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69/go.mod h1:svUZZDvotY8zTODknUePc6mZ9pX8nN0ViGwWcUSOBEA= +github.com/hashicorp/consul-server-connection-manager v0.1.4 h1:wrcSRV6WGXFBNpNbN6XsdoGgBOyso7ZbN5VaWPEX1jY= +github.com/hashicorp/consul-server-connection-manager v0.1.4/go.mod h1:LMqHkALoLP0HUQKOG21xXYr0YPUayIQIHNTlmxG100E= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/go-bexpr v0.1.2 h1:ijMXI4qERbzxbCnkxmfUtwMyjrrk3y+Vt0MxojNCbBs= -github.com/hashicorp/go-bexpr v0.1.2/go.mod h1:ANbpTX1oAql27TZkKVeW8p1w8NTdnyzPe/0qqPCKohU= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= -github.com/hashicorp/go-connlimit v0.3.0 h1:oAojHGjFxUTTTA8c5XXnDqWJ2HLuWbDiBPTpWvNzvqM= -github.com/hashicorp/go-connlimit v0.3.0/go.mod h1:OUj9FGL1tPIhl/2RCfzYHrIiWj+VVPGNyVPnUX8AqS0= -github.com/hashicorp/go-hclog v0.9.1/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= -github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c= github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-immutable-radix v1.3.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc= github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-kms-wrapping/entropy/v2 v2.0.0/go.mod h1:xvb32K2keAc+R8DSFG2IwDcydK9DBQE+fGA5fsw6hSk= -github.com/hashicorp/go-memdb v1.3.4 h1:XSL3NR682X/cVk2IeV0d70N4DZ9ljI885xAEU8IoK3c= -github.com/hashicorp/go-memdb v1.3.4/go.mod h1:uBTr1oQbtuMgd1SSGoR8YV27eT3sBHbYiNm53bMpgSg= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= -github.com/hashicorp/go-msgpack v0.5.5/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-msgpack v1.1.5 h1:9byZdVjKTe5mce63pRVNP1L7UAmdHOTEMGehn6KvJWs= github.com/hashicorp/go-msgpack v1.1.5/go.mod h1:gWVc3sv/wbDmR3rQsj1CAktEZzoz1YNK9NfGLXJ69/4= -github.com/hashicorp/go-msgpack/v2 v2.0.0 h1:c1fiLq1LNghmLOry1ipGhvLDi+/zEoaEP2JrE1oFJ9s= -github.com/hashicorp/go-msgpack/v2 v2.0.0/go.mod h1:JIxYkkFJRDDRSoWQBSh7s9QAVThq+82iWmUpmE4jKak= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-plugin v1.4.3/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ= -github.com/hashicorp/go-plugin v1.4.5 h1:oTE/oQR4eghggRg8VY7PAz3dr++VwDNBGCcOfIvHpBo= -github.com/hashicorp/go-plugin v1.4.5/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s= -github.com/hashicorp/go-raftchunking v0.7.0 h1:APNMnCXmTOhumkFv/GpJIbq7HteWF7EnGZ3875lRN0Y= -github.com/hashicorp/go-raftchunking v0.7.0/go.mod h1:Dg/eBOaJzE0jYKNwNLs5IA5j0OSmL5HoCUiMy3mDmrI= +github.com/hashicorp/go-netaddrs v0.1.0 h1:TnlYvODD4C/wO+j7cX1z69kV5gOzI87u3OcUinANaW8= +github.com/hashicorp/go-netaddrs v0.1.0/go.mod h1:33+a/emi5R5dqRspOuZKO0E+Tuz5WV1F84eRWALkedA= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= -github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= -github.com/hashicorp/go-retryablehttp v0.6.7 h1:8/CAEZt/+F7kR7GevNHulKkUjLht3CPmn7egmhieNKo= -github.com/hashicorp/go-retryablehttp v0.6.7/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= -github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6 h1:W9WN8p6moV1fjKLkeqEgkAMu5rauy9QeYDAmIaPuuiA= -github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6/go.mod h1:MpCPSPGLDILGb4JMm94/mMi3YysIqsXzGCzkEZjcjXg= -github.com/hashicorp/go-secure-stdlib/base62 v0.1.1/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw= -github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 h1:cCRo8gK7oq6A2L6LICkUZ+/a5rLiRXFMf1Qd4xSwxTc= -github.com/hashicorp/go-secure-stdlib/mlock v0.1.1/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I= -github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= -github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 h1:om4Al8Oy7kCm/B86rLCLah4Dt5Aa0Fr5rYBG60OzwHQ= -github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= -github.com/hashicorp/go-secure-stdlib/password v0.1.1/go.mod h1:9hH302QllNwu1o2TGYtSk8I8kTAN0ca1EHpwhm5Mmzo= -github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U= -github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts= -github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4= -github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1/go.mod h1:l8slYwnJA26yBz+ErHpp2IRCLr0vuOMGBORIz4rRiAs= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc= github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A= -github.com/hashicorp/go-syslog v1.0.0 h1:KaodqZuhUoZereWVIYmpUgZysurB1kBLX2j0MwMrUAE= github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI= github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/hcl/v2 v2.16.2 h1:mpkHZh/Tv+xet3sy3F9Ld4FyI2tUpWe9x3XtPx9f1a0= github.com/hashicorp/hcl/v2 v2.16.2/go.mod h1:JRmR89jycNkrrqnMmvPDMd56n1rQJ2Q6KocSLCMCXng= -github.com/hashicorp/hcp-scada-provider v0.2.3 h1:AarYR+/Pcv+cMvPdAlb92uOBmZfEH6ny4+DT+4NY2VQ= -github.com/hashicorp/hcp-scada-provider v0.2.3/go.mod h1:ZFTgGwkzNv99PLQjTsulzaCplCzOTBh0IUQsPKzrQFo= -github.com/hashicorp/hcp-sdk-go v0.61.0 h1:x4hJ8SlLI5WCE8Uzcu4q5jfdOEz/hFxfUkhAdoFdzSg= -github.com/hashicorp/hcp-sdk-go v0.61.0/go.mod h1:xP7wmWAmdMxs/7+ovH3jZn+MCDhHRj50Rn+m7JIY3Ck= -github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038 h1:n9J0rwVWXDpNd5iZnwY7w4WZyq53/rROeI7OVvLW8Ok= -github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038/go.mod h1:n2TSygSNwsLJ76m8qFXTSc7beTb+auJxYdqrnoqwZWE= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc= github.com/hashicorp/memberlist v0.5.0 h1:EtYPN8DpAURiapus508I4n9CzHs2W+8NZGbmmR/prTM= github.com/hashicorp/memberlist v0.5.0/go.mod h1:yvyXLpo0QaGE59Y7hDTsTzDD25JYBZ4mHgHUZ8lrOI0= -github.com/hashicorp/net-rpc-msgpackrpc/v2 v2.0.0 h1:kBpVVl1sl3MaSrs97e0+pDQhSrqJv9gVbSUrPpVfl1w= -github.com/hashicorp/net-rpc-msgpackrpc/v2 v2.0.0/go.mod h1:6pdNz0vo0mF0GvhwDG56O3N18qBrAz/XRIcfINfTbwo= -github.com/hashicorp/raft v1.1.0/go.mod h1:4Ak7FSPnuvmb0GV6vgIAJ4vYT4bek9bb6Q+7HVbyzqM= -github.com/hashicorp/raft v1.2.0/go.mod h1:vPAJM8Asw6u8LxC3eJCUZmRP/E4QmUGE1R7g7k8sG/8= -github.com/hashicorp/raft v1.3.11/go.mod h1:J8naEwc6XaaCfts7+28whSeRvCqTd6e20BlCU3LtEO4= -github.com/hashicorp/raft v1.5.0 h1:uNs9EfJ4FwiArZRxxfd/dQ5d33nV31/CdCHArH89hT8= -github.com/hashicorp/raft v1.5.0/go.mod h1:pKHB2mf/Y25u3AHNSXVRv+yT+WAnmeTX0BwVppVQV+M= -github.com/hashicorp/raft-autopilot v0.1.6 h1:C1q3RNF2FfXNZfHWbvVAu0QixaQK8K5pX4O5lh+9z4I= -github.com/hashicorp/raft-autopilot v0.1.6/go.mod h1:Af4jZBwaNOI+tXfIqIdbcAnh/UyyqIMj/pOISIfhArw= -github.com/hashicorp/raft-boltdb v0.0.0-20171010151810-6e5ba93211ea/go.mod h1:pNv7Wc3ycL6F5oOWn+tPGo2gWD4a5X+yp/ntwdKLjRk= -github.com/hashicorp/raft-boltdb v0.0.0-20210409134258-03c10cc3d4ea/go.mod h1:qRd6nFJYYS6Iqnc/8HcUmko2/2Gw8qTFEmxDLii6W5I= -github.com/hashicorp/raft-boltdb v0.0.0-20220329195025-15018e9b97e0 h1:CO8dBMLH6dvE1jTn/30ZZw3iuPsNfajshWoJTnVc5cc= -github.com/hashicorp/raft-boltdb/v2 v2.2.2 h1:rlkPtOllgIcKLxVT4nutqlTH2NRFn+tO1wwZk/4Dxqw= -github.com/hashicorp/raft-boltdb/v2 v2.2.2/go.mod h1:N8YgaZgNJLpZC+h+by7vDu5rzsRgONThTEeUS3zWbfY= -github.com/hashicorp/raft-wal v0.3.0 h1:Mi6RPoRbsxIIYZryI+bSTXHD97Ua6rIYO51ibYV9bkY= -github.com/hashicorp/raft-wal v0.3.0/go.mod h1:A6vP5o8hGOs1LHfC1Okh9xPwWDcmb6Vvuz/QyqUXlOE= github.com/hashicorp/serf v0.10.1 h1:Z1H2J60yRKvfDYAOZLd2MU0ND4AH/WDz7xYHDWQsIPY= github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4= -github.com/hashicorp/vault-plugin-auth-alicloud v0.14.0 h1:O6tNk0s/arubLUbLeCyaRs5xGo9VwmbQazISY/BfPK4= -github.com/hashicorp/vault-plugin-auth-alicloud v0.14.0/go.mod h1:We3fJplmALwK1VpjwrLuXr/4QCQHYMdnXLHmLUU6Ntg= -github.com/hashicorp/vault/api v1.8.0/go.mod h1:uJrw6D3y9Rv7hhmS17JQC50jbPDAZdjZoTtrCCxxs7E= -github.com/hashicorp/vault/api v1.8.3 h1:cHQOLcMhBR+aVI0HzhPxO62w2+gJhIrKguQNONPzu6o= -github.com/hashicorp/vault/api v1.8.3/go.mod h1:4g/9lj9lmuJQMtT6CmVMHC5FW1yENaVv+Nv4ZfG8fAg= -github.com/hashicorp/vault/api/auth/gcp v0.3.0 h1:taum+3pCmOXnNgEKHlQbmgXmKw5daWHk7YJrLPP/w8g= -github.com/hashicorp/vault/api/auth/gcp v0.3.0/go.mod h1:gnNBFOASYUaFunedTHOzdir7vKcHL3skWBUzEn263bo= -github.com/hashicorp/vault/sdk v0.6.0/go.mod h1:+DRpzoXIdMvKc88R4qxr+edwy/RvH5QK8itmxLiDHLc= -github.com/hashicorp/vault/sdk v0.7.0 h1:2pQRO40R1etpKkia5fb4kjrdYMx3BHklPxl1pxpxDHg= -github.com/hashicorp/vault/sdk v0.7.0/go.mod h1:KyfArJkhooyba7gYCKSq8v66QdqJmnbAxtV/OX1+JTs= -github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= -github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 h1:xixZ2bWeofWV68J+x6AzmKuVM/JWCQwkWm6GW/MUR6I= -github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ= -github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM= -github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= -github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/itchyny/gojq v0.12.13 h1:IxyYlHYIlspQHHTE0f3cJF0NKDMfajxViuhBLnHd/QU= github.com/itchyny/gojq v0.12.13/go.mod h1:JzwzAqenfhrPUuwbmEz3nu3JQmFLlQTQMUcOdnu/Sf4= github.com/itchyny/timefmt-go v0.1.5 h1:G0INE2la8S6ru/ZI5JecgyzbbJNs5lG1RcBqa7Jm6GE= github.com/itchyny/timefmt-go v0.1.5/go.mod h1:nEP7L+2YmAbT2kZ2HfSs1d8Xtw9LY8D2stDBckWakZ8= -github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= -github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE= -github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74= -github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= -github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= -github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= -github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= -github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= -github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= -github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= -github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= -github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= -github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= -github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4= -github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I= github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= -github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4= github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= -github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= -github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE= -github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= @@ -582,7 +179,6 @@ github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxec github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= @@ -598,33 +194,16 @@ github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA= github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI= -github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db h1:62I3jR2EmQ4l5rM/4FEfDWcRD+abF5XlKShorW5LRoQ= -github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw= -github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/mitchellh/go-testing-interface v1.14.0 h1:/x0XQ6h+3U3nAyk1yx+bHPURrKa9sVVvYbuqZ7pIAtI= -github.com/mitchellh/go-testing-interface v1.14.0/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= -github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452 h1:hOY53G+kBFhbYFpRVxHl5eS7laP6B1+Cq+Z9Dry1iMU= -github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452/go.mod h1:QjSHrPWS+BGUVBYkbTZWEnOh3G1DutKwClXU/ABz6AQ= -github.com/mitchellh/hashstructure/v2 v2.0.2 h1:vGKWl0YJqUNxE8d+h8f6NJLcCJrgbhC4NcD46KavDd4= -github.com/mitchellh/hashstructure/v2 v2.0.2/go.mod h1:MG3aRVU/N29oo/V/IhBX8GR/zz4kQkprJgF2EVszyDE= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mitchellh/pointerstructure v1.2.1 h1:ZhBBeX8tSlRpu/FFhXH4RC4OJzFlqsQhoHZAz4x7TIw= -github.com/mitchellh/pointerstructure v1.2.1/go.mod h1:BRAsLI5zgXmw97Lf6s25bs8ohIXc3tViBH44KcwB2g4= -github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo= @@ -634,49 +213,24 @@ github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWK github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= -github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= -github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= -github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw= -github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= -github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= -github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= -github.com/oklog/ulid/v2 v2.1.0 h1:+9lhoxAP56we25tyYETBBY1YLA2SaoLvUFgrP2miPJU= -github.com/oklog/ulid/v2 v2.1.0/go.mod h1:rcEKHmBBKfef9DhnvX7y1HZBYxjXb0cP5ExxNsTT1QQ= -github.com/onsi/ginkgo/v2 v2.4.0 h1:+Ig9nvqgS5OBSACXNk15PLdp0U9XPYROt9CFzVdFGIs= -github.com/onsi/gomega v1.23.0 h1:/oxKu9c2HVap+F3PfKort2Hw5DEU+HGlW8n+tguWsys= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0= github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= github.com/opencontainers/runc v1.1.8 h1:zICRlc+C1XzivLc3nzE+cbJV4LIi8tib6YG0MqC6OqA= github.com/opencontainers/runc v1.1.8/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50= -github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= -github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= github.com/otiai10/copy v1.10.0 h1:znyI7l134wNg/wDktoVQPxPkgvhDfGCYUasey+h0rDQ= github.com/otiai10/copy v1.10.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww= github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= -github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc= -github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= -github.com/pborman/getopt v0.0.0-20170112200414-7148bc3a4c30/go.mod h1:85jBQOZwpVEaDAr341tbn15RS4fCAsIst0qp7i8ex1o= -github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE= -github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= -github.com/pierrec/lz4 v2.6.1+incompatible h1:9UY3+iC23yxF0UfGaYrGplQ+79Rg+h/q9FV9ix19jjM= -github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -686,658 +240,163 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= -github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 h1:J9b7z+QKAmPf4YLrFg6oQUotqHQeUNWwkvo7jZp1GLU= -github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw= github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= -github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= -github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= +github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= +github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= github.com/prometheus/common v0.39.0 h1:oOyhkDq05hPZKItWVBkJ6g6AtGxi+fy7F4JvUV8uhsI= github.com/prometheus/common v0.39.0/go.mod h1:6XBZ7lYdLCbkAVhwRsWTZn+IN5AB9F/NXd5w0BbEX0Y= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo= github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= +github.com/rboyer/blankspace v0.2.1 h1:GzFPETXKOhuwS/jPRUTFIYo9I+RhafEIhnbPByg8S+c= +github.com/rboyer/blankspace v0.2.1/go.mod h1:GhnCkDlx1SYD6m4XCde73ncQ8pFTLSJvlCNmCMg2moQ= github.com/rboyer/safeio v0.2.3 h1:gUybicx1kp8nuM4vO0GA5xTBX58/OBd8MQuErBfDxP8= github.com/rboyer/safeio v0.2.3/go.mod h1:d7RMmt7utQBJZ4B7f0H/cU/EdZibQAU1Y8NWepK2dS8= -github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= -github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= -github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= -github.com/segmentio/fasthash v1.0.3 h1:EI9+KE1EwvMLBWwjpRDc+fEM+prwxDYbslddQGtrmhM= -github.com/segmentio/fasthash v1.0.3/go.mod h1:waKX8l2N8yckOgmSsXJi7x1ZfdKZ4x7KRMzBtS3oedY= github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= -github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= -github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA= -github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog= -github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= -github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= -github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= -github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569 h1:xzABM9let0HLLqFypcxvLmlvEciCHL7+Lv+4vwZqecI= github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569/go.mod h1:2Ly+NIftZN4de9zRmENdYbvPQeaVIYKWpLFStLFEBgI= github.com/testcontainers/testcontainers-go v0.22.0 h1:hOK4NzNu82VZcKEB1aP9LO1xYssVFMvlfeuDW9JMmV0= github.com/testcontainers/testcontainers-go v0.22.0/go.mod h1:k0YiPa26xJCRUbUkYqy5rY6NGvSbVCeUBXCvucscBR4= -github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4= -github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= -github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 h1:G3dpKMzFDjgEh2q1Z7zUUtKa8ViPtH+ocF0bE0g00O8= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= -github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaOOb6ThwMmTEbhRwtKR97o= -github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= -github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg= -github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= -github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= -github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs= -github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g= -github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM= -github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8= -github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= -github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= -github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= -github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= -github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= -github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA= -github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/zclconf/go-cty v1.12.1 h1:PcupnljUm9EIvbgSHQnHhUr3fO6oFmkOrvs2BAFNXXY= github.com/zclconf/go-cty v1.12.1/go.mod h1:s9IfD1LK5ccNMSWCVFCE2rJfHiZgi7JijgeWIMfhLvA= -go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= -go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ= -go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= -go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg= -go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng= -go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8= -go.mongodb.org/mongo-driver v1.11.0 h1:FZKhBSTydeuffHj9CBjXlR8vQLee1cQyTWYPA6/tqiE= -go.mongodb.org/mongo-driver v1.11.0/go.mod h1:s7p5vEtfbeR1gYi6pnj3c3/urpbLv2T5Sfd6Rp2HBB8= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= -go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= -go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= -go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= -go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/otel v1.16.0 h1:Z7GVAX/UkAXPKsy94IU+i6thsQS4nb7LviLpnaNeW8s= -go.opentelemetry.io/otel v1.16.0/go.mod h1:vl0h9NUa1D5s1nv3A5vZOYWn8av4K8Ml6JDeHrT/bx4= -go.opentelemetry.io/otel/metric v1.16.0 h1:RbrpwVG1Hfv85LgnZ7+txXioPDoh6EdbZHo26Q3hqOo= -go.opentelemetry.io/otel/metric v1.16.0/go.mod h1:QE47cpOmkwipPiefDwo2wDzwJrlfxxNYodqc4xnGCo4= -go.opentelemetry.io/otel/sdk v1.16.0 h1:Z1Ok1YsijYL0CSJpHt4cS3wDDh7p572grzNrBMiMWgE= -go.opentelemetry.io/otel/sdk v1.16.0/go.mod h1:tMsIuKXuuIWPBAOrH+eHtvhTL+SntFtXF9QD68aP6p4= -go.opentelemetry.io/otel/sdk/metric v0.39.0 h1:Kun8i1eYf48kHH83RucG93ffz0zGV1sh46FAScOTuDI= -go.opentelemetry.io/otel/sdk/metric v0.39.0/go.mod h1:piDIRgjcK7u0HCL5pCA4e74qpK/jk3NiUoAHATVAmiI= -go.opentelemetry.io/otel/trace v1.16.0 h1:8JRpaObFoW0pxuVPapkgH8UhHQj+bJW8jJsCZEu5MQs= -go.opentelemetry.io/otel/trace v1.16.0/go.mod h1:Yt9vYq1SdNz3xdjZZK7wcXv1qv2pwLkqr2QVwea0ef0= -go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.opentelemetry.io/proto/otlp v0.19.0 h1:IVN6GR+mhC4s5yfcTbmzHYODqvWAp3ZedA2SJPI1Nnw= -go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= -go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= -go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/goleak v1.1.10 h1:z+mqJhf6ss6BSfSM671tgKyZBFPTTJM+HLxnhPC3wu0= -go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= -go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= -go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= -golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= -golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= -golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= +golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 h1:m64FZMko/V45gv0bNmrNYoDEq8U5YUhetc9cBWKS1TQ= golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63/go.mod h1:0v4NqG35kSWCMzLaMeX+IQrlSnVE/bqGSyC2cz/9Le8= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= -golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= -golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug= -golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= -golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= -golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= -golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= -golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM= -golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= -golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= -golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8= -golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= -golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190419153524-e8e3143a4f4a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190523142557-0e01d883c5c5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= -golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0= -golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= -golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc= -golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190329151228-23e29df326fe/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190416151739-9c9e1878f421/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190420181800-aa740d480789/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190424220101-1e8e1cfdf96b/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= -golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= -golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= -golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 h1:Vve/L0v7CXXuxUmaMGIEK/dEeq7uiqb5qBgQrZzIE7E= golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= -google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= -google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= -google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= -google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= -google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= -google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= -google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= -google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= -google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= -google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= -google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= -google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= -google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI= -google.golang.org/api v0.126.0 h1:q4GJq+cAdMAC7XP7njvQ4tvohGLiSlytuL4BQxbIZ+o= -google.golang.org/api v0.126.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= -google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= -google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= -google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= -google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= -google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e h1:xIXmWJ303kJCuogpj0bHq+dcjcZHU+XFyc1I0Yl9cRg= -google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e/go.mod h1:0ggbjUrZYpy1q+ANUS30SEoGZ53cdfwtbuG7Ptgy108= -google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130 h1:XVeBY8d/FaK4848myy41HBqnDwvxeV3zMZhwN1TvAMU= -google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:mPBs5jNgx2GuQGvFwUvVKqtn6HsUw9nP64BedgvqEsQ= google.golang.org/genproto/googleapis/rpc v0.0.0-20230803162519-f966b187b2e5 h1:eSaPbMR4T7WfH9FvABk36NBMacoTUKdWCvV0dx+KfOg= google.golang.org/genproto/googleapis/rpc v0.0.0-20230803162519-f966b187b2e5/go.mod h1:zBEcrKX2ZOcEkHWxBPAIvYUWOKKMIhYcmNiUIu2ji3I= -google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= -google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= -google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= -google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= -google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= -google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k= -google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= -google.golang.org/grpc v1.57.0 h1:kfzNeI/klCGD2YPMUlaGNT3pxvYfga7smW3Vth8Zsiw= -google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= -google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= +google.golang.org/grpc v1.57.2 h1:uw37EN34aMFFXB2QPW7Tq6tdTbind1GpRxw5aOX3a5k= +google.golang.org/grpc v1.57.2/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= -gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/ini.v1 v1.66.2 h1:XfR1dOYubytKy4Shzc2LHrrGhU0lDCfDGG1yLPmpgsI= -gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w= -gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.26.2 h1:dM3cinp3PGB6asOySalOZxEG4CZ0IAdJsrYZXE/ovGQ= -k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU= -k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ= -k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= -k8s.io/client-go v0.26.2 h1:s1WkVujHX3kTp4Zn4yGNFK+dlDXy1bAAkIl+cFAiuYI= -k8s.io/client-go v0.26.2/go.mod h1:u5EjOuSyBa09yqqyY7m3abZeovO/7D/WehVVlZ2qcqU= -k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw= -k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E= -k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= -k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 h1:kmDqav+P+/5e1i9tFfHq1qcF3sOrDp+YEkVDAHu7Jwk= -k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= -rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k= -sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= -sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= diff --git a/test-integ/peering_commontopo/README.md b/test-integ/peering_commontopo/README.md index 96466bb29b86..16044512709c 100644 --- a/test-integ/peering_commontopo/README.md +++ b/test-integ/peering_commontopo/README.md @@ -5,7 +5,7 @@ These peering tests all use a `commonTopo` (read: "common topology") to enable s To run these tests, you will need to have docker installed. Next, make sure that you have all the required consul containers built: ``` -make test-compat-integ-setup +make test-deployer-setup ``` ## Non-Shared CommonTopo Tests diff --git a/test-integ/peering_commontopo/ac1_basic_test.go b/test-integ/peering_commontopo/ac1_basic_test.go index 85aaee4e6b55..e104288c1ffa 100644 --- a/test-integ/peering_commontopo/ac1_basic_test.go +++ b/test-integ/peering_commontopo/ac1_basic_test.go @@ -7,9 +7,8 @@ import ( "fmt" "testing" - "github.com/hashicorp/consul/testing/deployer/topology" - "github.com/hashicorp/consul/api" + "github.com/hashicorp/consul/testing/deployer/topology" ) type ac1BasicSuite struct { @@ -18,21 +17,21 @@ type ac1BasicSuite struct { Peer string // test points - sidServerHTTP topology.ServiceID - sidServerTCP topology.ServiceID + sidServerHTTP topology.ID + sidServerTCP topology.ID nodeServerHTTP topology.NodeID nodeServerTCP topology.NodeID // 1.1 - sidClientTCP topology.ServiceID + sidClientTCP topology.ID nodeClientTCP topology.NodeID // 1.2 - sidClientHTTP topology.ServiceID + sidClientHTTP topology.ID nodeClientHTTP topology.NodeID - upstreamHTTP *topology.Upstream - upstreamTCP *topology.Upstream + upstreamHTTP *topology.Destination + upstreamTCP *topology.Destination } var ac1BasicSuites []sharedTopoSuite = []sharedTopoSuite{ @@ -58,24 +57,24 @@ func (s *ac1BasicSuite) setup(t *testing.T, ct *commonTopo) { cluPeerName := LocalPeerName(clu, "default") const prefix = "ac1-" - tcpServerSID := topology.ServiceID{ + tcpServerSID := topology.ID{ Name: prefix + "server-tcp", Partition: partition, } - httpServerSID := topology.ServiceID{ + httpServerSID := topology.ID{ Name: prefix + "server-http", Partition: partition, } - upstreamHTTP := &topology.Upstream{ - ID: topology.ServiceID{ + upstreamHTTP := &topology.Destination{ + ID: topology.ID{ Name: httpServerSID.Name, Partition: partition, }, LocalPort: 5001, Peer: peer, } - upstreamTCP := &topology.Upstream{ - ID: topology.ServiceID{ + upstreamTCP := &topology.Destination{ + ID: topology.ID{ Name: tcpServerSID.Name, Partition: partition, }, @@ -85,16 +84,16 @@ func (s *ac1BasicSuite) setup(t *testing.T, ct *commonTopo) { // Make clients which have server upstreams setupClientServiceAndConfigs := func(protocol string) (serviceExt, *topology.Node) { - sid := topology.ServiceID{ + sid := topology.ID{ Name: prefix + "client-" + protocol, Partition: partition, } svc := serviceExt{ - Service: NewFortioServiceWithDefaults( + Workload: NewFortioServiceWithDefaults( clu.Datacenter, sid, - func(s *topology.Service) { - s.Upstreams = []*topology.Upstream{ + func(s *topology.Workload) { + s.Destinations = []*topology.Destination{ upstreamTCP, upstreamHTTP, } @@ -123,7 +122,7 @@ func (s *ac1BasicSuite) setup(t *testing.T, ct *commonTopo) { httpClient, httpClientNode := setupClientServiceAndConfigs("http") httpServer := serviceExt{ - Service: NewFortioServiceWithDefaults( + Workload: NewFortioServiceWithDefaults( peerClu.Datacenter, httpServerSID, nil, @@ -154,7 +153,7 @@ func (s *ac1BasicSuite) setup(t *testing.T, ct *commonTopo) { }, } tcpServer := serviceExt{ - Service: NewFortioServiceWithDefaults( + Workload: NewFortioServiceWithDefaults( peerClu.Datacenter, tcpServerSID, nil, @@ -209,20 +208,20 @@ func (s *ac1BasicSuite) test(t *testing.T, ct *commonTopo) { ac := s // refresh this from Topology - svcClientTCP := dc.ServiceByID( + svcClientTCP := dc.WorkloadByID( ac.nodeClientTCP, ac.sidClientTCP, ) - svcClientHTTP := dc.ServiceByID( + svcClientHTTP := dc.WorkloadByID( ac.nodeClientHTTP, ac.sidClientHTTP, ) // our ac has the node/sid for server in the peer DC - svcServerHTTP := peer.ServiceByID( + svcServerHTTP := peer.WorkloadByID( ac.nodeServerHTTP, ac.sidServerHTTP, ) - svcServerTCP := peer.ServiceByID( + svcServerTCP := peer.WorkloadByID( ac.nodeServerTCP, ac.sidServerTCP, ) @@ -232,13 +231,11 @@ func (s *ac1BasicSuite) test(t *testing.T, ct *commonTopo) { // probably not worth the speed boost ct.Assert.HealthyWithPeer(t, dc.Name, svcServerHTTP.ID, LocalPeerName(peer, "default")) ct.Assert.HealthyWithPeer(t, dc.Name, svcServerTCP.ID, LocalPeerName(peer, "default")) - ct.Assert.UpstreamEndpointHealthy(t, svcClientTCP, ac.upstreamTCP) - ct.Assert.UpstreamEndpointHealthy(t, svcClientTCP, ac.upstreamHTTP) tcs := []struct { acSub int proto string - svc *topology.Service + svc *topology.Workload }{ {1, "tcp", svcClientTCP}, {2, "http", svcClientHTTP}, diff --git a/test-integ/peering_commontopo/ac2_disco_chain_test.go b/test-integ/peering_commontopo/ac2_disco_chain_test.go index 448ab2840bfe..ab85b7ffdb69 100644 --- a/test-integ/peering_commontopo/ac2_disco_chain_test.go +++ b/test-integ/peering_commontopo/ac2_disco_chain_test.go @@ -7,17 +7,16 @@ import ( "fmt" "testing" + "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/testing/deployer/topology" "github.com/stretchr/testify/require" - - "github.com/hashicorp/consul/api" ) type ac2DiscoChainSuite struct { DC string Peer string - clientSID topology.ServiceID + clientSID topology.ID } var ac2DiscoChainSuites []sharedTopoSuite = []sharedTopoSuite{ @@ -42,7 +41,7 @@ func (s *ac2DiscoChainSuite) setup(t *testing.T, ct *commonTopo) { // Make an HTTP server with discovery chain config entries server := NewFortioServiceWithDefaults( clu.Datacenter, - topology.ServiceID{ + topology.ID{ Name: "ac2-disco-chain-svc", Partition: partition, }, @@ -82,11 +81,11 @@ func (s *ac2DiscoChainSuite) setup(t *testing.T, ct *commonTopo) { }, }, ) - ct.AddServiceNode(clu, serviceExt{Service: server}) + ct.AddServiceNode(clu, serviceExt{Workload: server}) // Define server as upstream for client - upstream := &topology.Upstream{ - ID: topology.ServiceID{ + upstream := &topology.Destination{ + ID: topology.ID{ Name: server.ID.Name, Partition: partition, // TODO: iterate over all possible partitions }, @@ -98,15 +97,15 @@ func (s *ac2DiscoChainSuite) setup(t *testing.T, ct *commonTopo) { } // Make client which will dial server - clientSID := topology.ServiceID{ + clientSID := topology.ID{ Name: "ac2-client", Partition: partition, } client := NewFortioServiceWithDefaults( clu.Datacenter, clientSID, - func(s *topology.Service) { - s.Upstreams = []*topology.Upstream{ + func(s *topology.Workload) { + s.Destinations = []*topology.Destination{ upstream, } }, @@ -121,7 +120,7 @@ func (s *ac2DiscoChainSuite) setup(t *testing.T, ct *commonTopo) { }, }, ) - ct.AddServiceNode(clu, serviceExt{Service: client}) + ct.AddServiceNode(clu, serviceExt{Workload: client}) clu.InitialConfigEntries = append(clu.InitialConfigEntries, &api.ServiceConfigEntry{ @@ -161,12 +160,12 @@ func (s *ac2DiscoChainSuite) setup(t *testing.T, ct *commonTopo) { func (s *ac2DiscoChainSuite) test(t *testing.T, ct *commonTopo) { dc := ct.Sprawl.Topology().Clusters[s.DC] - svcs := dc.ServicesByID(s.clientSID) + svcs := dc.WorkloadsByID(s.clientSID) require.Len(t, svcs, 1, "expected exactly one client in datacenter") client := svcs[0] - require.Len(t, client.Upstreams, 1, "expected exactly one upstream for client") - u := client.Upstreams[0] + require.Len(t, client.Destinations, 1, "expected exactly one upstream for client") + u := client.Destinations[0] t.Run("peered upstream exists in catalog", func(t *testing.T) { t.Parallel() @@ -177,7 +176,7 @@ func (s *ac2DiscoChainSuite) test(t *testing.T, ct *commonTopo) { t.Run("peered upstream endpoint status is healthy", func(t *testing.T) { t.Parallel() - ct.Assert.UpstreamEndpointStatus(t, client, peerClusterPrefix(u), "HEALTHY", 1) + ct.Assert.DestinationEndpointStatus(t, client, peerClusterPrefix(u), "HEALTHY", 1) }) t.Run("response contains header injected by splitter", func(t *testing.T) { @@ -197,7 +196,7 @@ func (s *ac2DiscoChainSuite) test(t *testing.T, ct *commonTopo) { // func (s *ResourceGenerator) getTargetClusterName // // and connect/sni.go -func peerClusterPrefix(u *topology.Upstream) string { +func peerClusterPrefix(u *topology.Destination) string { if u.Peer == "" { panic("upstream is not from a peer") } diff --git a/test-integ/peering_commontopo/ac3_service_defaults_upstream_test.go b/test-integ/peering_commontopo/ac3_service_defaults_upstream_test.go index 586103c11127..caf801b09e26 100644 --- a/test-integ/peering_commontopo/ac3_service_defaults_upstream_test.go +++ b/test-integ/peering_commontopo/ac3_service_defaults_upstream_test.go @@ -11,14 +11,13 @@ import ( "testing" "time" + "github.com/hashicorp/consul/api" + "github.com/hashicorp/consul/sdk/testutil/retry" + libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert" "github.com/hashicorp/consul/testing/deployer/topology" "github.com/hashicorp/go-cleanhttp" "github.com/itchyny/gojq" "github.com/stretchr/testify/require" - - "github.com/hashicorp/consul/api" - "github.com/hashicorp/consul/sdk/testutil/retry" - libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert" ) var ac3SvcDefaultsSuites []sharedTopoSuite = []sharedTopoSuite{ @@ -36,12 +35,12 @@ type ac3SvcDefaultsSuite struct { Peer string // test points - sidServer topology.ServiceID + sidServer topology.ID nodeServer topology.NodeID - sidClient topology.ServiceID + sidClient topology.ID nodeClient topology.NodeID - upstream *topology.Upstream + upstream *topology.Destination } func (s *ac3SvcDefaultsSuite) testName() string { @@ -57,12 +56,12 @@ func (s *ac3SvcDefaultsSuite) setup(t *testing.T, ct *commonTopo) { peer := LocalPeerName(peerClu, "default") cluPeerName := LocalPeerName(clu, "default") - serverSID := topology.ServiceID{ + serverSID := topology.ID{ Name: "ac3-server", Partition: partition, } - upstream := &topology.Upstream{ - ID: topology.ServiceID{ + upstream := &topology.Destination{ + ID: topology.ID{ Name: serverSID.Name, Partition: partition, }, @@ -70,16 +69,16 @@ func (s *ac3SvcDefaultsSuite) setup(t *testing.T, ct *commonTopo) { Peer: peer, } - sid := topology.ServiceID{ + sid := topology.ID{ Name: "ac3-client", Partition: partition, } client := serviceExt{ - Service: NewFortioServiceWithDefaults( + Workload: NewFortioServiceWithDefaults( clu.Datacenter, sid, - func(s *topology.Service) { - s.Upstreams = []*topology.Upstream{ + func(s *topology.Workload) { + s.Destinations = []*topology.Destination{ upstream, } }, @@ -113,7 +112,7 @@ func (s *ac3SvcDefaultsSuite) setup(t *testing.T, ct *commonTopo) { clientNode := ct.AddServiceNode(clu, client) server := serviceExt{ - Service: NewFortioServiceWithDefaults( + Workload: NewFortioServiceWithDefaults( peerClu.Datacenter, serverSID, nil, @@ -159,12 +158,12 @@ func (s *ac3SvcDefaultsSuite) test(t *testing.T, ct *commonTopo) { peer := ct.Sprawl.Topology().Clusters[s.Peer] // refresh this from Topology - svcClient := dc.ServiceByID( + svcClient := dc.WorkloadByID( s.nodeClient, s.sidClient, ) // our ac has the node/sid for server in the peer DC - svcServer := peer.ServiceByID( + svcServer := peer.WorkloadByID( s.nodeServer, s.sidServer, ) @@ -173,7 +172,6 @@ func (s *ac3SvcDefaultsSuite) test(t *testing.T, ct *commonTopo) { // these could be done parallel with each other, but complexity // probably not worth the speed boost ct.Assert.HealthyWithPeer(t, dc.Name, svcServer.ID, LocalPeerName(peer, "default")) - ct.Assert.UpstreamEndpointHealthy(t, svcClient, s.upstream) // TODO: we need to let the upstream start serving properly before we do this. if it // isn't ready and returns a 5xx (which it will do if it's not up yet!), it will stick // in a down state for PassiveHealthCheck.Interval @@ -185,7 +183,7 @@ func (s *ac3SvcDefaultsSuite) test(t *testing.T, ct *commonTopo) { // TODO: what is default? namespace? partition? clusterName := fmt.Sprintf("%s.default.%s.external", s.upstream.ID.Name, s.upstream.Peer) nonceStatus := http.StatusInsufficientStorage - url507 := fmt.Sprintf("http://localhost:%d/fortio/fetch2?url=%s", svcClient.ExposedPort, + url507 := fmt.Sprintf("http://localhost:%d/fortio/fetch2?url=%s", svcClient.ExposedPort(""), url.QueryEscape(fmt.Sprintf("http://localhost:%d/?status=%d", s.upstream.LocalPort, nonceStatus)), ) @@ -221,7 +219,7 @@ func (s *ac3SvcDefaultsSuite) test(t *testing.T, ct *commonTopo) { require.True(r, resultAsBool) }) - url200 := fmt.Sprintf("http://localhost:%d/fortio/fetch2?url=%s", svcClient.ExposedPort, + url200 := fmt.Sprintf("http://localhost:%d/fortio/fetch2?url=%s", svcClient.ExposedPort(""), url.QueryEscape(fmt.Sprintf("http://localhost:%d/", s.upstream.LocalPort)), ) retry.RunWith(&retry.Timer{Timeout: time.Minute * 1, Wait: time.Millisecond * 500}, t, func(r *retry.R) { diff --git a/test-integ/peering_commontopo/ac4_proxy_defaults_test.go b/test-integ/peering_commontopo/ac4_proxy_defaults_test.go index c413820c6f2b..c6bbc9506b99 100644 --- a/test-integ/peering_commontopo/ac4_proxy_defaults_test.go +++ b/test-integ/peering_commontopo/ac4_proxy_defaults_test.go @@ -22,9 +22,9 @@ type ac4ProxyDefaultsSuite struct { nodeClient topology.NodeID nodeServer topology.NodeID - serverSID topology.ServiceID - clientSID topology.ServiceID - upstream *topology.Upstream + serverSID topology.ID + clientSID topology.ID + upstream *topology.Destination } var ac4ProxyDefaultsSuites []sharedTopoSuite = []sharedTopoSuite{ @@ -49,28 +49,28 @@ func (s *ac4ProxyDefaultsSuite) setup(t *testing.T, ct *commonTopo) { peer := LocalPeerName(peerClu, "default") cluPeerName := LocalPeerName(clu, "default") - serverSID := topology.ServiceID{ + serverSID := topology.ID{ Name: "ac4-server-http", Partition: partition, } // Define server as upstream for client - upstream := &topology.Upstream{ + upstream := &topology.Destination{ ID: serverSID, LocalPort: 5000, Peer: peer, } // Make client which will dial server - clientSID := topology.ServiceID{ + clientSID := topology.ID{ Name: "ac4-http-client", Partition: partition, } client := serviceExt{ - Service: NewFortioServiceWithDefaults( + Workload: NewFortioServiceWithDefaults( clu.Datacenter, clientSID, - func(s *topology.Service) { - s.Upstreams = []*topology.Upstream{ + func(s *topology.Workload) { + s.Destinations = []*topology.Destination{ upstream, } }, @@ -92,7 +92,7 @@ func (s *ac4ProxyDefaultsSuite) setup(t *testing.T, ct *commonTopo) { clientNode := ct.AddServiceNode(clu, client) server := serviceExt{ - Service: NewFortioServiceWithDefaults( + Workload: NewFortioServiceWithDefaults( peerClu.Datacenter, serverSID, nil, @@ -143,34 +143,33 @@ func (s *ac4ProxyDefaultsSuite) setup(t *testing.T, ct *commonTopo) { } func (s *ac4ProxyDefaultsSuite) test(t *testing.T, ct *commonTopo) { - var client *topology.Service + var client *topology.Workload dc := ct.Sprawl.Topology().Clusters[s.DC] peer := ct.Sprawl.Topology().Clusters[s.Peer] - clientSVC := dc.ServiceByID( + clientSVC := dc.WorkloadByID( s.nodeClient, s.clientSID, ) - serverSVC := peer.ServiceByID( + serverSVC := peer.WorkloadByID( s.nodeServer, s.serverSID, ) // preconditions check ct.Assert.HealthyWithPeer(t, dc.Name, serverSVC.ID, LocalPeerName(peer, "default")) - ct.Assert.UpstreamEndpointHealthy(t, clientSVC, s.upstream) ct.Assert.FortioFetch2HeaderEcho(t, clientSVC, s.upstream) t.Run("Validate services exist in catalog", func(t *testing.T) { - dcSvcs := dc.ServicesByID(s.clientSID) + dcSvcs := dc.WorkloadsByID(s.clientSID) require.Len(t, dcSvcs, 1, "expected exactly one client") client = dcSvcs[0] - require.Len(t, client.Upstreams, 1, "expected exactly one upstream for client") + require.Len(t, client.Destinations, 1, "expected exactly one upstream for client") - server := dc.ServicesByID(s.serverSID) + server := dc.WorkloadsByID(s.serverSID) require.Len(t, server, 1, "expected exactly one server") - require.Len(t, server[0].Upstreams, 0, "expected no upstream for server") + require.Len(t, server[0].Destinations, 0, "expected no upstream for server") }) t.Run("peered upstream exists in catalog", func(t *testing.T) { @@ -180,11 +179,11 @@ func (s *ac4ProxyDefaultsSuite) test(t *testing.T, ct *commonTopo) { }) t.Run("HTTP service fails due to connection timeout", func(t *testing.T) { - url504 := fmt.Sprintf("http://localhost:%d/fortio/fetch2?url=%s", client.ExposedPort, + url504 := fmt.Sprintf("http://localhost:%d/fortio/fetch2?url=%s", client.ExposedPort(""), url.QueryEscape(fmt.Sprintf("http://localhost:%d/?delay=1000ms", s.upstream.LocalPort)), ) - url200 := fmt.Sprintf("http://localhost:%d/fortio/fetch2?url=%s", client.ExposedPort, + url200 := fmt.Sprintf("http://localhost:%d/fortio/fetch2?url=%s", client.ExposedPort(""), url.QueryEscape(fmt.Sprintf("http://localhost:%d/", s.upstream.LocalPort)), ) diff --git a/test-integ/peering_commontopo/ac5_1_no_svc_mesh_test.go b/test-integ/peering_commontopo/ac5_1_no_svc_mesh_test.go index d564261ed878..aeebda56e1a6 100644 --- a/test-integ/peering_commontopo/ac5_1_no_svc_mesh_test.go +++ b/test-integ/peering_commontopo/ac5_1_no_svc_mesh_test.go @@ -5,7 +5,6 @@ package peering import ( "fmt" - "testing" "github.com/hashicorp/consul/api" @@ -19,8 +18,8 @@ type ac5_1NoSvcMeshSuite struct { DC string Peer string - serverSID topology.ServiceID - clientSID topology.ServiceID + serverSID topology.ID + clientSID topology.ID } var ( @@ -47,23 +46,23 @@ func (s *ac5_1NoSvcMeshSuite) setup(t *testing.T, ct *commonTopo) { partition := "default" peer := LocalPeerName(peerClu, partition) - serverSID := topology.ServiceID{ + serverSID := topology.ID{ Name: "ac5-server-http", Partition: partition, } // Make client which will dial server - clientSID := topology.ServiceID{ + clientSID := topology.ID{ Name: "ac5-http-client", Partition: partition, } // disable service mesh for client in s.DC client := serviceExt{ - Service: NewFortioServiceWithDefaults( + Workload: NewFortioServiceWithDefaults( clu.Datacenter, clientSID, - func(s *topology.Service) { + func(s *topology.Workload) { s.EnvoyAdminPort = 0 s.DisableServiceMesh = true }, @@ -79,7 +78,7 @@ func (s *ac5_1NoSvcMeshSuite) setup(t *testing.T, ct *commonTopo) { ct.AddServiceNode(clu, client) server := serviceExt{ - Service: NewFortioServiceWithDefaults( + Workload: NewFortioServiceWithDefaults( clu.Datacenter, serverSID, nil, diff --git a/test-integ/peering_commontopo/ac5_2_pq_failover_test.go b/test-integ/peering_commontopo/ac5_2_pq_failover_test.go index 3bf8c9be9ac8..8a65fcef8851 100644 --- a/test-integ/peering_commontopo/ac5_2_pq_failover_test.go +++ b/test-integ/peering_commontopo/ac5_2_pq_failover_test.go @@ -5,9 +5,8 @@ package peering import ( "fmt" - "time" - "testing" + "time" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/sdk/testutil/retry" @@ -26,15 +25,20 @@ import ( // 9. Delete failing health check from step 3 // 10. Repeat step 2 type ac5_2PQFailoverSuite struct { - clientSID topology.ServiceID - serverSID topology.ServiceID + clientSID topology.ID + serverSID topology.ID nodeServer topology.NodeID } +type nodeKey struct { + dc string + partition string +} + var ac5_2Context = make(map[nodeKey]ac5_2PQFailoverSuite) func TestAC5PreparedQueryFailover(t *testing.T) { - ct := NewCommonTopo(t) + ct := newCommonTopo(t, "dc2", true, true) s := &ac5_2PQFailoverSuite{} s.setup(t, ct) ct.Launch(t) @@ -52,21 +56,21 @@ func (s *ac5_2PQFailoverSuite) setupDC(ct *commonTopo, clu, peerClu *topology.Cl partition := "default" peer := LocalPeerName(peerClu, partition) - serverSID := topology.ServiceID{ + serverSID := topology.ID{ Name: "ac5-server-http", Partition: partition, } - clientSID := topology.ServiceID{ + clientSID := topology.ID{ Name: "ac5-client-http", Partition: partition, } client := serviceExt{ - Service: NewFortioServiceWithDefaults( + Workload: NewFortioServiceWithDefaults( clu.Datacenter, clientSID, - func(s *topology.Service) { + func(s *topology.Workload) { s.EnvoyAdminPort = 0 s.DisableServiceMesh = true }, @@ -83,10 +87,10 @@ func (s *ac5_2PQFailoverSuite) setupDC(ct *commonTopo, clu, peerClu *topology.Cl ct.AddServiceNode(clu, client) server := serviceExt{ - Service: NewFortioServiceWithDefaults( + Workload: NewFortioServiceWithDefaults( clu.Datacenter, serverSID, - func(s *topology.Service) { + func(s *topology.Workload) { s.EnvoyAdminPort = 0 s.DisableServiceMesh = true }, @@ -109,22 +113,22 @@ func (s *ac5_2PQFailoverSuite) setupDC3(ct *commonTopo, clu, peer1, peer2 *topol ) peers = append(peers, LocalPeerName(peer1, partition), LocalPeerName(peer2, partition)) - serverSID := topology.ServiceID{ + serverSID := topology.ID{ Name: "ac5-server-http", Partition: partition, } - clientSID := topology.ServiceID{ + clientSID := topology.ID{ Name: "ac5-client-http", Partition: partition, } // disable service mesh for client in DC3 client := serviceExt{ - Service: NewFortioServiceWithDefaults( + Workload: NewFortioServiceWithDefaults( clu.Datacenter, clientSID, - func(s *topology.Service) { + func(s *topology.Workload) { s.EnvoyAdminPort = 0 s.DisableServiceMesh = true }, @@ -149,10 +153,10 @@ func (s *ac5_2PQFailoverSuite) setupDC3(ct *commonTopo, clu, peer1, peer2 *topol ct.AddServiceNode(clu, client) server := serviceExt{ - Service: NewFortioServiceWithDefaults( + Workload: NewFortioServiceWithDefaults( clu.Datacenter, serverSID, - func(s *topology.Service) { + func(s *topology.Workload) { s.EnvoyAdminPort = 0 s.DisableServiceMesh = true }, diff --git a/test-integ/peering_commontopo/ac6_failovers_test.go b/test-integ/peering_commontopo/ac6_failovers_test.go index fe3cd181b203..66155cad2fad 100644 --- a/test-integ/peering_commontopo/ac6_failovers_test.go +++ b/test-integ/peering_commontopo/ac6_failovers_test.go @@ -7,426 +7,471 @@ import ( "fmt" "testing" - "github.com/hashicorp/consul/testing/deployer/topology" - "github.com/stretchr/testify/require" - "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/test/integration/consul-container/libs/utils" + "github.com/hashicorp/consul/testing/deployer/topology" + "github.com/stretchr/testify/require" ) -// note: unlike other *Suite structs that are per-peering direction, -// this one is special and does all directions itself, because the -// setup is not exactly symmetrical type ac6FailoversSuite struct { - ac6 map[nodeKey]ac6FailoversContext -} -type ac6FailoversContext struct { - clientSID topology.ServiceID - serverSID topology.ServiceID - + // inputs + // with all false, this gives us a scenario with: + // - a "near" server in the accepter cluster (DC1), partitition default, namespace default + // - a "far" server in the dialer cluster (DC2), partition default, namespace default + // - a client in the accepter cluster (DC1), partition default, namespace default, with: + // - upstream near server (DC1) + // - failover to far server (DC2) + // + // TODO: technically if NearInDial && !FarInAcc (i.e., near == far), then we're not doing peering at all, + // and could do this test in a single DC + + // when true, put the client (and its default upstream server) in the dialer peer; otherwise, put client in accepter + NearInDial bool + // when true, put the client (and its default upstream server) in the nondefault partition/namespace; otherwise in the default + NearInPartAlt bool + NearInNSAlt bool + // when true, put far server to the accepter peer; otherwise the dialer + FarInAcc bool + // when true, put far server to nondefault partition/namespace (ENT-only); otherwise, failover to default + FarInPartAlt bool + FarInNSAlt bool + + // launch outputs, for querying during test + clientSID topology.ID + // near = same DC as client; far = other DC + nearServerSID topology.ID // used to remove the node and trigger failover - serverNode topology.NodeID -} -type nodeKey struct { - dc string - partition string + nearServerNode topology.NodeID + farServerSID topology.ID + farServerNode topology.NodeID } // Note: this test cannot share topo func TestAC6Failovers(t *testing.T) { - ct := NewCommonTopo(t) - s := &ac6FailoversSuite{} - s.setup(t, ct) - ct.Launch(t) - s.test(t, ct) + // bit banging to get all permutations of all params + const nParams = 3 + // i.e 2**nParams + const n = int(1) << nParams + for i := 0; i < n; i++ { + s := ac6FailoversSuite{ + // xth bit == 1 + NearInDial: (i>>0)&1 == 1, + NearInPartAlt: (i>>1)&1 == 1, + FarInPartAlt: (i>>2)&1 == 1, + } + // ensure the servers are always in separate DCs + s.FarInAcc = s.NearInDial + t.Run(fmt.Sprintf("%02d_%s", i, s.testName()), func(t *testing.T) { + t.Parallel() + ct := NewCommonTopo(t) + s.setup(t, ct) + ct.Launch(t) + s.test(t, ct) + }) + } } -func (s *ac6FailoversSuite) setup(t *testing.T, ct *commonTopo) { - // TODO: update setups to loop through a cluster's partitions+namespaces internally - s.setupAC6Failovers(ct, ct.DC1, ct.DC2) - s.setupAC6Failovers(ct, ct.DC2, ct.DC1) - s.setupAC6FailoversDC3(ct, ct.DC3, ct.DC1, ct.DC2) +func TestNET5029Failovers(t *testing.T) { + // TODO: *.{a,b} are not actually peering tests, and should technically be moved elsewhere + suites := map[string]ac6FailoversSuite{ + "1.a": { + FarInAcc: true, + FarInPartAlt: true, + }, + "1.b": { + FarInAcc: true, + FarInNSAlt: true, + }, + "1.c": { + FarInNSAlt: true, + }, + "1.d": { + FarInPartAlt: true, + }, + "2.a": { + FarInAcc: true, + NearInPartAlt: true, + }, + "2.b": { + FarInAcc: true, + NearInNSAlt: true, + }, + "2.c": { + NearInDial: true, + NearInNSAlt: true, + FarInAcc: true, + }, + "2.d": { + NearInDial: true, + NearInPartAlt: true, + FarInAcc: true, + }, + } + for name, s := range suites { + s := s + t.Run(fmt.Sprintf("%s_%s", name, s.testName()), func(t *testing.T) { + if name == "1.b" { + t.Skip("TODO: fails with 503/504") + } + t.Parallel() + ct := NewCommonTopo(t) + s.setup(t, ct) + ct.Launch(t) + s.test(t, ct) + }) + } } -// dc1 is peered with dc2 and dc3. -// dc1 has an ac6-client in "default" and "part1" partitions (only default in CE). -// ac6-client has a single upstream ac6-failover-svc in its respective partition^. -// -// ac6-failover-svc has the following failovers: -// - peer-dc2-default -// - peer-dc2-part1 (not in CE) -// - peer-dc3-default -// -// This setup is mirrored from dc2->dc1 as well -// (both dcs have dc3 as the last failover target) -// -// ^NOTE: There are no cross-partition upstreams because MeshGatewayMode = local -// and failover information gets stripped out by the mesh gateways so we -// can't test failovers. -func (s *ac6FailoversSuite) setupAC6Failovers(ct *commonTopo, clu, peerClu *topology.Cluster) { - for _, part := range clu.Partitions { - partition := part.Name - - // There is a peering per partition in the peered cluster - var peers []string - for _, peerPart := range peerClu.Partitions { - peers = append(peers, LocalPeerName(peerClu, peerPart.Name)) +func TestAC6Failovers_AllPermutations(t *testing.T) { + // + t.Skip("Too many permutations") + // bit banging to get all permutations of all params + const nParams = 6 + // i.e 2**nParams + const n = int(1) << nParams + for i := 0; i < n; i++ { + s := ac6FailoversSuite{ + // xth bit == 1 + NearInDial: (i>>0)&1 == 1, + FarInAcc: (i>>1)&1 == 1, + NearInPartAlt: (i>>2)&1 == 1, + FarInPartAlt: (i>>3)&1 == 1, + NearInNSAlt: (i>>4)&1 == 1, + FarInNSAlt: (i>>5)&1 == 1, } + t.Run(fmt.Sprintf("%02d_%s", i, s.testName()), func(t *testing.T) { + t.Parallel() + ct := NewCommonTopo(t) + s.setup(t, ct) + ct.Launch(t) + s.test(t, ct) + }) + } +} - // Make an HTTP server with various failover targets - serverSID := topology.ServiceID{ - Name: "ac6-failover-svc", - Partition: partition, +func (s *ac6FailoversSuite) testName() (ret string) { + switch s.NearInDial { + case true: + ret += "dial" + default: + ret += "acc" + } + ret += "." + switch s.NearInPartAlt { + case true: + ret += "alt" + default: + ret += "default" + } + ret += "." + switch s.NearInNSAlt { + case true: + ret += "alt" + default: + ret += "default" + } + + ret += "->" + + switch s.FarInAcc { + case true: + ret += "acc" + default: + ret += "dial" + } + ret += "." + switch s.FarInPartAlt { + case true: + ret += "alt" + default: + ret += "default" + } + ret += "." + switch s.FarInNSAlt { + case true: + ret += "alt" + default: + ret += "default" + } + + return +} + +func (s *ac6FailoversSuite) setup(t *testing.T, ct *commonTopo) { + if !utils.IsEnterprise() { + if s.NearInPartAlt || s.FarInPartAlt { + t.Skip("ENT required for nondefault partitions") } - server := NewFortioServiceWithDefaults( - clu.Datacenter, - serverSID, - nil, - ) - // Export to all known peers - ct.ExportService(clu, partition, + if s.NearInNSAlt || s.FarInNSAlt { + t.Skip("ENT required for nondefault namespaces") + } + } + + nearClu := ct.DC1 + farClu := ct.DC2 + if s.NearInDial { + nearClu = ct.DC2 + } + if s.FarInAcc { + farClu = ct.DC1 + } + + // - server in clientPartition/DC (main target) + nearServerSID := topology.ID{ + Name: "ac6-server", + Partition: defaultToEmptyForCE("default"), + Namespace: defaultToEmptyForCE("default"), + } + if s.NearInPartAlt { + nearServerSID.Partition = "part1" + } + if s.NearInNSAlt { + nearServerSID.Namespace = "ns1" + } + nearServer := NewFortioServiceWithDefaults( + nearClu.Datacenter, + nearServerSID, + nil, + ) + nearServerNode := ct.AddServiceNode(nearClu, serviceExt{Workload: nearServer}) + + nearClu.InitialConfigEntries = append(nearClu.InitialConfigEntries, + &api.ServiceConfigEntry{ + Kind: api.ServiceDefaults, + Name: nearServerSID.Name, + Partition: defaultToEmptyForCE(nearServerSID.Partition), + Namespace: defaultToEmptyForCE(nearServerSID.Namespace), + Protocol: "http", + }, + ) + // - server in otherPartition/otherDC + farServerSID := topology.ID{ + Name: nearServerSID.Name, + Partition: defaultToEmptyForCE("default"), + Namespace: defaultToEmptyForCE("default"), + } + if s.FarInPartAlt { + farServerSID.Partition = "part1" + } + if s.FarInNSAlt { + farServerSID.Namespace = "ns1" + } + farServer := NewFortioServiceWithDefaults( + farClu.Datacenter, + farServerSID, + nil, + ) + farServerNode := ct.AddServiceNode(farClu, serviceExt{Workload: farServer}) + if nearClu != farClu { + ct.ExportService(farClu, farServerSID.Partition, api.ExportedService{ - Name: server.ID.Name, - Consumers: func() []api.ServiceConsumer { - var consumers []api.ServiceConsumer - for _, peer := range peers { - consumers = append(consumers, api.ServiceConsumer{ - Peer: peer, - }) - } - return consumers - }(), - }, - ) - serverNode := ct.AddServiceNode(clu, serviceExt{Service: server}) - - clu.InitialConfigEntries = append(clu.InitialConfigEntries, - &api.ServiceConfigEntry{ - Kind: api.ServiceDefaults, - Name: server.ID.Name, - Partition: ConfigEntryPartition(partition), - Protocol: "http", - }, - &api.ServiceResolverConfigEntry{ - Kind: api.ServiceResolver, - Name: server.ID.Name, - Partition: ConfigEntryPartition(partition), - Failover: map[string]api.ServiceResolverFailover{ - "*": { - Targets: func() []api.ServiceResolverFailoverTarget { - // Make a failover target for every partition in the peer cluster - var targets []api.ServiceResolverFailoverTarget - for _, peer := range peers { - targets = append(targets, api.ServiceResolverFailoverTarget{ - Peer: peer, - }) - } - // Just hard code default partition for dc3, since the exhaustive - // testing will be done against dc2. - targets = append(targets, api.ServiceResolverFailoverTarget{ - Peer: "peer-dc3-default", - }) - return targets - }(), + Name: farServerSID.Name, + Namespace: defaultToEmptyForCE(farServerSID.Namespace), + Consumers: []api.ServiceConsumer{ + { + Peer: LocalPeerName(nearClu, nearServerSID.Partition), }, }, }, ) - - // Make client which will dial server - clientSID := topology.ServiceID{ - Name: "ac6-client", - Partition: partition, - } - client := NewFortioServiceWithDefaults( - clu.Datacenter, - clientSID, - func(s *topology.Service) { - // Upstream per partition - s.Upstreams = []*topology.Upstream{ + } else if nearClu == farClu && farServerSID.Partition != nearServerSID.Partition { + ct.ExportService(farClu, farServerSID.Partition, + api.ExportedService{ + Name: farServerSID.Name, + Namespace: defaultToEmptyForCE(farServerSID.Namespace), + Consumers: []api.ServiceConsumer{ { - ID: topology.ServiceID{ - Name: server.ID.Name, - Partition: part.Name, - }, - LocalPort: 5000, - // exposed so we can hit it directly - // TODO: we shouldn't do this; it's not realistic - LocalAddress: "0.0.0.0", + // this must not be "", or else it is basically ignored altogether + // TODO: bug? if this whole struct is empty, that should be an error + Partition: topology.PartitionOrDefault(nearServerSID.Partition), }, - } - }, - ) - ct.ExportService(clu, partition, - api.ExportedService{ - Name: client.ID.Name, - Consumers: func() []api.ServiceConsumer { - var consumers []api.ServiceConsumer - // Export to each peer - for _, peer := range peers { - consumers = append(consumers, api.ServiceConsumer{ - Peer: peer, - }) - } - return consumers - }(), - }, - ) - ct.AddServiceNode(clu, serviceExt{Service: client}) - - clu.InitialConfigEntries = append(clu.InitialConfigEntries, - &api.ServiceConfigEntry{ - Kind: api.ServiceDefaults, - Name: client.ID.Name, - Partition: ConfigEntryPartition(partition), - Protocol: "http", + }, }, ) + } - // Add intention allowing local and peered clients to call server - clu.InitialConfigEntries = append(clu.InitialConfigEntries, - &api.ServiceIntentionsConfigEntry{ - Kind: api.ServiceIntentions, - Name: server.ID.Name, - Partition: ConfigEntryPartition(partition), - // SourceIntention for local client and peered clients - Sources: func() []*api.SourceIntention { - ixns := []*api.SourceIntention{ - { - Name: client.ID.Name, - Partition: ConfigEntryPartition(part.Name), - Action: api.IntentionActionAllow, - }, - } - for _, peer := range peers { - ixns = append(ixns, &api.SourceIntention{ - Name: client.ID.Name, - Peer: peer, - Action: api.IntentionActionAllow, - }) - } - return ixns - }(), + var targets []api.ServiceResolverFailoverTarget + if nearClu != farClu { + targets = []api.ServiceResolverFailoverTarget{ + { + Service: farServerSID.Name, + Peer: LocalPeerName(farClu, farServerSID.Partition), + Namespace: defaultToEmptyForCE(farServerSID.Namespace), }, - ) - if s.ac6 == nil { - s.ac6 = map[nodeKey]ac6FailoversContext{} } - s.ac6[nodeKey{clu.Datacenter, partition}] = struct { - clientSID topology.ServiceID - serverSID topology.ServiceID - serverNode topology.NodeID - }{ - clientSID: clientSID, - serverSID: serverSID, - serverNode: serverNode.ID(), + } else { + part := ConfigEntryPartition(farServerSID.Partition) + // weird exception here where target partition set to "" means "inherit from parent" + // TODO: bug? docs say "" -> default: + // https://developer.hashicorp.com/consul/docs/connect/config-entries/service-resolver#failover-targets-partition + if farServerSID.Partition == "default" && nearServerSID.Partition != "default" { + part = "default" + } + targets = []api.ServiceResolverFailoverTarget{ + { + Service: farServerSID.Name, + Partition: defaultToEmptyForCE(part), + Namespace: defaultToEmptyForCE(farServerSID.Namespace), + }, } } -} - -func (s *ac6FailoversSuite) setupAC6FailoversDC3(ct *commonTopo, clu, peer1, peer2 *topology.Cluster) { - var peers []string - for _, part := range peer1.Partitions { - peers = append(peers, LocalPeerName(peer1, part.Name)) - } - for _, part := range peer2.Partitions { - peers = append(peers, LocalPeerName(peer2, part.Name)) - } - - partition := "default" - // Make an HTTP server - server := NewFortioServiceWithDefaults( - clu.Datacenter, - topology.ServiceID{ - Name: "ac6-failover-svc", - Partition: partition, + nearClu.InitialConfigEntries = append(nearClu.InitialConfigEntries, + &api.ServiceConfigEntry{ + Kind: api.ServiceDefaults, + Name: farServerSID.Name, + Partition: defaultToEmptyForCE(farServerSID.Partition), + Namespace: defaultToEmptyForCE(farServerSID.Namespace), + Protocol: "http", + }, + &api.ServiceResolverConfigEntry{ + Kind: api.ServiceResolver, + Name: nearServerSID.Name, + Partition: defaultToEmptyForCE(nearServerSID.Partition), + Namespace: defaultToEmptyForCE(nearServerSID.Namespace), + Failover: map[string]api.ServiceResolverFailover{ + "*": { + Targets: targets, + }, + }, }, - nil, ) - ct.AddServiceNode(clu, serviceExt{ - Service: server, - Config: &api.ServiceConfigEntry{ + clientSID := topology.ID{ + Name: "ac6-client", + Partition: defaultToEmptyForCE(nearServerSID.Partition), + Namespace: defaultToEmptyForCE(nearServerSID.Namespace), + } + client := NewFortioServiceWithDefaults( + nearClu.Datacenter, + clientSID, + func(s *topology.Workload) { + // Destination per partition + s.Destinations = []*topology.Destination{ + { + ID: topology.ID{ + Name: nearServerSID.Name, + Partition: defaultToEmptyForCE(nearServerSID.Partition), + Namespace: defaultToEmptyForCE(nearServerSID.Namespace), + }, + LocalPort: 5000, + // exposed so we can hit it directly + // TODO: we shouldn't do this; it's not realistic + LocalAddress: "0.0.0.0", + }, + } + }, + ) + ct.AddServiceNode(nearClu, serviceExt{Workload: client}) + nearClu.InitialConfigEntries = append(nearClu.InitialConfigEntries, + &api.ServiceConfigEntry{ Kind: api.ServiceDefaults, - Name: server.ID.Name, - Partition: ConfigEntryPartition(partition), + Name: clientSID.Name, + Partition: defaultToEmptyForCE(clientSID.Partition), + Namespace: defaultToEmptyForCE(clientSID.Namespace), Protocol: "http", }, - Intentions: &api.ServiceIntentionsConfigEntry{ + ) + + // intentions + nearClu.InitialConfigEntries = append(nearClu.InitialConfigEntries, + &api.ServiceIntentionsConfigEntry{ Kind: api.ServiceIntentions, - Name: server.ID.Name, - Partition: ConfigEntryPartition(partition), - Sources: func() []*api.SourceIntention { - var ixns []*api.SourceIntention - for _, peer := range peers { - ixns = append(ixns, &api.SourceIntention{ - Name: "ac6-client", - Peer: peer, - Action: api.IntentionActionAllow, - }) - } - return ixns - }(), + Name: nearServerSID.Name, + Partition: defaultToEmptyForCE(nearServerSID.Partition), + Namespace: defaultToEmptyForCE(nearServerSID.Namespace), + Sources: []*api.SourceIntention{{ + Name: clientSID.Name, + Namespace: defaultToEmptyForCE(clientSID.Namespace), + // in this field, "" -> destination partition, so no ConfigEntryPartition :eyeroll: + // https://developer.hashicorp.com/consul/docs/connect/config-entries/service-intentions#sources-partition + Partition: defaultToEmptyForCE(clientSID.Partition), + Action: api.IntentionActionAllow, + }}, }, - Exports: func() []api.ServiceConsumer { - var consumers []api.ServiceConsumer - for _, peer := range peers { - consumers = append(consumers, api.ServiceConsumer{ - Peer: peer, - }) - } - return consumers - }(), - }) + ) + farSource := api.SourceIntention{ + Name: clientSID.Name, + Namespace: defaultToEmptyForCE(clientSID.Namespace), + Peer: LocalPeerName(nearClu, clientSID.Partition), + Action: api.IntentionActionAllow, + } + if nearClu == farClu { + farSource.Peer = "" + // in this field, "" -> destination partition, so no ConfigEntryPartition :eyeroll: + // https://developer.hashicorp.com/consul/docs/connect/config-entries/service-intentions#sources-partition + farSource.Partition = topology.PartitionOrDefault(clientSID.Partition) + } + farClu.InitialConfigEntries = append(farClu.InitialConfigEntries, + &api.ServiceIntentionsConfigEntry{ + Kind: api.ServiceIntentions, + Name: farServerSID.Name, + Partition: defaultToEmptyForCE(farServerSID.Partition), + Namespace: defaultToEmptyForCE(farServerSID.Namespace), + Sources: []*api.SourceIntention{&farSource}, + }, + ) + + s.clientSID = clientSID + s.nearServerSID = nearServerSID + s.farServerSID = farServerSID + s.nearServerNode = nearServerNode.ID() + s.farServerNode = farServerNode.ID() } func (s *ac6FailoversSuite) test(t *testing.T, ct *commonTopo) { - dc1 := ct.Sprawl.Topology().Clusters["dc1"] - dc2 := ct.Sprawl.Topology().Clusters["dc2"] - - type testcase struct { - name string - cluster *topology.Cluster - peer *topology.Cluster - partition string + // NOTE: *not parallel* because we mutate resources that are shared + // between test cases (disable/enable nodes) + + nearClu := ct.Sprawl.Topology().Clusters["dc1"] + farClu := ct.Sprawl.Topology().Clusters["dc2"] + if s.NearInDial { + nearClu = ct.Sprawl.Topology().Clusters["dc2"] } - tcs := []testcase{ - { - name: "dc1 default partition failovers", - cluster: dc1, - peer: dc2, // dc3 is hardcoded - partition: "default", - }, - { - name: "dc1 part1 partition failovers", - cluster: dc1, - peer: dc2, // dc3 is hardcoded - partition: "part1", - }, - { - name: "dc2 default partition failovers", - cluster: dc2, - peer: dc1, // dc3 is hardcoded - partition: "default", - }, - { - name: "dc2 part1 partition failovers", - cluster: dc2, - peer: dc1, // dc3 is hardcoded - partition: "part1", - }, + if s.FarInAcc { + farClu = ct.Sprawl.Topology().Clusters["dc1"] } - for _, tc := range tcs { - t.Run(tc.name, func(t *testing.T) { - // NOTE: *not parallel* because we mutate resources that are shared - // between test cases (disable/enable nodes) - if !utils.IsEnterprise() && tc.partition != "default" { - t.Skip("skipping enterprise test") - } - partition := tc.partition - clu := tc.cluster - peerClu := tc.peer - - svcs := clu.ServicesByID(s.ac6[nodeKey{clu.Datacenter, partition}].clientSID) - require.Len(t, svcs, 1, "expected exactly one client in datacenter") - - serverSID := s.ac6[nodeKey{clu.Datacenter, partition}].serverSID - serverSID.Normalize() - - client := svcs[0] - require.Len(t, client.Upstreams, 1, "expected one upstream for client") - - u := client.Upstreams[0] - ct.Assert.CatalogServiceExists(t, clu.Name, u.ID.Name, utils.CompatQueryOpts(&api.QueryOptions{ - Partition: u.ID.Partition, - })) - - t.Cleanup(func() { - cfg := ct.Sprawl.Config() - for _, part := range clu.Partitions { - EnableNode(t, cfg, clu.Name, s.ac6[nodeKey{clu.Datacenter, part.Name}].serverNode) - } - for _, part := range peerClu.Partitions { - EnableNode(t, cfg, peerClu.Name, s.ac6[nodeKey{peerClu.Datacenter, part.Name}].serverNode) - } - require.NoError(t, ct.Sprawl.Relaunch(cfg)) - }) - - fmt.Println("### preconditions") - // TODO: deduce this number, instead of hard-coding - nFailoverTargets := 4 - // in CE, we don't have failover targets for non-default partitions - if !utils.IsEnterprise() { - nFailoverTargets = 3 - } - for i := 0; i < nFailoverTargets; i++ { - ct.Assert.UpstreamEndpointStatus(t, client, fmt.Sprintf("failover-target~%d~%s", i, clusterPrefix(u, clu.Datacenter)), "HEALTHY", 1) - } - ct.Assert.FortioFetch2FortioName(t, client, u, clu.Name, serverSID) + svcs := nearClu.WorkloadsByID(s.clientSID) + require.Len(t, svcs, 1, "expected exactly one client in datacenter") - if t.Failed() { - t.Fatalf("failed preconditions") - } + client := svcs[0] + require.Len(t, client.Destinations, 1, "expected one upstream for client") + upstream := client.Destinations[0] - fmt.Println("### Failover to peer target") - cfg := ct.Sprawl.Config() - DisableNode(t, cfg, clu.Name, s.ac6[nodeKey{clu.Datacenter, partition}].serverNode) - require.NoError(t, ct.Sprawl.Relaunch(cfg)) - // Clusters for imported services rely on outlier detection for - // failovers, NOT eds_health_status. This means that killing the - // node above does not actually make the envoy cluster UNHEALTHY - // so we do not assert for it. - expectUID := topology.ServiceID{ - Name: u.ID.Name, - Partition: "default", - } - expectUID.Normalize() - ct.Assert.FortioFetch2FortioName(t, client, u, peerClu.Name, expectUID) - - if utils.IsEnterprise() { - fmt.Println("### Failover to peer target in non-default partition") - cfg = ct.Sprawl.Config() - DisableNode(t, cfg, clu.Name, s.ac6[nodeKey{clu.Datacenter, partition}].serverNode) - DisableNode(t, cfg, peerClu.Name, s.ac6[nodeKey{peerClu.Datacenter, "default"}].serverNode) - require.NoError(t, ct.Sprawl.Relaunch(cfg)) - // Retry until outlier_detection deems the cluster - // unhealthy and fails over to peer part1. - expectUID = topology.ServiceID{ - Name: u.ID.Name, - Partition: "part1", - } - expectUID.Normalize() - ct.Assert.FortioFetch2FortioName(t, client, u, peerClu.Name, expectUID) - } + fmt.Println("### preconditions") - fmt.Println("### Failover to dc3 peer target") - cfg = ct.Sprawl.Config() - DisableNode(t, cfg, clu.Name, s.ac6[nodeKey{clu.Datacenter, partition}].serverNode) - // Disable all partitions for peer - for _, part := range peerClu.Partitions { - DisableNode(t, cfg, peerClu.Name, s.ac6[nodeKey{peerClu.Datacenter, part.Name}].serverNode) - } - require.NoError(t, ct.Sprawl.Relaunch(cfg)) - // This will retry until outlier_detection deems the cluster - // unhealthy and fails over to dc3. - expectUID = topology.ServiceID{ - Name: u.ID.Name, - Partition: "default", - } - expectUID.Normalize() - ct.Assert.FortioFetch2FortioName(t, client, u, "dc3", expectUID) - }) + // this is the server in the same DC and partitions as client + serverSID := s.nearServerSID + serverSID.Normalize() + ct.Assert.FortioFetch2FortioName(t, client, upstream, nearClu.Name, serverSID) + + ct.Assert.CatalogServiceExists(t, nearClu.Name, upstream.ID.Name, utils.CompatQueryOpts(&api.QueryOptions{ + Partition: upstream.ID.Partition, + Namespace: upstream.ID.Namespace, + })) + + if t.Failed() { + t.Fatal("failed preconditions") } + + fmt.Println("### failover") + + cfg := ct.Sprawl.Config() + DisableNode(t, cfg, nearClu.Name, s.nearServerNode) + require.NoError(t, ct.Sprawl.RelaunchWithPhase(cfg, "failover")) + // Clusters for imported services rely on outlier detection for + // failovers, NOT eds_health_status. This means that killing the + // node above does not actually make the envoy cluster UNHEALTHY + // so we do not assert for it. + expectSID := s.farServerSID + expectSID.Normalize() + ct.Assert.FortioFetch2FortioName(t, client, upstream, farClu.Name, expectSID) } -func clusterPrefix(u *topology.Upstream, dc string) string { - u.ID.Normalize() - switch u.ID.Partition { - case "default": - return fmt.Sprintf("%s.%s.%s.internal", u.ID.Name, u.ID.Namespace, dc) - default: - return fmt.Sprintf("%s.%s.%s.%s.internal-v1", u.ID.Name, u.ID.Namespace, u.ID.Partition, dc) +func defaultToEmptyForCE(tenancy string) string { + if utils.IsEnterprise() { + return tenancy } + return topology.DefaultToEmpty(tenancy) } diff --git a/test-integ/peering_commontopo/ac7_1_rotate_gw_test.go b/test-integ/peering_commontopo/ac7_1_rotate_gw_test.go index 4973cb6d0487..6c5749f37c4d 100644 --- a/test-integ/peering_commontopo/ac7_1_rotate_gw_test.go +++ b/test-integ/peering_commontopo/ac7_1_rotate_gw_test.go @@ -8,10 +8,9 @@ import ( "strings" "testing" + "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/testing/deployer/topology" "github.com/stretchr/testify/require" - - "github.com/hashicorp/consul/api" ) // TestRotateGW ensures that peered services continue to be able to talk to their @@ -22,13 +21,13 @@ type suiteRotateGW struct { DC string Peer string - sidServer topology.ServiceID + sidServer topology.ID nodeServer topology.NodeID - sidClient topology.ServiceID + sidClient topology.ID nodeClient topology.NodeID - upstream *topology.Upstream + upstream *topology.Destination newMGWNodeName string } @@ -63,7 +62,7 @@ func (s *suiteRotateGW) setup(t *testing.T, ct *commonTopo) { server := NewFortioServiceWithDefaults( peerClu.Datacenter, - topology.ServiceID{ + topology.ID{ Name: prefix + "server-http", Partition: partition, }, @@ -71,8 +70,8 @@ func (s *suiteRotateGW) setup(t *testing.T, ct *commonTopo) { ) // Make clients which have server upstreams - upstream := &topology.Upstream{ - ID: topology.ServiceID{ + upstream := &topology.Destination{ + ID: topology.ID{ Name: server.ID.Name, Partition: partition, }, @@ -84,17 +83,17 @@ func (s *suiteRotateGW) setup(t *testing.T, ct *commonTopo) { // create client in us client := NewFortioServiceWithDefaults( clu.Datacenter, - topology.ServiceID{ + topology.ID{ Name: prefix + "client", Partition: partition, }, - func(s *topology.Service) { - s.Upstreams = []*topology.Upstream{ + func(s *topology.Workload) { + s.Destinations = []*topology.Destination{ upstream, } }, ) - clientNode := ct.AddServiceNode(clu, serviceExt{Service: client, + clientNode := ct.AddServiceNode(clu, serviceExt{Workload: client, Config: &api.ServiceConfigEntry{ Kind: api.ServiceDefaults, Name: client.ID.Name, @@ -111,7 +110,7 @@ func (s *suiteRotateGW) setup(t *testing.T, ct *commonTopo) { }) // actually to be used by the other pairing serverNode := ct.AddServiceNode(peerClu, serviceExt{ - Service: server, + Workload: server, Config: &api.ServiceConfigEntry{ Kind: api.ServiceDefaults, Name: server.ID.Name, @@ -142,10 +141,10 @@ func (s *suiteRotateGW) setup(t *testing.T, ct *commonTopo) { // add a second mesh gateway "new" s.newMGWNodeName = fmt.Sprintf("new-%s-default-mgw", clu.Name) nodeKind := topology.NodeKindClient - if clu.Datacenter == agentlessDC { + if clu.Datacenter == ct.agentlessDC { nodeKind = topology.NodeKindDataplane } - clu.Nodes = append(clu.Nodes, newTopologyMeshGatewaySet( + _, mgwNodes := newTopologyMeshGatewaySet( nodeKind, "default", s.newMGWNodeName, @@ -154,18 +153,19 @@ func (s *suiteRotateGW) setup(t *testing.T, ct *commonTopo) { func(i int, node *topology.Node) { node.Disabled = true }, - )...) + ) + clu.Nodes = append(clu.Nodes, mgwNodes...) } func (s *suiteRotateGW) test(t *testing.T, ct *commonTopo) { dc := ct.Sprawl.Topology().Clusters[s.DC] peer := ct.Sprawl.Topology().Clusters[s.Peer] - svcHTTPServer := peer.ServiceByID( + svcHTTPServer := peer.WorkloadByID( s.nodeServer, s.sidServer, ) - svcHTTPClient := dc.ServiceByID( + svcHTTPClient := dc.WorkloadByID( s.nodeClient, s.sidClient, ) diff --git a/test-integ/peering_commontopo/ac7_2_rotate_leader_test.go b/test-integ/peering_commontopo/ac7_2_rotate_leader_test.go index a5684ebbc024..2cf9920278a2 100644 --- a/test-integ/peering_commontopo/ac7_2_rotate_leader_test.go +++ b/test-integ/peering_commontopo/ac7_2_rotate_leader_test.go @@ -8,14 +8,13 @@ import ( "testing" "time" + "github.com/hashicorp/consul/api" + "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/test/integration/consul-container/libs/utils" "github.com/hashicorp/consul/testing/deployer/topology" "github.com/mitchellh/copystructure" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - - "github.com/hashicorp/consul/api" - "github.com/hashicorp/consul/sdk/testutil/retry" ) // TestAC7_2RotateLeader ensures that after a leader rotation, information continues to replicate to peers @@ -24,13 +23,13 @@ type ac7_2RotateLeaderSuite struct { DC string Peer string - sidServer topology.ServiceID + sidServer topology.ID nodeServer topology.NodeID - sidClient topology.ServiceID + sidClient topology.ID nodeClient topology.NodeID - upstream *topology.Upstream + upstream *topology.Destination } func TestAC7_2RotateLeader(t *testing.T) { @@ -64,7 +63,7 @@ func (s *ac7_2RotateLeaderSuite) setup(t *testing.T, ct *commonTopo) { server := NewFortioServiceWithDefaults( peerClu.Datacenter, - topology.ServiceID{ + topology.ID{ Name: prefix + "server-http", Partition: partition, }, @@ -72,8 +71,8 @@ func (s *ac7_2RotateLeaderSuite) setup(t *testing.T, ct *commonTopo) { ) // Make clients which have server upstreams - upstream := &topology.Upstream{ - ID: topology.ServiceID{ + upstream := &topology.Destination{ + ID: topology.ID{ Name: server.ID.Name, Partition: partition, }, @@ -83,17 +82,17 @@ func (s *ac7_2RotateLeaderSuite) setup(t *testing.T, ct *commonTopo) { // create client in us client := NewFortioServiceWithDefaults( clu.Datacenter, - topology.ServiceID{ + topology.ID{ Name: prefix + "client", Partition: partition, }, - func(s *topology.Service) { - s.Upstreams = []*topology.Upstream{ + func(s *topology.Workload) { + s.Destinations = []*topology.Destination{ upstream, } }, ) - clientNode := ct.AddServiceNode(clu, serviceExt{Service: client, + clientNode := ct.AddServiceNode(clu, serviceExt{Workload: client, Config: &api.ServiceConfigEntry{ Kind: api.ServiceDefaults, Name: client.ID.Name, @@ -110,7 +109,7 @@ func (s *ac7_2RotateLeaderSuite) setup(t *testing.T, ct *commonTopo) { }) // actually to be used by the other pairing serverNode := ct.AddServiceNode(peerClu, serviceExt{ - Service: server, + Workload: server, Config: &api.ServiceConfigEntry{ Kind: api.ServiceDefaults, Name: server.ID.Name, @@ -145,8 +144,8 @@ func (s *ac7_2RotateLeaderSuite) test(t *testing.T, ct *commonTopo) { clDC := ct.APIClientForCluster(t, dc) clPeer := ct.APIClientForCluster(t, peer) - svcServer := peer.ServiceByID(s.nodeServer, s.sidServer) - svcClient := dc.ServiceByID(s.nodeClient, s.sidClient) + svcServer := peer.WorkloadByID(s.nodeServer, s.sidServer) + svcClient := dc.WorkloadByID(s.nodeClient, s.sidClient) ct.Assert.HealthyWithPeer(t, dc.Name, svcServer.ID, LocalPeerName(peer, "default")) ct.Assert.FortioFetch2HeaderEcho(t, svcClient, s.upstream) @@ -165,7 +164,7 @@ func (s *ac7_2RotateLeaderSuite) test(t *testing.T, ct *commonTopo) { found := 0 foundI := 0 for i, svc := range ceAsES.Services { - if svc.Name == s.sidServer.Name && svc.Namespace == utils.DefaultToEmpty(s.sidServer.Namespace) { + if svc.Name == s.sidServer.Name && utils.DefaultToEmpty(svc.Namespace) == utils.DefaultToEmpty(s.sidServer.Namespace) { found += 1 foundI = i } @@ -176,7 +175,7 @@ func (s *ac7_2RotateLeaderSuite) test(t *testing.T, ct *commonTopo) { _, _, err = clPeer.ConfigEntries().Set(ceAsES, nil) require.NoError(t, err) t.Cleanup(func() { - //restore for next pairing + // restore for next pairing _, _, err = clPeer.ConfigEntries().Set(origCE.(*api.ExportedServicesConfigEntry), nil) require.NoError(t, err) }) diff --git a/test-integ/peering_commontopo/commontopo.go b/test-integ/peering_commontopo/commontopo.go index e43456b231bc..8d931d86bb2e 100644 --- a/test-integ/peering_commontopo/commontopo.go +++ b/test-integ/peering_commontopo/commontopo.go @@ -4,23 +4,21 @@ package peering import ( - "bytes" "context" "fmt" - "strconv" "testing" - "text/tabwriter" "time" + "github.com/hashicorp/consul/api" + "github.com/hashicorp/consul/sdk/testutil/retry" + "github.com/hashicorp/consul/test/integration/consul-container/libs/utils" "github.com/hashicorp/consul/testing/deployer/sprawl" "github.com/hashicorp/consul/testing/deployer/sprawl/sprawltest" "github.com/hashicorp/consul/testing/deployer/topology" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/hashicorp/consul/api" - "github.com/hashicorp/consul/sdk/testutil/retry" - "github.com/hashicorp/consul/test/integration/consul-container/libs/utils" + "github.com/hashicorp/consul/test-integ/topoutil" ) // commonTopo helps create a shareable topology configured to represent @@ -42,74 +40,110 @@ type commonTopo struct { // shortcuts to corresponding entry in Cfg DC1 *topology.Cluster DC2 *topology.Cluster + // nil if includeDC3 is false DC3 *topology.Cluster // set after Launch. Should be considered read-only Sprawl *sprawl.Sprawl - Assert *asserter + Assert *topoutil.Asserter // track per-DC services to prevent duplicates - services map[string]map[topology.ServiceID]struct{} + services map[string]map[topology.ID]struct{} + + // if zero, no DCs are agentless + agentlessDC string + + // if true, create DC3 and associated links (currently only used by ac5.2) + includeDC3 bool + + peerThroughMGW bool } -const agentlessDC = "dc2" +func NewCommonTopoWithoutAgentless(t *testing.T) *commonTopo { + t.Helper() + return newCommonTopo(t, "", false, true) +} func NewCommonTopo(t *testing.T) *commonTopo { t.Helper() + return newCommonTopo(t, "dc2", false, true) +} - ct := commonTopo{} +func newCommonTopo(t *testing.T, agentlessDC string, includeDC3 bool, peerThroughMGW bool) *commonTopo { + t.Helper() + + ct := commonTopo{ + agentlessDC: agentlessDC, + includeDC3: includeDC3, + peerThroughMGW: peerThroughMGW, + } const nServers = 3 // Make 3-server clusters in dc1 and dc2 // For simplicity, the Name and Datacenter of the clusters are the same. // dc1 and dc2 should be symmetric. - dc1 := clusterWithJustServers("dc1", nServers) + dc1 := ct.clusterWithJustServers("dc1", nServers) ct.DC1 = dc1 - dc2 := clusterWithJustServers("dc2", nServers) + dc2 := ct.clusterWithJustServers("dc2", nServers) ct.DC2 = dc2 - // dc3 is a failover cluster for both dc1 and dc2 - dc3 := clusterWithJustServers("dc3", 1) - // dc3 is only used for certain failover scenarios and does not need tenancies - dc3.Partitions = []*topology.Partition{{Name: "default"}} - ct.DC3 = dc3 + clusters := []*topology.Cluster{dc1, dc2} + + var dc3 *topology.Cluster + + if ct.includeDC3 { + // dc3 is a failover cluster for both dc1 and dc2 + dc3 = ct.clusterWithJustServers("dc3", 1) + // dc3 is only used for certain failover scenarios and does not need tenancies + dc3.Partitions = []*topology.Partition{{Name: "default"}} + ct.DC3 = dc3 + // dc3 is only used for certain failover scenarios and does not need tenancies + dc3.Partitions = []*topology.Partition{{Name: "default"}} + + clusters = append(clusters, dc3) + } injectTenancies(dc1) injectTenancies(dc2) - // dc3 is only used for certain failover scenarios and does not need tenancies - dc3.Partitions = []*topology.Partition{{Name: "default"}} + // dc3 doesn't get tenancies - ct.services = map[string]map[topology.ServiceID]struct{}{} - for _, dc := range []*topology.Cluster{dc1, dc2, dc3} { - ct.services[dc.Datacenter] = map[topology.ServiceID]struct{}{} + ct.services = map[string]map[topology.ID]struct{}{} + for _, dc := range clusters { + ct.services[dc.Datacenter] = map[topology.ID]struct{}{} } peerings := addPeerings(dc1, dc2) - peerings = append(peerings, addPeerings(dc1, dc3)...) - peerings = append(peerings, addPeerings(dc2, dc3)...) + if ct.includeDC3 { + peerings = append(peerings, addPeerings(dc1, dc3)...) + peerings = append(peerings, addPeerings(dc2, dc3)...) + } + + ct.addMeshGateways(dc1) + ct.addMeshGateways(dc2) + if ct.includeDC3 { + ct.addMeshGateways(dc3) + } - addMeshGateways(dc1) - addMeshGateways(dc2) - addMeshGateways(dc3) + ct.setupGlobals(dc1) + ct.setupGlobals(dc2) + if ct.includeDC3 { + ct.setupGlobals(dc3) + } - setupGlobals(dc1) - setupGlobals(dc2) - setupGlobals(dc3) + networks := []*topology.Network{ + {Name: "wan", Type: "wan"}, + {Name: dc1.Datacenter}, // "dc1" LAN + {Name: dc2.Datacenter}, // "dc2" LAN + } + if ct.includeDC3 { + networks = append(networks, &topology.Network{Name: dc3.Datacenter}) + } // Build final configuration ct.Cfg = &topology.Config{ - Images: utils.TargetImages(), - Networks: []*topology.Network{ - {Name: dc1.Datacenter}, // "dc1" LAN - {Name: dc2.Datacenter}, // "dc2" LAN - {Name: dc3.Datacenter}, // "dc3" LAN - {Name: "wan", Type: "wan"}, - }, - Clusters: []*topology.Cluster{ - dc1, - dc2, - dc3, - }, + Images: utils.TargetImages(), + Networks: networks, + Clusters: clusters, Peerings: peerings, } return &ct @@ -122,14 +156,14 @@ func (ct *commonTopo) Launch(t *testing.T) { } ct.Sprawl = sprawltest.Launch(t, ct.Cfg) - ct.Assert = newAsserter(ct.Sprawl) + ct.Assert = topoutil.NewAsserter(ct.Sprawl) ct.postLaunchChecks(t) } // tests that use Relaunch might want to call this again afterwards func (ct *commonTopo) postLaunchChecks(t *testing.T) { t.Logf("TESTING RELATIONSHIPS: \n%s", - renderRelationships(computeRelationships(ct.Sprawl.Topology())), + topology.RenderRelationships(ct.Sprawl.Topology().ComputeRelationships()), ) // check that exports line up as expected @@ -144,10 +178,12 @@ func (ct *commonTopo) postLaunchChecks(t *testing.T) { for _, e := range clu.InitialConfigEntries { if e.GetKind() == api.ExportedServices { asExport := e.(*api.ExportedServicesConfigEntry) - // do we care about the partition? for _, svc := range asExport.Services { for _, con := range svc.Consumers { - // do we care about con.Partition? + // if Peer is unset, this is an export to another partition in the same DC, so we don't need to check it + if con.Peer == "" { + continue + } // TODO: surely there is code to normalize this partition := asExport.Partition if partition == "" { @@ -185,13 +221,16 @@ func (ct *commonTopo) postLaunchChecks(t *testing.T) { // PeerName is how you'd address a remote dc+partition locally // as your peer name. func LocalPeerName(clu *topology.Cluster, partition string) string { + if partition == "" { + partition = "default" + } return fmt.Sprintf("peer-%s-%s", clu.Datacenter, partition) } // TODO: move these to topology // TODO: alternatively, delete it: we only use it in one place, to bundle up args type serviceExt struct { - *topology.Service + *topology.Workload Exports []api.ServiceConsumer Config *api.ServiceConfigEntry @@ -206,7 +245,7 @@ func (ct *commonTopo) AddServiceNode(clu *topology.Cluster, svc serviceExt) *top ct.services[clusterName][svc.ID] = struct{}{} // TODO: inline - serviceHostnameString := func(dc string, id topology.ServiceID) string { + serviceHostnameString := func(dc string, id topology.ID) string { n := id.Name // prepend - and - if they are not default/empty // avoids hostname limit of 63 chars in most cases @@ -229,7 +268,7 @@ func (ct *commonTopo) AddServiceNode(clu *topology.Cluster, svc serviceExt) *top nodeKind := topology.NodeKindClient // TODO: bug in deployer somewhere; it should guard against a KindDataplane node with // DisableServiceMesh services on it; dataplane is only for service-mesh - if !svc.DisableServiceMesh && clu.Datacenter == agentlessDC { + if !svc.DisableServiceMesh && clu.Datacenter == ct.agentlessDC { nodeKind = topology.NodeKindDataplane } @@ -240,8 +279,8 @@ func (ct *commonTopo) AddServiceNode(clu *topology.Cluster, svc serviceExt) *top Addresses: []*topology.Address{ {Network: clu.Datacenter}, }, - Services: []*topology.Service{ - svc.Service, + Workloads: []*topology.Workload{ + svc.Workload, }, Cluster: clusterName, } @@ -288,8 +327,8 @@ func (ct *commonTopo) ExportService(clu *topology.Cluster, partition string, svc if !found { clu.InitialConfigEntries = append(clu.InitialConfigEntries, &api.ExportedServicesConfigEntry{ - Name: partition, // this NEEDs to be "default" in CE - Partition: ConfigEntryPartition(partition), + Name: topology.PartitionOrDefault(partition), // this NEEDs to be "default" in CE + Partition: topology.DefaultToEmpty(partition), Services: svcs, }, ) @@ -308,54 +347,32 @@ func (ct *commonTopo) ClusterByDatacenter(t *testing.T, name string) *topology.C return nil } -// Since CE config entries do not contain the partition field, -// this func converts default partition to empty string. +// Deprecated: topoutil.ConfigEntryPartition func ConfigEntryPartition(p string) string { - if p == "default" { - return "" // make this CE friendly - } - return p + return topoutil.ConfigEntryPartition(p) } -// disableNode is a no-op if the node is already disabled. +// DisableNode is a no-op if the node is already disabled. func DisableNode(t *testing.T, cfg *topology.Config, clusterName string, nid topology.NodeID) *topology.Config { - nodes := cfg.Cluster(clusterName).Nodes - var found bool - for _, n := range nodes { - if n.ID() == nid { - found = true - if n.Disabled { - return cfg - } - t.Logf("disabling node %s in cluster %s", nid.String(), clusterName) - n.Disabled = true - break - } + changed, err := cfg.DisableNode(clusterName, nid) + require.NoError(t, err) + if changed { + t.Logf("disabling node %s in cluster %s", nid.String(), clusterName) } - require.True(t, found, "expected to find nodeID %q in cluster %q", nid.String(), clusterName) return cfg } -// enableNode is a no-op if the node is already enabled. +// EnableNode is a no-op if the node is already enabled. func EnableNode(t *testing.T, cfg *topology.Config, clusterName string, nid topology.NodeID) *topology.Config { - nodes := cfg.Cluster(clusterName).Nodes - var found bool - for _, n := range nodes { - if n.ID() == nid { - found = true - if !n.Disabled { - return cfg - } - t.Logf("enabling node %s in cluster %s", nid.String(), clusterName) - n.Disabled = false - break - } + changed, err := cfg.EnableNode(clusterName, nid) + require.NoError(t, err) + if changed { + t.Logf("enabling node %s in cluster %s", nid.String(), clusterName) } - require.True(t, found, "expected to find nodeID %q in cluster %q", nid.String(), clusterName) return cfg } -func setupGlobals(clu *topology.Cluster) { +func (ct *commonTopo) setupGlobals(clu *topology.Cluster) { for _, part := range clu.Partitions { clu.InitialConfigEntries = append(clu.InitialConfigEntries, &api.ProxyConfigEntry{ @@ -369,43 +386,71 @@ func setupGlobals(clu *topology.Cluster) { Mode: api.MeshGatewayModeLocal, }, }, - &api.MeshConfigEntry{ - Peering: &api.PeeringMeshConfig{ - PeerThroughMeshGateways: true, - }, - }, ) + if ct.peerThroughMGW { + clu.InitialConfigEntries = append(clu.InitialConfigEntries, + &api.MeshConfigEntry{ + Peering: &api.PeeringMeshConfig{ + PeerThroughMeshGateways: true, + }, + }, + ) + } } } // addMeshGateways adds a mesh gateway for every partition in the cluster. // Assumes that the LAN network name is equal to datacenter name. -func addMeshGateways(c *topology.Cluster) { +func (ct *commonTopo) addMeshGateways(c *topology.Cluster) { nodeKind := topology.NodeKindClient - if c.Datacenter == agentlessDC { + if c.Datacenter == ct.agentlessDC { nodeKind = topology.NodeKindDataplane } for _, p := range c.Partitions { - c.Nodes = topology.MergeSlices(c.Nodes, newTopologyMeshGatewaySet( + sid, nodes := newTopologyMeshGatewaySet( nodeKind, p.Name, fmt.Sprintf("%s-%s-mgw", c.Name, p.Name), 1, []string{c.Datacenter, "wan"}, nil, - )) + ) + c.Nodes = topology.MergeSlices(c.Nodes, nodes) + // for services exported in the same cluster between partitions, we need + // to export the mesh gateway (but not for peering) + // https://github.com/hashicorp/consul/pull/19052 + consumers := []api.ServiceConsumer{} + for _, cp := range c.Partitions { + if cp.Name == p.Name { + continue + } + consumers = append(consumers, api.ServiceConsumer{ + Partition: cp.Name, + }) + } + if len(consumers) > 0 { + ct.ExportService(c, p.Name, api.ExportedService{ + Name: sid.Name, + Namespace: sid.Namespace, + Consumers: consumers, + }) + } } } -func clusterWithJustServers(name string, numServers int) *topology.Cluster { +func (ct *commonTopo) clusterWithJustServers(name string, numServers int) *topology.Cluster { + nets := []string{name} + if !ct.peerThroughMGW { + nets = append(nets, "wan") + } return &topology.Cluster{ Enterprise: utils.IsEnterprise(), Name: name, Datacenter: name, - Nodes: newTopologyServerSet( + Nodes: topoutil.NewTopologyServerSet( name+"-server", numServers, - []string{name}, + nets, nil, ), } @@ -458,31 +503,13 @@ func injectTenancies(clu *topology.Cluster) { } } -func newTopologyServerSet( - namePrefix string, - num int, - networks []string, - mutateFn func(i int, node *topology.Node), -) []*topology.Node { - var out []*topology.Node - for i := 1; i <= num; i++ { - name := namePrefix + strconv.Itoa(i) - - node := &topology.Node{ - Kind: topology.NodeKindServer, - Name: name, - } - for _, net := range networks { - node.Addresses = append(node.Addresses, &topology.Address{Network: net}) - } - - if mutateFn != nil { - mutateFn(i, node) - } - - out = append(out, node) - } - return out +// Deprecated: topoutil.NewFortioServiceWithDefaults +func NewFortioServiceWithDefaults( + cluster string, + sid topology.ID, + mut func(s *topology.Workload), +) *topology.Workload { + return topoutil.NewFortioServiceWithDefaults(cluster, sid, topology.NodeVersionV1, mut) } func newTopologyMeshGatewaySet( @@ -492,134 +519,8 @@ func newTopologyMeshGatewaySet( num int, networks []string, mutateFn func(i int, node *topology.Node), -) []*topology.Node { - var out []*topology.Node - for i := 1; i <= num; i++ { - name := namePrefix + strconv.Itoa(i) - - node := &topology.Node{ - Kind: nodeKind, - Partition: partition, - Name: name, - Services: []*topology.Service{{ - ID: topology.ServiceID{Name: "mesh-gateway"}, - Port: 8443, - EnvoyAdminPort: 19000, - IsMeshGateway: true, - }}, - } - for _, net := range networks { - node.Addresses = append(node.Addresses, &topology.Address{Network: net}) - } - - if mutateFn != nil { - mutateFn(i, node) - } - - out = append(out, node) - } - return out -} - -const HashicorpDockerProxy = "docker.mirror.hashicorp.services" - -func NewFortioServiceWithDefaults( - cluster string, - sid topology.ServiceID, - mut func(s *topology.Service), -) *topology.Service { - const ( - httpPort = 8080 - grpcPort = 8079 - adminPort = 19000 - ) - sid.Normalize() - - svc := &topology.Service{ - ID: sid, - Image: HashicorpDockerProxy + "/fortio/fortio", - Port: httpPort, - EnvoyAdminPort: adminPort, - CheckTCP: "127.0.0.1:" + strconv.Itoa(httpPort), - Env: []string{ - "FORTIO_NAME=" + cluster + "::" + sid.String(), - }, - Command: []string{ - "server", - "-http-port", strconv.Itoa(httpPort), - "-grpc-port", strconv.Itoa(grpcPort), - "-redirect-port", "-disabled", - }, - } - if mut != nil { - mut(svc) - } - return svc -} - -// computeRelationships will analyze a full topology and generate all of the -// downstream/upstream information for all of them. -func computeRelationships(topo *topology.Topology) []Relationship { - var out []Relationship - for _, cluster := range topo.Clusters { - for _, n := range cluster.Nodes { - for _, s := range n.Services { - for _, u := range s.Upstreams { - out = append(out, Relationship{ - Caller: s, - Upstream: u, - }) - } - } - } - } - return out -} - -// renderRelationships will take the output of ComputeRelationships and display -// it in tabular form. -func renderRelationships(ships []Relationship) string { - var buf bytes.Buffer - w := tabwriter.NewWriter(&buf, 0, 0, 3, ' ', tabwriter.Debug) - fmt.Fprintf(w, "DOWN\tnode\tservice\tport\tUP\tservice\t\n") - for _, r := range ships { - fmt.Fprintf(w, - "%s\t%s\t%s\t%d\t%s\t%s\t\n", - r.downCluster(), - r.Caller.Node.ID().String(), - r.Caller.ID.String(), - r.Upstream.LocalPort, - r.upCluster(), - r.Upstream.ID.String(), - ) - } - fmt.Fprintf(w, "\t\t\t\t\t\t\n") - - w.Flush() - return buf.String() -} - -type Relationship struct { - Caller *topology.Service - Upstream *topology.Upstream -} - -func (r Relationship) String() string { - return fmt.Sprintf( - "%s on %s in %s via :%d => %s in %s", - r.Caller.ID.String(), - r.Caller.Node.ID().String(), - r.downCluster(), - r.Upstream.LocalPort, - r.Upstream.ID.String(), - r.upCluster(), - ) -} - -func (r Relationship) downCluster() string { - return r.Caller.Node.Cluster -} - -func (r Relationship) upCluster() string { - return r.Upstream.Cluster +) (topology.ID, []*topology.Node) { + nodes := topoutil.NewTopologyMeshGatewaySet(nodeKind, partition, namePrefix, num, networks, mutateFn) + sid := nodes[0].Workloads[0].ID + return sid, nodes } diff --git a/test-integ/peering_commontopo/asserter.go b/test-integ/topoutil/asserter.go similarity index 64% rename from test-integ/peering_commontopo/asserter.go rename to test-integ/topoutil/asserter.go index b5aa71ebae45..1cc7243dc3ca 100644 --- a/test-integ/peering_commontopo/asserter.go +++ b/test-integ/topoutil/asserter.go @@ -1,7 +1,7 @@ // Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: BUSL-1.1 -package peering +package topoutil import ( "fmt" @@ -12,53 +12,53 @@ import ( "testing" "time" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - - "github.com/hashicorp/consul/testing/deployer/topology" - "github.com/hashicorp/consul/api" + "github.com/hashicorp/consul/proto-public/pbresource" "github.com/hashicorp/consul/sdk/testutil/retry" libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert" "github.com/hashicorp/consul/test/integration/consul-container/libs/utils" + "github.com/hashicorp/consul/testing/deployer/topology" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) -// asserter is a utility to help in reducing boilerplate in invoking test +// Asserter is a utility to help in reducing boilerplate in invoking test // assertions against consul-topology Sprawl components. // // The methods should largely take in *topology.Service instances in lieu of // ip/ports if there is only one port that makes sense for the assertion (such // as use of the envoy admin port 19000). // -// If it's up to the test (like picking an upstream) leave port as an argument +// If it's up to the test (like picking a destination) leave port as an argument // but still take the service and use that to grab the local ip from the // topology.Node. -type asserter struct { - sp sprawlLite +type Asserter struct { + sp SprawlLite } // *sprawl.Sprawl satisfies this. We don't need anything else. -type sprawlLite interface { +type SprawlLite interface { HTTPClientForCluster(clusterName string) (*http.Client, error) APIClientForNode(clusterName string, nid topology.NodeID, token string) (*api.Client, error) APIClientForCluster(clusterName string, token string) (*api.Client, error) + ResourceServiceClientForCluster(clusterName string) pbresource.ResourceServiceClient Topology() *topology.Topology } -// newAsserter creates a new assertion helper for the provided sprawl. -func newAsserter(sp sprawlLite) *asserter { - return &asserter{ +// NewAsserter creates a new assertion helper for the provided sprawl. +func NewAsserter(sp SprawlLite) *Asserter { + return &Asserter{ sp: sp, } } -func (a *asserter) mustGetHTTPClient(t *testing.T, cluster string) *http.Client { +func (a *Asserter) mustGetHTTPClient(t *testing.T, cluster string) *http.Client { client, err := a.httpClientFor(cluster) require.NoError(t, err) return client } -func (a *asserter) mustGetAPIClient(t *testing.T, cluster string) *api.Client { +func (a *Asserter) mustGetAPIClient(t *testing.T, cluster string) *api.Client { clu := a.sp.Topology().Clusters[cluster] cl, err := a.sp.APIClientForCluster(clu.Name, "") require.NoError(t, err) @@ -70,7 +70,7 @@ func (a *asserter) mustGetAPIClient(t *testing.T, cluster string) *api.Client { // // Use this in methods below to magically pick the right proxied http client // given the home of each node being checked. -func (a *asserter) httpClientFor(cluster string) (*http.Client, error) { +func (a *Asserter) httpClientFor(cluster string) (*http.Client, error) { client, err := a.sp.HTTPClientForCluster(cluster) if err != nil { return nil, err @@ -78,22 +78,22 @@ func (a *asserter) httpClientFor(cluster string) (*http.Client, error) { return client, nil } -// UpstreamEndpointStatus validates that proxy was configured with provided clusterName in the healthStatus +// DestinationEndpointStatus validates that proxy was configured with provided clusterName in the healthStatus // // Exposes libassert.UpstreamEndpointStatus for use against a Sprawl. // // NOTE: this doesn't take a port b/c you always want to use the envoy admin port. -func (a *asserter) UpstreamEndpointStatus( +func (a *Asserter) DestinationEndpointStatus( t *testing.T, - service *topology.Service, + workload *topology.Workload, clusterName string, healthStatus string, count int, ) { t.Helper() - node := service.Node + node := workload.Node ip := node.LocalAddress() - port := service.EnvoyAdminPort + port := workload.EnvoyAdminPort addr := fmt.Sprintf("%s:%d", ip, port) client := a.mustGetHTTPClient(t, node.Cluster) @@ -106,17 +106,17 @@ func (a *asserter) UpstreamEndpointStatus( // // Exposes libassert.HTTPServiceEchoes for use against a Sprawl. // -// NOTE: this takes a port b/c you may want to reach this via your choice of upstream. -func (a *asserter) HTTPServiceEchoes( +// NOTE: this takes a port b/c you may want to reach this via your choice of destination. +func (a *Asserter) HTTPServiceEchoes( t *testing.T, - service *topology.Service, + workload *topology.Workload, port int, path string, ) { t.Helper() require.True(t, port > 0) - node := service.Node + node := workload.Node ip := node.LocalAddress() addr := fmt.Sprintf("%s:%d", ip, port) @@ -130,10 +130,10 @@ func (a *asserter) HTTPServiceEchoes( // // Exposes libassert.HTTPServiceEchoes for use against a Sprawl. // -// NOTE: this takes a port b/c you may want to reach this via your choice of upstream. -func (a *asserter) HTTPServiceEchoesResHeader( +// NOTE: this takes a port b/c you may want to reach this via your choice of destination. +func (a *Asserter) HTTPServiceEchoesResHeader( t *testing.T, - service *topology.Service, + workload *topology.Workload, port int, path string, expectedResHeader map[string]string, @@ -141,7 +141,7 @@ func (a *asserter) HTTPServiceEchoesResHeader( t.Helper() require.True(t, port > 0) - node := service.Node + node := workload.Node ip := node.LocalAddress() addr := fmt.Sprintf("%s:%d", ip, port) @@ -149,16 +149,16 @@ func (a *asserter) HTTPServiceEchoesResHeader( libassert.HTTPServiceEchoesResHeaderWithClient(t, client, addr, path, expectedResHeader) } -func (a *asserter) HTTPStatus( +func (a *Asserter) HTTPStatus( t *testing.T, - service *topology.Service, + workload *topology.Workload, port int, status int, ) { t.Helper() require.True(t, port > 0) - node := service.Node + node := workload.Node ip := node.LocalAddress() addr := fmt.Sprintf("%s:%d", ip, port) @@ -179,7 +179,7 @@ func (a *asserter) HTTPStatus( } // asserts that the service sid in cluster and exported by peer localPeerName is passing health checks, -func (a *asserter) HealthyWithPeer(t *testing.T, cluster string, sid topology.ServiceID, peerName string) { +func (a *Asserter) HealthyWithPeer(t *testing.T, cluster string, sid topology.ID, peerName string) { t.Helper() cl := a.mustGetAPIClient(t, cluster) retry.RunWith(&retry.Timer{Timeout: time.Minute * 1, Wait: time.Millisecond * 500}, t, func(r *retry.R) { @@ -198,86 +198,105 @@ func (a *asserter) HealthyWithPeer(t *testing.T, cluster string, sid topology.Se }) } -func (a *asserter) UpstreamEndpointHealthy(t *testing.T, svc *topology.Service, upstream *topology.Upstream) { - t.Helper() - node := svc.Node - ip := node.LocalAddress() - port := svc.EnvoyAdminPort - addr := fmt.Sprintf("%s:%d", ip, port) - - client := a.mustGetHTTPClient(t, node.Cluster) - libassert.AssertUpstreamEndpointStatusWithClient(t, - client, - addr, - // TODO: what is default? namespace? partition? - fmt.Sprintf("%s.default.%s.external", upstream.ID.Name, upstream.Peer), - "HEALTHY", - 1, - ) +type testingT interface { + require.TestingT + Helper() } -// does a fortio /fetch2 to the given fortio service, targetting the given upstream. Returns +// does a fortio /fetch2 to the given fortio service, targetting the given destination. Returns // the body, and response with response.Body already Closed. // // We treat 400, 503, and 504s as retryable errors -func (a *asserter) fortioFetch2Upstream(t *testing.T, fortioSvc *topology.Service, upstream *topology.Upstream, path string) (body []byte, res *http.Response) { +func (a *Asserter) fortioFetch2Destination( + t testingT, + client *http.Client, + addr string, + dest *topology.Destination, + path string, +) (body []byte, res *http.Response) { t.Helper() - // TODO: fortioSvc.ID.Normalize()? or should that be up to the caller? - - node := fortioSvc.Node - client := a.mustGetHTTPClient(t, node.Cluster) - urlbase := fmt.Sprintf("%s:%d", node.LocalAddress(), fortioSvc.Port) + var actualURL string + if dest.Implied { + actualURL = fmt.Sprintf("http://%s--%s--%s.virtual.consul:%d/%s", + dest.ID.Name, + dest.ID.Namespace, + dest.ID.Partition, + dest.VirtualPort, + path, + ) + } else { + actualURL = fmt.Sprintf("http://localhost:%d/%s", dest.LocalPort, path) + } - url := fmt.Sprintf("http://%s/fortio/fetch2?url=%s", urlbase, - url.QueryEscape(fmt.Sprintf("http://localhost:%d/%s", upstream.LocalPort, path)), + url := fmt.Sprintf("http://%s/fortio/fetch2?url=%s", addr, + url.QueryEscape(actualURL), ) req, err := http.NewRequest(http.MethodPost, url, nil) require.NoError(t, err) - retry.RunWith(&retry.Timer{Timeout: 60 * time.Second, Wait: time.Millisecond * 500}, t, func(r *retry.R) { - res, err = client.Do(req) - require.NoError(r, err) - defer res.Body.Close() - // not sure when these happen, suspect it's when the mesh gateway in the peer is not yet ready - require.NotEqual(r, http.StatusServiceUnavailable, res.StatusCode) - require.NotEqual(r, http.StatusGatewayTimeout, res.StatusCode) - // not sure when this happens, suspect it's when envoy hasn't configured the local upstream yet - require.NotEqual(r, http.StatusBadRequest, res.StatusCode) - body, err = io.ReadAll(res.Body) - require.NoError(r, err) - }) + + res, err = client.Do(req) + require.NoError(t, err) + defer res.Body.Close() + + // not sure when these happen, suspect it's when the mesh gateway in the peer is not yet ready + require.NotEqual(t, http.StatusServiceUnavailable, res.StatusCode) + require.NotEqual(t, http.StatusGatewayTimeout, res.StatusCode) + // not sure when this happens, suspect it's when envoy hasn't configured the local destination yet + require.NotEqual(t, http.StatusBadRequest, res.StatusCode) + body, err = io.ReadAll(res.Body) + require.NoError(t, err) return body, res } // uses the /fortio/fetch2 endpoint to do a header echo check against an -// upstream fortio -func (a *asserter) FortioFetch2HeaderEcho(t *testing.T, fortioSvc *topology.Service, upstream *topology.Upstream) { +// destination fortio +func (a *Asserter) FortioFetch2HeaderEcho(t *testing.T, fortioWrk *topology.Workload, dest *topology.Destination) { const kPassphrase = "x-passphrase" const passphrase = "hello" path := (fmt.Sprintf("/?header=%s:%s", kPassphrase, passphrase)) + var ( + node = fortioWrk.Node + addr = fmt.Sprintf("%s:%d", node.LocalAddress(), fortioWrk.PortOrDefault(dest.PortName)) + client = a.mustGetHTTPClient(t, node.Cluster) + ) + retry.RunWith(&retry.Timer{Timeout: 60 * time.Second, Wait: time.Millisecond * 500}, t, func(r *retry.R) { - _, res := a.fortioFetch2Upstream(t, fortioSvc, upstream, path) - require.Equal(t, http.StatusOK, res.StatusCode) + _, res := a.fortioFetch2Destination(r, client, addr, dest, path) + require.Equal(r, http.StatusOK, res.StatusCode) v := res.Header.Get(kPassphrase) - require.Equal(t, passphrase, v) + require.Equal(r, passphrase, v) }) } // similar to libassert.AssertFortioName, -// uses the /fortio/fetch2 endpoint to hit the debug endpoint on the upstream, +// uses the /fortio/fetch2 endpoint to hit the debug endpoint on the destination, // and assert that the FORTIO_NAME == name -func (a *asserter) FortioFetch2FortioName(t *testing.T, fortioSvc *topology.Service, upstream *topology.Upstream, clusterName string, sid topology.ServiceID) { +func (a *Asserter) FortioFetch2FortioName( + t *testing.T, + fortioWrk *topology.Workload, + dest *topology.Destination, + clusterName string, + sid topology.ID, +) { t.Helper() + var ( + node = fortioWrk.Node + addr = fmt.Sprintf("%s:%d", node.LocalAddress(), fortioWrk.PortOrDefault(dest.PortName)) + client = a.mustGetHTTPClient(t, node.Cluster) + ) + var fortioNameRE = regexp.MustCompile(("\nFORTIO_NAME=(.+)\n")) path := "/debug?env=dump" retry.RunWith(&retry.Timer{Timeout: 60 * time.Second, Wait: time.Millisecond * 500}, t, func(r *retry.R) { - body, res := a.fortioFetch2Upstream(t, fortioSvc, upstream, path) - require.Equal(t, http.StatusOK, res.StatusCode) + body, res := a.fortioFetch2Destination(r, client, addr, dest, path) + + require.Equal(r, http.StatusOK, res.StatusCode) // TODO: not sure we should retry these? m := fortioNameRE.FindStringSubmatch(string(body)) @@ -289,7 +308,7 @@ func (a *asserter) FortioFetch2FortioName(t *testing.T, fortioSvc *topology.Serv // CatalogServiceExists is the same as libassert.CatalogServiceExists, except that it uses // a proxied API client -func (a *asserter) CatalogServiceExists(t *testing.T, cluster string, svc string, opts *api.QueryOptions) { +func (a *Asserter) CatalogServiceExists(t *testing.T, cluster string, svc string, opts *api.QueryOptions) { t.Helper() cl := a.mustGetAPIClient(t, cluster) libassert.CatalogServiceExists(t, cl, svc, opts) diff --git a/test-integ/topoutil/asserter_blankspace.go b/test-integ/topoutil/asserter_blankspace.go new file mode 100644 index 000000000000..ca41e2f32d24 --- /dev/null +++ b/test-integ/topoutil/asserter_blankspace.go @@ -0,0 +1,303 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package topoutil + +import ( + "context" + "fmt" + "testing" + "time" + + "github.com/hashicorp/consul/sdk/testutil/retry" + "github.com/hashicorp/consul/testing/deployer/topology" + "github.com/stretchr/testify/require" +) + +// CheckBlankspaceNameViaHTTP calls a copy of blankspace and asserts it arrived +// on the correct instance using HTTP1 or HTTP2. +func (a *Asserter) CheckBlankspaceNameViaHTTP( + t *testing.T, + workload *topology.Workload, + dest *topology.Destination, + useHTTP2 bool, + path string, + clusterName string, + sid topology.ID, +) { + t.Helper() + + a.checkBlankspaceNameViaHTTPWithCallback(t, workload, dest, useHTTP2, path, 1, func(_ *retry.R) {}, func(r *retry.R, remoteName string) { + require.Equal(r, fmt.Sprintf("%s::%s", clusterName, sid.String()), remoteName) + }, func(r *retry.R) {}) +} + +// CheckBlankspaceNameTrafficSplitViaHTTP is like CheckBlankspaceNameViaHTTP +// but it is verifying a relative traffic split. +func (a *Asserter) CheckBlankspaceNameTrafficSplitViaHTTP( + t *testing.T, + workload *topology.Workload, + dest *topology.Destination, + useHTTP2 bool, + path string, + expect map[string]int, +) { + t.Helper() + + got := make(map[string]int) + a.checkBlankspaceNameViaHTTPWithCallback(t, workload, dest, useHTTP2, path, 100, func(_ *retry.R) { + got = make(map[string]int) + }, func(_ *retry.R, name string) { + got[name]++ + }, func(r *retry.R) { + assertTrafficSplitFor100Requests(r, got, expect) + }) +} + +func (a *Asserter) checkBlankspaceNameViaHTTPWithCallback( + t *testing.T, + workload *topology.Workload, + dest *topology.Destination, + useHTTP2 bool, + path string, + count int, + resetFn func(r *retry.R), + attemptFn func(r *retry.R, remoteName string), + checkFn func(r *retry.R), +) { + t.Helper() + + var ( + node = workload.Node + internalPort = workload.PortOrDefault(dest.PortName) + addr = fmt.Sprintf("%s:%d", node.LocalAddress(), internalPort) + client = a.mustGetHTTPClient(t, node.Cluster) + ) + + if useHTTP2 { + // We can't use the forward proxy for http2, so use the exposed port on localhost instead. + exposedPort := node.ExposedPort(internalPort) + require.True(t, exposedPort > 0) + + addr = fmt.Sprintf("%s:%d", "127.0.0.1", exposedPort) + + // This will clear the proxy field on the transport. + client = EnableHTTP2(client) + } + + var actualURL string + if dest.Implied { + actualURL = fmt.Sprintf("http://%s--%s--%s.virtual.consul:%d/%s", + dest.ID.Name, + dest.ID.Namespace, + dest.ID.Partition, + dest.VirtualPort, + path, + ) + } else { + actualURL = fmt.Sprintf("http://localhost:%d/%s", dest.LocalPort, path) + } + + multiassert(t, count, resetFn, func(r *retry.R) { + name, err := GetBlankspaceNameViaHTTP(context.Background(), client, addr, actualURL) + require.NoError(r, err) + attemptFn(r, name) + }, func(r *retry.R) { + checkFn(r) + }) +} + +// CheckBlankspaceNameViaTCP calls a copy of blankspace and asserts it arrived +// on the correct instance using plain tcp sockets. +func (a *Asserter) CheckBlankspaceNameViaTCP( + t *testing.T, + workload *topology.Workload, + dest *topology.Destination, + clusterName string, + sid topology.ID, +) { + t.Helper() + + a.checkBlankspaceNameViaTCPWithCallback(t, workload, dest, 1, func(_ *retry.R) {}, func(r *retry.R, remoteName string) { + require.Equal(r, fmt.Sprintf("%s::%s", clusterName, sid.String()), remoteName) + }, func(r *retry.R) {}) +} + +// CheckBlankspaceNameTrafficSplitViaTCP is like CheckBlankspaceNameViaTCP +// but it is verifying a relative traffic split. +func (a *Asserter) CheckBlankspaceNameTrafficSplitViaTCP( + t *testing.T, + workload *topology.Workload, + dest *topology.Destination, + expect map[string]int, +) { + t.Helper() + + got := make(map[string]int) + a.checkBlankspaceNameViaTCPWithCallback(t, workload, dest, 100, func(_ *retry.R) { + got = make(map[string]int) + }, func(_ *retry.R, name string) { + got[name]++ + }, func(r *retry.R) { + assertTrafficSplitFor100Requests(r, got, expect) + }) +} + +func (a *Asserter) checkBlankspaceNameViaTCPWithCallback( + t *testing.T, + workload *topology.Workload, + dest *topology.Destination, + count int, + resetFn func(r *retry.R), + attemptFn func(r *retry.R, remoteName string), + checkFn func(r *retry.R), +) { + t.Helper() + + require.False(t, dest.Implied, "helper does not support tproxy yet") + port := dest.LocalPort + require.True(t, port > 0) + + node := workload.Node + + // We can't use the forward proxy for TCP yet, so use the exposed port on localhost instead. + exposedPort := node.ExposedPort(port) + require.True(t, exposedPort > 0) + + addr := fmt.Sprintf("%s:%d", "127.0.0.1", exposedPort) + + multiassert(t, count, resetFn, func(r *retry.R) { + name, err := GetBlankspaceNameViaTCP(context.Background(), addr) + require.NoError(r, err) + attemptFn(r, name) + }, func(r *retry.R) { + checkFn(r) + }) +} + +// CheckBlankspaceNameViaGRPC calls a copy of blankspace and asserts it arrived +// on the correct instance using gRPC. +func (a *Asserter) CheckBlankspaceNameViaGRPC( + t *testing.T, + workload *topology.Workload, + dest *topology.Destination, + clusterName string, + sid topology.ID, +) { + t.Helper() + + a.checkBlankspaceNameViaGRPCWithCallback(t, workload, dest, 1, func(_ *retry.R) {}, func(r *retry.R, remoteName string) { + require.Equal(r, fmt.Sprintf("%s::%s", clusterName, sid.String()), remoteName) + }, func(_ *retry.R) {}) +} + +// CheckBlankspaceNameTrafficSplitViaGRPC is like CheckBlankspaceNameViaGRPC +// but it is verifying a relative traffic split. +func (a *Asserter) CheckBlankspaceNameTrafficSplitViaGRPC( + t *testing.T, + workload *topology.Workload, + dest *topology.Destination, + expect map[string]int, +) { + t.Helper() + + got := make(map[string]int) + a.checkBlankspaceNameViaGRPCWithCallback(t, workload, dest, 100, func(_ *retry.R) { + got = make(map[string]int) + }, func(_ *retry.R, name string) { + got[name]++ + }, func(r *retry.R) { + assertTrafficSplitFor100Requests(r, got, expect) + }) +} + +func (a *Asserter) checkBlankspaceNameViaGRPCWithCallback( + t *testing.T, + workload *topology.Workload, + dest *topology.Destination, + count int, + resetFn func(r *retry.R), + attemptFn func(r *retry.R, remoteName string), + checkFn func(r *retry.R), +) { + t.Helper() + + require.False(t, dest.Implied, "helper does not support tproxy yet") + port := dest.LocalPort + require.True(t, port > 0) + + node := workload.Node + + // We can't use the forward proxy for gRPC yet, so use the exposed port on localhost instead. + exposedPort := node.ExposedPort(port) + require.True(t, exposedPort > 0) + + addr := fmt.Sprintf("%s:%d", "127.0.0.1", exposedPort) + + multiassert(t, count, resetFn, func(r *retry.R) { + name, err := GetBlankspaceNameViaGRPC(context.Background(), addr) + require.NoError(r, err) + attemptFn(r, name) + }, func(r *retry.R) { + checkFn(r) + }) +} + +// assertTrafficSplitFor100Requests compares the counts of 100 requests that +// did reach an observed set of destinations (nameCounts) against the expected +// counts of those same services is the same within a fixed difference of 2. +func assertTrafficSplitFor100Requests(t require.TestingT, nameCounts map[string]int, expect map[string]int) { + const ( + numRequests = 100 + allowedDelta = 2 + ) + require.Equal(t, numRequests, sumMapValues(nameCounts), "measured traffic was not %d requests", numRequests) + require.Equal(t, numRequests, sumMapValues(expect), "expected traffic was not %d requests", numRequests) + assertTrafficSplit(t, nameCounts, expect, allowedDelta) +} + +func sumMapValues(m map[string]int) int { + sum := 0 + for _, v := range m { + sum += v + } + return sum +} + +// assertTrafficSplit compares the counts of requests that did reach an +// observed set of destinations (nameCounts) against the expected counts of +// those same services is the same within the provided allowedDelta value. +// +// When doing random traffic splits it'll never be perfect so we need the +// wiggle room to avoid having a flaky test. +func assertTrafficSplit(t require.TestingT, nameCounts map[string]int, expect map[string]int, allowedDelta int) { + require.Len(t, nameCounts, len(expect)) + for name, expectCount := range expect { + gotCount, ok := nameCounts[name] + require.True(t, ok) + if len(expect) == 1 { + require.Equal(t, expectCount, gotCount) + } else { + require.InDelta(t, expectCount, gotCount, float64(allowedDelta), + "expected %q side of split to have %d requests not %d (e=%d)", + name, expectCount, gotCount, allowedDelta, + ) + } + } +} + +// multiassert will retry in bulk calling attemptFn count times and following +// that with one last call to checkFn. +// +// It's primary use at the time it was written was to execute a set of requests +// repeatedly to witness where the requests went, and then at the end doing a +// verification of traffic splits (a bit like MAP/REDUCE). +func multiassert(t *testing.T, count int, resetFn, attemptFn, checkFn func(r *retry.R)) { + retry.RunWith(&retry.Timer{Timeout: 30 * time.Second, Wait: 500 * time.Millisecond}, t, func(r *retry.R) { + resetFn(r) + for i := 0; i < count; i++ { + attemptFn(r) + } + checkFn(r) + }) +} diff --git a/test-integ/topoutil/blankspace.go b/test-integ/topoutil/blankspace.go new file mode 100644 index 000000000000..000853b94278 --- /dev/null +++ b/test-integ/topoutil/blankspace.go @@ -0,0 +1,124 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package topoutil + +import ( + "bufio" + "context" + "encoding/json" + "fmt" + "io" + "net" + "net/http" + "net/url" + "strings" + "time" + + "github.com/rboyer/blankspace/blankpb" + "golang.org/x/net/http2" + "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" +) + +// GetBlankspaceNameViaHTTP calls a copy of blankspace once via HTTP and +// retrieves the self-identified name of the instance. +func GetBlankspaceNameViaHTTP( + ctx context.Context, + client *http.Client, + serverAddr string, + actualURL string, +) (string, error) { + url := fmt.Sprintf("http://%s/fetch?url=%s", serverAddr, + url.QueryEscape(actualURL), + ) + + req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil) + if err != nil { + return "", err + } + + res, err := client.Do(req) + if err != nil { + return "", err + } + defer res.Body.Close() + + if res.StatusCode != http.StatusOK { + return "", fmt.Errorf("status code is not 200: %d", res.StatusCode) + } + + body, err := io.ReadAll(res.Body) + if err != nil { + return "", err + } + + var v struct { + Name string + } + if err := json.Unmarshal(body, &v); err != nil { + return "", err + } + + if _, useHTTP2 := client.Transport.(*http2.Transport); useHTTP2 { + if res.ProtoMajor < 2 { + return "", fmt.Errorf("should be using http > 1.x not %d", res.ProtoMajor) + } + } + + return v.Name, nil +} + +// GetBlankspaceNameViaGRPC calls a copy of blankspace once via gRPC and +// retrieves the self-identified name of the instance. +func GetBlankspaceNameViaGRPC(ctx context.Context, serverAddr string) (string, error) { + ctx, cancel := context.WithTimeout(ctx, 1*time.Second) + defer cancel() + + conn, err := grpc.DialContext(ctx, serverAddr, grpc.WithTransportCredentials(insecure.NewCredentials())) + if err != nil { + return "", err + } + defer conn.Close() + + client := blankpb.NewServerClient(conn) + + resp, err := client.Describe(ctx, &blankpb.DescribeRequest{}) + if err != nil { + return "", fmt.Errorf("grpc error from Describe: %w", err) + } + + return resp.GetName(), nil +} + +// GetBlankspaceNameViaTCP calls a copy of blankspace once via tcp and +// retrieves the self-identified name of the instance. +func GetBlankspaceNameViaTCP(ctx context.Context, serverAddr string) (string, error) { + ctx, cancel := context.WithTimeout(ctx, 1*time.Second) + defer cancel() + + d := net.Dialer{ + Timeout: 5 * time.Second, + KeepAlive: 250 * time.Millisecond, + } + + conn, err := d.DialContext(ctx, "tcp", serverAddr) + if err != nil { + return "", fmt.Errorf("tcp error dialing: %w", err) + } + defer conn.Close() + + if _, err := conn.Write([]byte("describe\n")); err != nil { + return "", fmt.Errorf("error sending tcp request: %w", err) + } + + scan := bufio.NewScanner(conn) + + if !scan.Scan() { + return "", fmt.Errorf("server did not reply") + } + + name := strings.TrimSpace(scan.Text()) + + return name, nil +} diff --git a/test-integ/topoutil/fixtures.go b/test-integ/topoutil/fixtures.go new file mode 100644 index 000000000000..bc905392b9b8 --- /dev/null +++ b/test-integ/topoutil/fixtures.go @@ -0,0 +1,181 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package topoutil + +import ( + "fmt" + "strconv" + + "github.com/hashicorp/consul/testing/deployer/topology" +) + +const HashicorpDockerProxy = "docker.mirror.hashicorp.services" + +func NewFortioWorkloadWithDefaults( + cluster string, + sid topology.ID, + nodeVersion topology.NodeVersion, + mut func(*topology.Workload), +) *topology.Workload { + const ( + httpPort = 8080 + grpcPort = 8079 + tcpPort = 8078 + adminPort = 19000 + ) + sid.Normalize() + + wrk := &topology.Workload{ + ID: sid, + Image: HashicorpDockerProxy + "/fortio/fortio", + EnvoyAdminPort: adminPort, + CheckTCP: "127.0.0.1:" + strconv.Itoa(httpPort), + Env: []string{ + "FORTIO_NAME=" + cluster + "::" + sid.String(), + }, + Command: []string{ + "server", + "-http-port", strconv.Itoa(httpPort), + "-grpc-port", strconv.Itoa(grpcPort), + "-tcp-port", strconv.Itoa(tcpPort), + "-redirect-port", "-disabled", + }, + } + + if nodeVersion == topology.NodeVersionV2 { + wrk.Ports = map[string]*topology.Port{ + "http": {Number: httpPort, Protocol: "http"}, + "http2": {Number: httpPort, Protocol: "http2"}, + "grpc": {Number: grpcPort, Protocol: "grpc"}, + "tcp": {Number: tcpPort, Protocol: "tcp"}, + } + } else { + wrk.Port = httpPort + } + + if mut != nil { + mut(wrk) + } + return wrk +} + +func NewBlankspaceWorkloadWithDefaults( + cluster string, + sid topology.ID, + nodeVersion topology.NodeVersion, + mut func(*topology.Workload), +) *topology.Workload { + const ( + httpPort = 8080 + grpcPort = 8079 + tcpPort = 8078 + adminPort = 19000 + ) + sid.Normalize() + + wrk := &topology.Workload{ + ID: sid, + Image: HashicorpDockerProxy + "/rboyer/blankspace", + EnvoyAdminPort: adminPort, + CheckTCP: "127.0.0.1:" + strconv.Itoa(httpPort), + Command: []string{ + "-name", cluster + "::" + sid.String(), + "-http-addr", fmt.Sprintf(":%d", httpPort), + "-grpc-addr", fmt.Sprintf(":%d", grpcPort), + "-tcp-addr", fmt.Sprintf(":%d", tcpPort), + }, + } + + if nodeVersion == topology.NodeVersionV2 { + wrk.Ports = map[string]*topology.Port{ + "http": {Number: httpPort, Protocol: "http"}, + "http2": {Number: httpPort, Protocol: "http2"}, + "grpc": {Number: grpcPort, Protocol: "grpc"}, + "tcp": {Number: tcpPort, Protocol: "tcp"}, + } + } else { + wrk.Port = httpPort + } + + if mut != nil { + mut(wrk) + } + return wrk +} + +func NewTopologyServerSet( + namePrefix string, + num int, + networks []string, + mutateFn func(i int, node *topology.Node), +) []*topology.Node { + var out []*topology.Node + for i := 1; i <= num; i++ { + name := namePrefix + strconv.Itoa(i) + + node := &topology.Node{ + Kind: topology.NodeKindServer, + Name: name, + } + for _, net := range networks { + node.Addresses = append(node.Addresses, &topology.Address{Network: net}) + } + + if mutateFn != nil { + mutateFn(i, node) + } + + out = append(out, node) + } + return out +} + +func NewTopologyMeshGatewaySet( + nodeKind topology.NodeKind, + partition string, + namePrefix string, + num int, + networks []string, + mutateFn func(i int, node *topology.Node), +) []*topology.Node { + var out []*topology.Node + sid := topology.ID{ + Name: "mesh-gateway", + Partition: topology.DefaultToEmpty(partition), + } + for i := 1; i <= num; i++ { + name := namePrefix + strconv.Itoa(i) + + node := &topology.Node{ + Kind: nodeKind, + Partition: sid.Partition, + Name: name, + Workloads: []*topology.Workload{{ + ID: sid, + Port: 8443, + EnvoyAdminPort: 19000, + IsMeshGateway: true, + }}, + } + for _, net := range networks { + node.Addresses = append(node.Addresses, &topology.Address{Network: net}) + } + + if mutateFn != nil { + mutateFn(i, node) + } + + out = append(out, node) + } + return out +} + +// Since CE config entries do not contain the partition field, +// this func converts default partition to empty string. +func ConfigEntryPartition(p string) string { + if p == "default" { + return "" // make this CE friendly + } + return p +} diff --git a/test-integ/topoutil/http2.go b/test-integ/topoutil/http2.go new file mode 100644 index 000000000000..148074e5638f --- /dev/null +++ b/test-integ/topoutil/http2.go @@ -0,0 +1,32 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package topoutil + +import ( + "context" + "crypto/tls" + "net" + "net/http" + + "golang.org/x/net/http2" +) + +// EnableHTTP2 returns a new shallow copy of client that has been tweaked to do +// h2c (cleartext http2). +// +// Note that this clears the Client.Transport.Proxy trick because http2 and +// http proxies are incompatible currently in Go. +func EnableHTTP2(client *http.Client) *http.Client { + // Shallow copy, and swap the transport + client2 := *client + client = &client2 + client.Transport = &http2.Transport{ + AllowHTTP: true, + DialTLSContext: func(ctx context.Context, network, addr string, _ *tls.Config) (net.Conn, error) { + var d net.Dialer + return d.DialContext(ctx, network, addr) + }, + } + return client +} diff --git a/test-integ/topoutil/naming_shim.go b/test-integ/topoutil/naming_shim.go new file mode 100644 index 000000000000..40355992a337 --- /dev/null +++ b/test-integ/topoutil/naming_shim.go @@ -0,0 +1,41 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package topoutil + +import ( + "testing" + + "github.com/hashicorp/consul/testing/deployer/topology" +) + +// Deprecated: DestinationEndpointStatus +func (a *Asserter) UpstreamEndpointStatus( + t *testing.T, + workload *topology.Workload, + clusterName string, + healthStatus string, + count int, +) { + a.DestinationEndpointStatus(t, workload, clusterName, healthStatus, count) +} + +// Deprecated: NewFortioWorkloadWithDefaults +func NewFortioServiceWithDefaults( + cluster string, + sid topology.ID, + nodeVersion topology.NodeVersion, + mut func(*topology.Workload), +) *topology.Workload { + return NewFortioWorkloadWithDefaults(cluster, sid, nodeVersion, mut) +} + +// Deprecated: NewBlankspaceWorkloadWithDefaults +func NewBlankspaceServiceWithDefaults( + cluster string, + sid topology.ID, + nodeVersion topology.NodeVersion, + mut func(*topology.Workload), +) *topology.Workload { + return NewBlankspaceWorkloadWithDefaults(cluster, sid, nodeVersion, mut) +} diff --git a/test/CA-GENERATION.md b/test/CA-GENERATION.md index 0c2c8b4dbe4f..686064df00b0 100644 --- a/test/CA-GENERATION.md +++ b/test/CA-GENERATION.md @@ -16,11 +16,46 @@ cd test/ca/ rm -rf *.pem *.crt *.key && ./generate.sh ``` +It also possible for the root CA to expire. +In this case, use the instructions [here](Instructions from https://langui.sh/2009/01/18/openssl-self-signed-ca/) to regenerate root.cer and privkey.pem. +Configure the cert as follows: + +``` +Country Name (2 letter code) [AU]:US +State or Province Name (full name) [Some-State]:CA +Locality Name (eg, city) []:San Francisco +Organization Name (eg, company) [Internet Widgits Pty Ltd]:HashiCorp Test Cert +Organizational Unit Name (eg, section) []:Dev +Common Name (e.g. server FQDN or YOUR name) []:test.internal +Email Address []:test@internal.com +``` + +Ensure that you run `./test/ca/generate.sh` after recreating the root CA. + ## Hostname certificates if tests like `TestNewDialer_WithALPNWrapper` (or any other test using certificates located in `./test/hostname` ) are failing because of expired certificates, use `./generate.sh` script to regenerate a new set of certificate. ``` bash cd test/hostname/ -rm -rf *.pem *.crt *.key && ./generate.sh +# Avoid deleting CertAuth.crt and privkey.pem since they're referenced in myca.conf +rm -rf "[Bonnie|Betty|Bob|Alice].crt" *.key && ./generate.sh +``` + +It also possible for the root CA to expire. +In this case, use the instructions [here](Instructions from https://langui.sh/2009/01/18/openssl-self-signed-ca/) to regenerate CertAuth.crt and privkey.pem. + +```bash +openssl req -newkey rsa:2048 -days 3650 -x509 -nodes -out CertAuth.crt +``` + +Configure the cert as follows: +``` +Country Name (2 letter code) [AU]:US +State or Province Name (full name) [Some-State]:CA +Locality Name (eg, city) []:San Francisco +Organization Name (eg, company) [Internet Widgits Pty Ltd]:HashiCorp Test Cert +Organizational Unit Name (eg, section) []:Test +Common Name (e.g. server FQDN or YOUR name) []:CertAuth +Email Address []:test@internal.com ``` \ No newline at end of file diff --git a/test/ca/certindex b/test/ca/certindex index 52333887dd37..5d31a191bec9 100644 --- a/test/ca/certindex +++ b/test/ca/certindex @@ -7,3 +7,25 @@ V 180606021919Z 0F unknown /CN=testco.internal/ST=California/C=US/emailAddress= V 21180418091009Z 10 unknown /CN=testco.internal/ST=California/C=US/emailAddress=james@hashicorp.com/O=End Point/OU=Testing V 21220322142538Z 11 unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing V 21221008151329Z 12 unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009155124Z 13 unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009165428Z 14 unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009165428Z 15 unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009170507Z 16 unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009170507Z 17 unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009170704Z 18 unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009170704Z 19 unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009170742Z 1A unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009170742Z 1B unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009170931Z 1C unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009170932Z 1D unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009171405Z 1E unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009171405Z 1F unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009171500Z 20 unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009171500Z 21 unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009171525Z 22 unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009171525Z 23 unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009171817Z 24 unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009171817Z 25 unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009171908Z 26 unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009171908Z 27 unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009172016Z 28 unknown /CN=testco.internal/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing diff --git a/test/ca/generate.sh b/test/ca/generate.sh index 7159431f4c49..0c82d808aaf3 100755 --- a/test/ca/generate.sh +++ b/test/ca/generate.sh @@ -7,3 +7,7 @@ set -e openssl req -new -sha256 -nodes -out ../key/ourdomain.csr -newkey rsa:2048 -keyout ../key/ourdomain.key -config ../key/ourdomain.cfg openssl ca -batch -config myca.conf -notext -in ../key/ourdomain.csr -out ../key/ourdomain.cer rm ../key/ourdomain.csr + +openssl req -new -sha256 -nodes -out ../key/ourdomain_server.csr -newkey rsa:2048 -keyout ../key/ourdomain_server.key -config ../key/ourdomain_server.cfg +openssl ca -batch -config myca.conf -notext -in ../key/ourdomain_server.csr -out ../key/ourdomain_server.cer -extensions v3_req -extfile ../key/ourdomain_server.cfg +rm ../key/ourdomain_server.csr diff --git a/test/ca/privkey.pem b/test/ca/privkey.pem index 3f22711a1162..bc93012d42d4 100644 --- a/test/ca/privkey.pem +++ b/test/ca/privkey.pem @@ -1,27 +1,28 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAxrs6JK4NpiOItxrpNR/1ppUUmH7p2BgLCBZ6eHdclle9J56i -68adt8J85zaqphCfz6VDP58DsFx+N50PZyjQaDsUd0HejRqfHRMtg2O+UQkv4Z66 -+Vo+gc6uGuANi2xMtSYDVTAqqzF48OOPQDgYkzcGxcFZzTRFFZt2vPnyHj8cHcaF -o/NMNVh7C3yTXevRGNm9u2mrbxCEeiHzFC2WUnvgU2jQuC7Fhnl33Zd3B6d3mQH6 -O23ncmwxTcPUJe6xZaIRrDuzwUcyhLj5Z3faag/fpFIIcHSiHRfoqHLGsGg+3swI -d/zVJSSDHr7pJUu7Cre+vZa63FqDaooqvnisrQIDAQABAoIBABreo6zj76p/8XM4 -a0GokZE1ZPR9bGawUYWFbIevM9CMCmI5+7M/RoHbBQJKDOapJsJviNkoSdpllxcz -4CpFhXAiVNEPEeUoLU1EE4pJSSkxwcySppsiTYNFi5rMomgwe2qeuiKhgZNl/AEt -82dubjwxW3QPgXHSWGjkfTht3wOhrczA8xyEjc9Bsad2ooA9IQk+VXYlPZXyXjs1 -WwLYHmcSfveauLliLXeVU2Ux5PPwyreKMhyAfSHVQCycxK008u8WPy8nkAlpxKMC -UwCN+JKl69WCCA3CxXgM83zz4pXvB4EyMr8aTiqmOID8RIIrPcjCmVJki6KbJ9WG -S2CQVG0CgYEA5kVACrnjLtov426ZNifF2zUXu9x//7D6GkbJxzZLwXP/BJFcEOdQ -Fnjcs3s7wYh/wdTnEcQVWSJSAqnRt98c9yAXVnG5z1M0DYpAsY8xrdhEitxOf2oB -2cbvi4+cvUuUxk1hgva18UCT23aLP+iY2+t/ydBXAZ9kq1zz5CcpEBMCgYEA3O/R -g1Y9O36XxBmSYnkoCF5yGrPunnKKNBJc/WA7pTkQFYHr64Y/h5EKubzHD/VEd1Li -nDuGYxVMewf+5pHUhqSdpZtTxv25hjOsqLf5o5wm18JThGifs2zEVCTJOPti5n2M -RHakxuq1I625/QHidLBTQYuEBS/vywhapfaSaD8CgYEAhd1OPK4R30PiQRIjqXL3 -t9ampISsOKXWz33FgbUT1zOq1in23rDKQzYh/4ktlPXYZ4NwjUhzrKyiBoBYtc7T -1OpoBs34Wgmhohl0QIThOZIXTq6CR9oFl2fqDDUBxp3wsFN905e+77A+BIBmtVFv -w7GlSVp/qibSbDiOZF1LptcCgYB8sJBi+jnmqOSIVRJLpysTxhHJxkDmhahACRkY -Gsau0cylBsUaEJMsNIyEFOmXtQml+k5QdDu9EdkvGm0evbDfKGqce1RF2w5okiNg -uSwXzVoSrOartMxk2/7VqkkycpX3lWWjgf4vEWmXsEVmaDjhOF5UgKPKtao0wQs/ -3S/1ywKBgAIGgOuvL/GBcGqLikHLC+cputMvBAuE/tJnFHPxFoobskocVsMKbDTy -NYF7uPlzSGGClZsjE6DQyyGf5E9/U+EdwDKZwHYGCkzVjplUBo0BT3EN0vcc9jB/ -ML9Ta4ETPyf66BhSVcD+eeNipPFAul0Q7uZhErH1zr1evTy8XXyI ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCIA00iG5IveRzZ +wf2P1Laih3eoiK2Wl1Re22cz2Pcpf6gb7agPguwU5Hco0DWzsnmek2Qyw9gloroX +1t7LbTW2rxbK1hP7PkFCwSxi9u8MZDaLF3a79bwbsYZzf3toeoz8DCBxo9bBSSAC +j4uI/S+lUjMctQrK1nFjGoNUHfxioXPwIJH+TS/76TiZPu3Zj6kN6taVFNe3ISBN +XW6Vg8E3koz+9Bwv0a6Ty7oFRoJXpsud1k/83Iy288jhYDuB56+ypUmcCNqGT+e0 +Bn/VXHx26GXTx97cXSLJE+o+JrHZaI1TcQUL2Z5DJZVJRUg/wtcXggoMLVI1O0en +Jm2jdmLXAgMBAAECggEAPSMSwFKZVsp/a+h1g/nu8EapRDHPqWGzdIH1tUoA63/s +vkUI5pQIb2m0oD1a7j+6yEtjXihHF7+6G24jrlgULV4thhZNXAFDT3DKdV+e2ziO +hd4RqnJOUDpvf6odfDyd88u1p68oILCweUYxx+1axdqZi/1a8QsMY6ouvxhNcr2N +MLOBMS9G/q4GKObggmTbBcZnZWYeNHqMv6CZXYlbY8NoOKiaI9Xw9dOQWKZFWgOh +zdiLgUPRmeugOLfJWI2iqHHmjXzsz3tNT1B7TuD8QitSXmqvAfc/HD+QmOJOJVN8 +eB2+nqY1hoE8tsTGhZpmHFKAfg5glWcswblDxIG7lQKBgQC/37gpaJaGFA8k7tDr +jrmvZXmPPozdj2kzio2GrYvEbfHBqWV7y9MapTIZjRURqa7rLXWtGYuv6+bLfwtD +HrkDGWsjlrvkUjZXCqyYx1HfRAdEsMr/0kVqIVJaAO9kJJA6izno2XRpKMj6+sdk +bGCbDveoDSY/vSWwd0ERqQFpVQKBgQC1eD7Ij96g2dJGQIJOQD1Efyxk9dJ+ocY6 +F+zZP7qgbED2nFysNtJ2wJyE6B4PnuUwpk5HkHuE+glgtcMUKsHPcynhaIRJBZfk +UQ+GyCKQItPzT6wa8sQXMQvsIk2opwj/uGkJn1vZ1jPIdLCIqqqhcQ53dMSPgEkf +PL1m4LmrewKBgDHgafL5qQc5d6ZWHiDdfQ9HBY5i6CNAAEzRm3CC9G4fVlTNQAAq +P7oRbzCNKAjrXvjrXEee+FzGqbwETl0oQ1e2587chAMaC94cfDlKttGe0XTdsCdH +9ZtdBhc3XwNdLdDKGEebH1OmsnfrcKF+Oq6T+XTJ1kODW6S/mz6H/EHxAoGAbsLr +Bz2Q8/qfdpOvNRXOj31T2neUOAiD1jd+MAfO4FXSvPMpOU/o2+SqZBDNMFmaqDwJ +sXKFgd+fU7D9VdTXIMi4+kTx4SQR1qCHaovDVNh9J5gsgvJEL6eXEFTLs7HoMzUa +n23uASLVzncyvOf2Z716x/y0cKYre252aFGn4fsCgYA+003BZnT9kMj1gpd/F3JS +JzFl10Yhj1hfyUu2pI6GLobj2VI3rEKL9UdzCTrEkLXyW1Js6DwT80mHIlJstzgZ +hJsBus6mSap+IZi/hKLS+xgculy0xlXzwNMmEid8GyzSPoHNXRQ233nANjKaRuvT +LG6wHDbfK+WVa3BlFKz8jA== +-----END PRIVATE KEY----- diff --git a/test/ca/root.cer b/test/ca/root.cer index ae9fb00b1c3c..2cdea8d2e9ee 100644 --- a/test/ca/root.cer +++ b/test/ca/root.cer @@ -1,28 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEtzCCA5+gAwIBAgIJAIewRMI8OnvTMA0GCSqGSIb3DQEBBQUAMIGYMQswCQYD -VQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xHDAa -BgNVBAoTE0hhc2hpQ29ycCBUZXN0IENlcnQxDDAKBgNVBAsTA0RldjEWMBQGA1UE -AxMNdGVzdC5pbnRlcm5hbDEgMB4GCSqGSIb3DQEJARYRdGVzdEBpbnRlcm5hbC5j -b20wHhcNMTQwNDA3MTkwMTA4WhcNMjQwNDA0MTkwMTA4WjCBmDELMAkGA1UEBhMC -VVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQK -ExNIYXNoaUNvcnAgVGVzdCBDZXJ0MQwwCgYDVQQLEwNEZXYxFjAUBgNVBAMTDXRl -c3QuaW50ZXJuYWwxIDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMIIB -IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrs6JK4NpiOItxrpNR/1ppUU -mH7p2BgLCBZ6eHdclle9J56i68adt8J85zaqphCfz6VDP58DsFx+N50PZyjQaDsU -d0HejRqfHRMtg2O+UQkv4Z66+Vo+gc6uGuANi2xMtSYDVTAqqzF48OOPQDgYkzcG -xcFZzTRFFZt2vPnyHj8cHcaFo/NMNVh7C3yTXevRGNm9u2mrbxCEeiHzFC2WUnvg -U2jQuC7Fhnl33Zd3B6d3mQH6O23ncmwxTcPUJe6xZaIRrDuzwUcyhLj5Z3faag/f -pFIIcHSiHRfoqHLGsGg+3swId/zVJSSDHr7pJUu7Cre+vZa63FqDaooqvnisrQID -AQABo4IBADCB/TAdBgNVHQ4EFgQUo/nrOfqvbee2VklVKIFlyQEbuJUwgc0GA1Ud -IwSBxTCBwoAUo/nrOfqvbee2VklVKIFlyQEbuJWhgZ6kgZswgZgxCzAJBgNVBAYT -AlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEcMBoGA1UE -ChMTSGFzaGlDb3JwIFRlc3QgQ2VydDEMMAoGA1UECxMDRGV2MRYwFAYDVQQDEw10 -ZXN0LmludGVybmFsMSAwHgYJKoZIhvcNAQkBFhF0ZXN0QGludGVybmFsLmNvbYIJ -AIewRMI8OnvTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADa9fV9h -gjapBlkNmu64WX0Ufub5dsJrdHS8672P30S7ILB7Mk0W8sL65IezRsZnG898yHf9 -2uzmz5OvNTM9K380g7xFlyobSVq+6yqmmSAlA/ptAcIIZT727P5jig/DB7fzJM3g -jctDlEGOmEe50GQXc25VKpcpjAsNQi5ER5gowQ0v3IXNZs+yU+LvxLHc0rUJ/XSp -lFCAMOqd5uRoMOejnT51G6krvLNzPaQ3N9jQfNVY4Q0zfs0M+6dRWvqfqB9Vyq8/ -POLMld+HyAZEBk9zK3ZVIXx6XS4dkDnSNR91njLq7eouf6M7+7s/oMQZZRtAfQ6r -wlW975rYa1ZqEdA= +MIIEEzCCAvugAwIBAgIUIYIXKNRBFBPuuOit2D2CfVJAoDAwDQYJKoZIhvcNAQEL +BQAwgZgxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZy +YW5jaXNjbzEcMBoGA1UECgwTSGFzaGlDb3JwIFRlc3QgQ2VydDEMMAoGA1UECwwD +RGV2MRYwFAYDVQQDDA10ZXN0LmludGVybmFsMSAwHgYJKoZIhvcNAQkBFhF0ZXN0 +QGludGVybmFsLmNvbTAeFw0yMzExMDIxNTUwMjlaFw0zMzEwMzAxNTUwMjlaMIGY +MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lz +Y28xHDAaBgNVBAoME0hhc2hpQ29ycCBUZXN0IENlcnQxDDAKBgNVBAsMA0RldjEW +MBQGA1UEAwwNdGVzdC5pbnRlcm5hbDEgMB4GCSqGSIb3DQEJARYRdGVzdEBpbnRl +cm5hbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCIA00iG5Iv +eRzZwf2P1Laih3eoiK2Wl1Re22cz2Pcpf6gb7agPguwU5Hco0DWzsnmek2Qyw9gl +oroX1t7LbTW2rxbK1hP7PkFCwSxi9u8MZDaLF3a79bwbsYZzf3toeoz8DCBxo9bB +SSACj4uI/S+lUjMctQrK1nFjGoNUHfxioXPwIJH+TS/76TiZPu3Zj6kN6taVFNe3 +ISBNXW6Vg8E3koz+9Bwv0a6Ty7oFRoJXpsud1k/83Iy288jhYDuB56+ypUmcCNqG +T+e0Bn/VXHx26GXTx97cXSLJE+o+JrHZaI1TcQUL2Z5DJZVJRUg/wtcXggoMLVI1 +O0enJm2jdmLXAgMBAAGjUzBRMB0GA1UdDgQWBBTmrmqnZIdFOj6vhCUAJKLZNUDw +FDAfBgNVHSMEGDAWgBTmrmqnZIdFOj6vhCUAJKLZNUDwFDAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB3j6gvalxq54hZSwVmVZPMzjdTVYRC11b0 +6C9pWKsLwu+WINcs59ui8wpYVjcw1AK4/2I1Q7P4RgpSarAxG5tYIMB1xcfFKqBn +f/dDXexONgwpW6SoBJ58c7OB/aH8CenDT8Vwk3fwjYslOywbFRqBjH+PB8uTlu0e +D1fzjpcQCrQeA5VD4pjJAaTmi7bLVuH5XIya3++f/N3xOn53GVMUDO1OdFz8ZMvJ +Wrrg7E/wMXB1b5Wo2n2ypVU4sejikSjg2nfdLojUWGMrZ8TuUnjFs88PeQ9CObAp +A36dLfs4JLF3sVOtqTd6BGwegDsmmllYO5Ky6I+laoLSHpGDEihS -----END CERTIFICATE----- diff --git a/test/ca/serialfile b/test/ca/serialfile index b1bd38b62a08..f04c001f3f7f 100644 --- a/test/ca/serialfile +++ b/test/ca/serialfile @@ -1 +1 @@ -13 +29 diff --git a/test/ca_path/cert2.crt b/test/ca_path/cert2.crt index ae9fb00b1c3c..167efa1d544c 100644 --- a/test/ca_path/cert2.crt +++ b/test/ca_path/cert2.crt @@ -25,4 +25,4 @@ jctDlEGOmEe50GQXc25VKpcpjAsNQi5ER5gowQ0v3IXNZs+yU+LvxLHc0rUJ/XSp lFCAMOqd5uRoMOejnT51G6krvLNzPaQ3N9jQfNVY4Q0zfs0M+6dRWvqfqB9Vyq8/ POLMld+HyAZEBk9zK3ZVIXx6XS4dkDnSNR91njLq7eouf6M7+7s/oMQZZRtAfQ6r wlW975rYa1ZqEdA= ------END CERTIFICATE----- +-----END CERTIFICATE----- \ No newline at end of file diff --git a/test/client_certs/client.crt b/test/client_certs/client.crt index 263da23b07d0..1a3afec7a846 100644 --- a/test/client_certs/client.crt +++ b/test/client_certs/client.crt @@ -1,16 +1,17 @@ -----BEGIN CERTIFICATE----- -MIICnDCCAkKgAwIBAgIQBEmjZ8EghLtV+7EC+jUSlzAKBggqhkjOPQQDAjCBuTEL +MIICnjCCAkSgAwIBAgIQAxVHhSG0wSbdZm+3ToYAkDAKBggqhkjOPQQDAjCBuTEL MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV BgNVBAoTDkhhc2hpQ29ycCBJbmMuMUAwPgYDVQQDEzdDb25zdWwgQWdlbnQgQ0Eg -MzI0NTYxNDUyNjQ2NDU0MDY2Mjk1MzU5NzAzNzcxNTM4MDY2MTQ1MB4XDTIyMTEw -MTE1MTczNVoXDTIzMTEwMTE1MTczNVowHDEaMBgGA1UEAxMRY2xpZW50LmRjMS5j -b25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQJqvEGn2AswWZQ1mr0tHlt -ftn9J9lyCSdWrOADhB3+GMgz4H44CKYsYVrVtu5KMryXd2POHB/iU4xg8lm3M4GA -o4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYB -BQUHAwEwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQg/GP6DmucHJbreVDyMqdZykvt -AvXQ+OagDurF1Kbic04wKwYDVR0jBCQwIoAg5ONc3k0++QDOnzWJI4N38lvRq5WS -az/dq8lQJyva894wLQYDVR0RBCYwJIIRY2xpZW50LmRjMS5jb25zdWyCCWxvY2Fs -aG9zdIcEfwAAATAKBggqhkjOPQQDAgNIADBFAiA6yknUjHv/sqbbSp0mEbW0dA5j -klHQMILw0QJqCOk/iQIhANeMu0qp9efaHAvTNIbjlUwn+EbKUIVS4tCw8ImuAMA8 +MjgwNzE4MDMxODA1Mjk2OTA1NzQ4MzU3NjI1MTI5ODQ5NDA5NjI3MCAXDTIzMTEw +MjE1Mjk0NVoYDzIxMjMxMDA5MTUyOTQ1WjAcMRowGAYDVQQDExFjbGllbnQuZGMx +LmNvbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKvl1yhbsI9r7IxJxLrt +ZTNYXkCXuFy8q3gsokMqsl/MUynrIBrd9NrZEQA91ZArUYzF1+QlxM6D4hRJc5CR +3x6jgccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr +BgEFBQcDATAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCCvXve+zMFSJMXNS3l3YL9k +2QH8zF74wa+TlwFSaQEjGzArBgNVHSMEJDAigCBGa65jF6Wwq9OmdbgJIRCYv++x +HG8dRBUpwvSk0Mk1+jAtBgNVHREEJjAkghFjbGllbnQuZGMxLmNvbnN1bIIJbG9j +YWxob3N0hwR/AAABMAoGCCqGSM49BAMCA0gAMEUCIBLqa1Zh3KUE0RiQzWdoYXkU +wZo5aBw9ujqzLyAqxToFAiEAihWmc4r6lDYRR35X4QB1nTT92POJRClsfLPOTRG5 +rsU= -----END CERTIFICATE----- diff --git a/test/client_certs/client.key b/test/client_certs/client.key index 17a6630af418..e7795e865e24 100644 --- a/test/client_certs/client.key +++ b/test/client_certs/client.key @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIOEmrph3YiKjf2pUN/cy0G8LNvMVYSXM4fl7w9ylpaXLoAoGCCqGSM49 -AwEHoUQDQgAECarxBp9gLMFmUNZq9LR5bX7Z/SfZcgknVqzgA4Qd/hjIM+B+OAim -LGFa1bbuSjK8l3djzhwf4lOMYPJZtzOBgA== +MHcCAQEEINE2CQhnu7ipo67FGbEBRXoYRCTM4uJdHgNRTrdkAnHCoAoGCCqGSM49 +AwEHoUQDQgAEq+XXKFuwj2vsjEnEuu1lM1heQJe4XLyreCyiQyqyX8xTKesgGt30 +2tkRAD3VkCtRjMXX5CXEzoPiFElzkJHfHg== -----END EC PRIVATE KEY----- diff --git a/test/client_certs/consul-agent-ca-key.pem b/test/client_certs/consul-agent-ca-key.pem index 4493d2f01961..6bf1b2f78aa9 100644 --- a/test/client_certs/consul-agent-ca-key.pem +++ b/test/client_certs/consul-agent-ca-key.pem @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEILDGZMNL2mZRmk9LLUm+Ocp2PK31o0BtoTUZ6jqTz8lioAoGCCqGSM49 -AwEHoUQDQgAE4wstVIecTLB40vS0ujhIrF58KRdqYijsMRcZL9ZEcmPwVuA1RZ4P -VfMhqHDRirX0KwuRhunlFsCy0wQpy3XqBA== +MHcCAQEEIIH0PuHoVgBRUbkAGH/ZJ49GxWrX5fKws3z6LJJp1pw7oAoGCCqGSM49 +AwEHoUQDQgAE79JHKa+fr3Ird9hUoZLBK5GkvlUQ1dj2sXmn21q7PSDsnjy7r44l +X/rL1uVDpd/YJO6venDB6ApRgMVdZl/msw== -----END EC PRIVATE KEY----- diff --git a/test/client_certs/consul-agent-ca.pem b/test/client_certs/consul-agent-ca.pem index a62c8916e2d5..62de74af4ee6 100644 --- a/test/client_certs/consul-agent-ca.pem +++ b/test/client_certs/consul-agent-ca.pem @@ -1,18 +1,18 @@ -----BEGIN CERTIFICATE----- -MIIC7jCCApSgAwIBAgIRAPQsQxVaOlwVK7QsleZhCuEwCgYIKoZIzj0EAwIwgbkx +MIIC8DCCApagAwIBAgIRANMwU4romcy9OnAAx7c9UFswCgYIKoZIzj0EAwIwgbkx CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB -IDMyNDU2MTQ1MjY0NjQ1NDA2NjI5NTM1OTcwMzc3MTUzODA2NjE0NTAeFw0yMjEx -MDExNTE3MzVaFw0yNzEwMzExNTE3MzVaMIG5MQswCQYDVQQGEwJVUzELMAkGA1UE -CBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGjAYBgNVBAkTETEwMSBTZWNv -bmQgU3RyZWV0MQ4wDAYDVQQREwU5NDEwNTEXMBUGA1UEChMOSGFzaGlDb3JwIElu -Yy4xQDA+BgNVBAMTN0NvbnN1bCBBZ2VudCBDQSAzMjQ1NjE0NTI2NDY0NTQwNjYy -OTUzNTk3MDM3NzE1MzgwNjYxNDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATj -Cy1Uh5xMsHjS9LS6OEisXnwpF2piKOwxFxkv1kRyY/BW4DVFng9V8yGocNGKtfQr -C5GG6eUWwLLTBCnLdeoEo3sweTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUw -AwEB/zApBgNVHQ4EIgQg5ONc3k0++QDOnzWJI4N38lvRq5WSaz/dq8lQJyva894w -KwYDVR0jBCQwIoAg5ONc3k0++QDOnzWJI4N38lvRq5WSaz/dq8lQJyva894wCgYI -KoZIzj0EAwIDSAAwRQIhAKU8aWxhlJ5kiG/cqHkmfFZjY9MoweTEeSeq8ROUVYlK -AiB2nWWrkj7+KzNO4OIwNmCe8nY+JcpIMaKCK4QwhWg9uA== +IDI4MDcxODAzMTgwNTI5NjkwNTc0ODM1NzYyNTEyOTg0OTQwOTYyNzAgFw0yMzEx +MDIxNTI5NDVaGA8yMTIzMTAwOTE1Mjk0NVowgbkxCzAJBgNVBAYTAlVTMQswCQYD +VQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEaMBgGA1UECRMRMTAxIFNl +Y29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcwFQYDVQQKEw5IYXNoaUNvcnAg +SW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENBIDI4MDcxODAzMTgwNTI5Njkw +NTc0ODM1NzYyNTEyOTg0OTQwOTYyNzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BO/SRymvn69yK3fYVKGSwSuRpL5VENXY9rF5p9tauz0g7J48u6+OJV/6y9blQ6Xf +2CTur3pwwegKUYDFXWZf5rOjezB5MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8E +BTADAQH/MCkGA1UdDgQiBCBGa65jF6Wwq9OmdbgJIRCYv++xHG8dRBUpwvSk0Mk1 ++jArBgNVHSMEJDAigCBGa65jF6Wwq9OmdbgJIRCYv++xHG8dRBUpwvSk0Mk1+jAK +BggqhkjOPQQDAgNIADBFAiEA1nklH0P2rsCNv/wMVKK9/07ICFTl18bpwzb7zycf +5+sCIEIfm6RK9e8WACmFGoaaeQjxwrCSMwGSDCw9FSU6BeZB -----END CERTIFICATE----- diff --git a/test/client_certs/dc1-client-consul-0-key.pem b/test/client_certs/dc1-client-consul-0-key.pem index 17a6630af418..e7795e865e24 100644 --- a/test/client_certs/dc1-client-consul-0-key.pem +++ b/test/client_certs/dc1-client-consul-0-key.pem @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIOEmrph3YiKjf2pUN/cy0G8LNvMVYSXM4fl7w9ylpaXLoAoGCCqGSM49 -AwEHoUQDQgAECarxBp9gLMFmUNZq9LR5bX7Z/SfZcgknVqzgA4Qd/hjIM+B+OAim -LGFa1bbuSjK8l3djzhwf4lOMYPJZtzOBgA== +MHcCAQEEINE2CQhnu7ipo67FGbEBRXoYRCTM4uJdHgNRTrdkAnHCoAoGCCqGSM49 +AwEHoUQDQgAEq+XXKFuwj2vsjEnEuu1lM1heQJe4XLyreCyiQyqyX8xTKesgGt30 +2tkRAD3VkCtRjMXX5CXEzoPiFElzkJHfHg== -----END EC PRIVATE KEY----- diff --git a/test/client_certs/dc1-client-consul-0.pem b/test/client_certs/dc1-client-consul-0.pem index 263da23b07d0..1a3afec7a846 100644 --- a/test/client_certs/dc1-client-consul-0.pem +++ b/test/client_certs/dc1-client-consul-0.pem @@ -1,16 +1,17 @@ -----BEGIN CERTIFICATE----- -MIICnDCCAkKgAwIBAgIQBEmjZ8EghLtV+7EC+jUSlzAKBggqhkjOPQQDAjCBuTEL +MIICnjCCAkSgAwIBAgIQAxVHhSG0wSbdZm+3ToYAkDAKBggqhkjOPQQDAjCBuTEL MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV BgNVBAoTDkhhc2hpQ29ycCBJbmMuMUAwPgYDVQQDEzdDb25zdWwgQWdlbnQgQ0Eg -MzI0NTYxNDUyNjQ2NDU0MDY2Mjk1MzU5NzAzNzcxNTM4MDY2MTQ1MB4XDTIyMTEw -MTE1MTczNVoXDTIzMTEwMTE1MTczNVowHDEaMBgGA1UEAxMRY2xpZW50LmRjMS5j -b25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQJqvEGn2AswWZQ1mr0tHlt -ftn9J9lyCSdWrOADhB3+GMgz4H44CKYsYVrVtu5KMryXd2POHB/iU4xg8lm3M4GA -o4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYB -BQUHAwEwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQg/GP6DmucHJbreVDyMqdZykvt -AvXQ+OagDurF1Kbic04wKwYDVR0jBCQwIoAg5ONc3k0++QDOnzWJI4N38lvRq5WS -az/dq8lQJyva894wLQYDVR0RBCYwJIIRY2xpZW50LmRjMS5jb25zdWyCCWxvY2Fs -aG9zdIcEfwAAATAKBggqhkjOPQQDAgNIADBFAiA6yknUjHv/sqbbSp0mEbW0dA5j -klHQMILw0QJqCOk/iQIhANeMu0qp9efaHAvTNIbjlUwn+EbKUIVS4tCw8ImuAMA8 +MjgwNzE4MDMxODA1Mjk2OTA1NzQ4MzU3NjI1MTI5ODQ5NDA5NjI3MCAXDTIzMTEw +MjE1Mjk0NVoYDzIxMjMxMDA5MTUyOTQ1WjAcMRowGAYDVQQDExFjbGllbnQuZGMx +LmNvbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKvl1yhbsI9r7IxJxLrt +ZTNYXkCXuFy8q3gsokMqsl/MUynrIBrd9NrZEQA91ZArUYzF1+QlxM6D4hRJc5CR +3x6jgccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr +BgEFBQcDATAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCCvXve+zMFSJMXNS3l3YL9k +2QH8zF74wa+TlwFSaQEjGzArBgNVHSMEJDAigCBGa65jF6Wwq9OmdbgJIRCYv++x +HG8dRBUpwvSk0Mk1+jAtBgNVHREEJjAkghFjbGllbnQuZGMxLmNvbnN1bIIJbG9j +YWxob3N0hwR/AAABMAoGCCqGSM49BAMCA0gAMEUCIBLqa1Zh3KUE0RiQzWdoYXkU +wZo5aBw9ujqzLyAqxToFAiEAihWmc4r6lDYRR35X4QB1nTT92POJRClsfLPOTRG5 +rsU= -----END CERTIFICATE----- diff --git a/test/client_certs/dc1-server-consul-0-key.pem b/test/client_certs/dc1-server-consul-0-key.pem index 9ef60bc14ebf..fcce44af0a38 100644 --- a/test/client_certs/dc1-server-consul-0-key.pem +++ b/test/client_certs/dc1-server-consul-0-key.pem @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIM+Rps/EV1QvlRwMo5IT9HMqWVe1LR5vfeernws0pwo8oAoGCCqGSM49 -AwEHoUQDQgAEwt5yBcpkGKSJ+LgcS0EuqdVt2NqXYSGMFU/RTqwjeTxNeGBEmBJD -3Rrnm0kj3+y25YL/ZhssI6WM4Az4JP5D8A== +MHcCAQEEIDFaDmSkx6Pnn7mQJAsAjl1XIg4YhHgUW2yclB9QoWI5oAoGCCqGSM49 +AwEHoUQDQgAEiFhfuej4FXqKjtxlto9o5dTnz8rMGRbzam7YULKN531XZnNbPsOw +PWFyWDVlNbOzkzY32CLVl7ObfDlCtL36gw== -----END EC PRIVATE KEY----- diff --git a/test/client_certs/dc1-server-consul-0.pem b/test/client_certs/dc1-server-consul-0.pem index cd8a64a1b0b4..c7090b0a8ccc 100644 --- a/test/client_certs/dc1-server-consul-0.pem +++ b/test/client_certs/dc1-server-consul-0.pem @@ -1,17 +1,17 @@ -----BEGIN CERTIFICATE----- -MIICxTCCAmqgAwIBAgIQQEFFmUhO6yA+4ScqpYgqoTAKBggqhkjOPQQDAjCBuTEL -MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv -MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV -BgNVBAoTDkhhc2hpQ29ycCBJbmMuMUAwPgYDVQQDEzdDb25zdWwgQWdlbnQgQ0Eg -MzI0NTYxNDUyNjQ2NDU0MDY2Mjk1MzU5NzAzNzcxNTM4MDY2MTQ1MB4XDTIyMTEw -MTE1MTczNVoXDTIzMTEwMTE1MTczNVowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j -b25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATC3nIFymQYpIn4uBxLQS6p -1W3Y2pdhIYwVT9FOrCN5PE14YESYEkPdGuebSSPf7Lblgv9mGywjpYzgDPgk/kPw -o4HvMIHsMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB -BQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgbvG1NZYTXB5wRZNGjgs+hgfT -1j+klGellDDkmXIZRpMwKwYDVR0jBCQwIoAg5ONc3k0++QDOnzWJI4N38lvRq5WS -az/dq8lQJyva894wVQYDVR0RBE4wTIILY29uc3VsLnRlc3SCGXNlcnZlcjAuc2Vy -dmVyLmRjMS5jb25zdWyCEXNlcnZlci5kYzEuY29uc3Vsgglsb2NhbGhvc3SHBH8A -AAEwCgYIKoZIzj0EAwIDSQAwRgIhAIKx/BNuRx1STi9mupvpCFsl6vvTo6eKyvXk -YlMvo3X+AiEA6YTlNvH5+cWaJQORpX+ZI1Eogkl1h0oWNL4+D0lofIo= +MIICxjCCAm2gAwIBAgIRAP6e14CosD1ulIkguwrpihowCgYIKoZIzj0EAwIwgbkx +CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj +bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw +FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB +IDI4MDcxODAzMTgwNTI5NjkwNTc0ODM1NzYyNTEyOTg0OTQwOTYyNzAgFw0yMzEx +MDIxNTI5NDVaGA8yMTIzMTAwOTE1Mjk0NVowHDEaMBgGA1UEAxMRc2VydmVyLmRj +MS5jb25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASIWF+56PgVeoqO3GW2 +j2jl1OfPyswZFvNqbthQso3nfVdmc1s+w7A9YXJYNWU1s7OTNjfYItWXs5t8OUK0 +vfqDo4HvMIHsMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI +KwYBBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgMO523nDhmf6DDJFSO9ly ++Y5UcgW1TKqCTt+yJkPWG2EwKwYDVR0jBCQwIoAgRmuuYxelsKvTpnW4CSEQmL/v +sRxvHUQVKcL0pNDJNfowVQYDVR0RBE4wTIILY29uc3VsLnRlc3SCGXNlcnZlcjAu +c2VydmVyLmRjMS5jb25zdWyCEXNlcnZlci5kYzEuY29uc3Vsgglsb2NhbGhvc3SH +BH8AAAEwCgYIKoZIzj0EAwIDRwAwRAIgRxmCHvcCJ0FoA/uelR2dNAasXkZa0pZr +bfCWeAUVf5QCIA587F7IqokthpSlbI3W9R3NyES2fffpjUtmxdrQ7cJS -----END CERTIFICATE----- diff --git a/test/client_certs/generate.sh b/test/client_certs/generate.sh index f5c645d7bbb7..3d1192fc9423 100755 --- a/test/client_certs/generate.sh +++ b/test/client_certs/generate.sh @@ -10,7 +10,7 @@ cd "$(dirname "$0")" if [[ ! -f consul-agent-ca-key.pem ]] || [[ ! -f consul-agent-ca.pem ]]; then echo "Regenerating CA..." rm -f consul-agent-ca-key.pem consul-agent-ca.pem - consul tls ca create + consul tls ca create -days 36500 fi rm -f rootca.crt rootca.key path/rootca.crt cp consul-agent-ca.pem rootca.crt @@ -20,7 +20,7 @@ cp rootca.crt path if [[ ! -f dc1-server-consul-0.pem ]] || [[ ! -f dc1-server-consul-0-key.pem ]]; then echo "Regenerating server..." rm -f dc1-server-consul-0.pem dc1-server-consul-0-key.pem - consul tls cert create -server -node=server0 -additional-dnsname=consul.test + consul tls cert create -days=36500 -server -node=server0 -additional-dnsname=consul.test fi rm -f server.crt server.key cp dc1-server-consul-0.pem server.crt @@ -29,7 +29,7 @@ cp dc1-server-consul-0-key.pem server.key if [[ ! -f dc1-client-consul-0.pem ]] || [[ ! -f dc1-client-consul-0-key.pem ]]; then echo "Regenerating client..." rm -f dc1-client-consul-0.pem dc1-client-consul-0-key.pem - consul tls cert create -client + consul tls cert create -days 36500 -client fi rm -f client.crt client.key cp dc1-client-consul-0.pem client.crt diff --git a/test/client_certs/path/rootca.crt b/test/client_certs/path/rootca.crt index a62c8916e2d5..62de74af4ee6 100644 --- a/test/client_certs/path/rootca.crt +++ b/test/client_certs/path/rootca.crt @@ -1,18 +1,18 @@ -----BEGIN CERTIFICATE----- -MIIC7jCCApSgAwIBAgIRAPQsQxVaOlwVK7QsleZhCuEwCgYIKoZIzj0EAwIwgbkx +MIIC8DCCApagAwIBAgIRANMwU4romcy9OnAAx7c9UFswCgYIKoZIzj0EAwIwgbkx CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB -IDMyNDU2MTQ1MjY0NjQ1NDA2NjI5NTM1OTcwMzc3MTUzODA2NjE0NTAeFw0yMjEx -MDExNTE3MzVaFw0yNzEwMzExNTE3MzVaMIG5MQswCQYDVQQGEwJVUzELMAkGA1UE -CBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGjAYBgNVBAkTETEwMSBTZWNv -bmQgU3RyZWV0MQ4wDAYDVQQREwU5NDEwNTEXMBUGA1UEChMOSGFzaGlDb3JwIElu -Yy4xQDA+BgNVBAMTN0NvbnN1bCBBZ2VudCBDQSAzMjQ1NjE0NTI2NDY0NTQwNjYy -OTUzNTk3MDM3NzE1MzgwNjYxNDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATj -Cy1Uh5xMsHjS9LS6OEisXnwpF2piKOwxFxkv1kRyY/BW4DVFng9V8yGocNGKtfQr -C5GG6eUWwLLTBCnLdeoEo3sweTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUw -AwEB/zApBgNVHQ4EIgQg5ONc3k0++QDOnzWJI4N38lvRq5WSaz/dq8lQJyva894w -KwYDVR0jBCQwIoAg5ONc3k0++QDOnzWJI4N38lvRq5WSaz/dq8lQJyva894wCgYI -KoZIzj0EAwIDSAAwRQIhAKU8aWxhlJ5kiG/cqHkmfFZjY9MoweTEeSeq8ROUVYlK -AiB2nWWrkj7+KzNO4OIwNmCe8nY+JcpIMaKCK4QwhWg9uA== +IDI4MDcxODAzMTgwNTI5NjkwNTc0ODM1NzYyNTEyOTg0OTQwOTYyNzAgFw0yMzEx +MDIxNTI5NDVaGA8yMTIzMTAwOTE1Mjk0NVowgbkxCzAJBgNVBAYTAlVTMQswCQYD +VQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEaMBgGA1UECRMRMTAxIFNl +Y29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcwFQYDVQQKEw5IYXNoaUNvcnAg +SW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENBIDI4MDcxODAzMTgwNTI5Njkw +NTc0ODM1NzYyNTEyOTg0OTQwOTYyNzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BO/SRymvn69yK3fYVKGSwSuRpL5VENXY9rF5p9tauz0g7J48u6+OJV/6y9blQ6Xf +2CTur3pwwegKUYDFXWZf5rOjezB5MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8E +BTADAQH/MCkGA1UdDgQiBCBGa65jF6Wwq9OmdbgJIRCYv++xHG8dRBUpwvSk0Mk1 ++jArBgNVHSMEJDAigCBGa65jF6Wwq9OmdbgJIRCYv++xHG8dRBUpwvSk0Mk1+jAK +BggqhkjOPQQDAgNIADBFAiEA1nklH0P2rsCNv/wMVKK9/07ICFTl18bpwzb7zycf +5+sCIEIfm6RK9e8WACmFGoaaeQjxwrCSMwGSDCw9FSU6BeZB -----END CERTIFICATE----- diff --git a/test/client_certs/rootca.crt b/test/client_certs/rootca.crt index a62c8916e2d5..62de74af4ee6 100644 --- a/test/client_certs/rootca.crt +++ b/test/client_certs/rootca.crt @@ -1,18 +1,18 @@ -----BEGIN CERTIFICATE----- -MIIC7jCCApSgAwIBAgIRAPQsQxVaOlwVK7QsleZhCuEwCgYIKoZIzj0EAwIwgbkx +MIIC8DCCApagAwIBAgIRANMwU4romcy9OnAAx7c9UFswCgYIKoZIzj0EAwIwgbkx CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB -IDMyNDU2MTQ1MjY0NjQ1NDA2NjI5NTM1OTcwMzc3MTUzODA2NjE0NTAeFw0yMjEx -MDExNTE3MzVaFw0yNzEwMzExNTE3MzVaMIG5MQswCQYDVQQGEwJVUzELMAkGA1UE -CBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGjAYBgNVBAkTETEwMSBTZWNv -bmQgU3RyZWV0MQ4wDAYDVQQREwU5NDEwNTEXMBUGA1UEChMOSGFzaGlDb3JwIElu -Yy4xQDA+BgNVBAMTN0NvbnN1bCBBZ2VudCBDQSAzMjQ1NjE0NTI2NDY0NTQwNjYy -OTUzNTk3MDM3NzE1MzgwNjYxNDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATj -Cy1Uh5xMsHjS9LS6OEisXnwpF2piKOwxFxkv1kRyY/BW4DVFng9V8yGocNGKtfQr -C5GG6eUWwLLTBCnLdeoEo3sweTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUw -AwEB/zApBgNVHQ4EIgQg5ONc3k0++QDOnzWJI4N38lvRq5WSaz/dq8lQJyva894w -KwYDVR0jBCQwIoAg5ONc3k0++QDOnzWJI4N38lvRq5WSaz/dq8lQJyva894wCgYI -KoZIzj0EAwIDSAAwRQIhAKU8aWxhlJ5kiG/cqHkmfFZjY9MoweTEeSeq8ROUVYlK -AiB2nWWrkj7+KzNO4OIwNmCe8nY+JcpIMaKCK4QwhWg9uA== +IDI4MDcxODAzMTgwNTI5NjkwNTc0ODM1NzYyNTEyOTg0OTQwOTYyNzAgFw0yMzEx +MDIxNTI5NDVaGA8yMTIzMTAwOTE1Mjk0NVowgbkxCzAJBgNVBAYTAlVTMQswCQYD +VQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEaMBgGA1UECRMRMTAxIFNl +Y29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcwFQYDVQQKEw5IYXNoaUNvcnAg +SW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENBIDI4MDcxODAzMTgwNTI5Njkw +NTc0ODM1NzYyNTEyOTg0OTQwOTYyNzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BO/SRymvn69yK3fYVKGSwSuRpL5VENXY9rF5p9tauz0g7J48u6+OJV/6y9blQ6Xf +2CTur3pwwegKUYDFXWZf5rOjezB5MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8E +BTADAQH/MCkGA1UdDgQiBCBGa65jF6Wwq9OmdbgJIRCYv++xHG8dRBUpwvSk0Mk1 ++jArBgNVHSMEJDAigCBGa65jF6Wwq9OmdbgJIRCYv++xHG8dRBUpwvSk0Mk1+jAK +BggqhkjOPQQDAgNIADBFAiEA1nklH0P2rsCNv/wMVKK9/07ICFTl18bpwzb7zycf +5+sCIEIfm6RK9e8WACmFGoaaeQjxwrCSMwGSDCw9FSU6BeZB -----END CERTIFICATE----- diff --git a/test/client_certs/rootca.key b/test/client_certs/rootca.key index 4493d2f01961..6bf1b2f78aa9 100644 --- a/test/client_certs/rootca.key +++ b/test/client_certs/rootca.key @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEILDGZMNL2mZRmk9LLUm+Ocp2PK31o0BtoTUZ6jqTz8lioAoGCCqGSM49 -AwEHoUQDQgAE4wstVIecTLB40vS0ujhIrF58KRdqYijsMRcZL9ZEcmPwVuA1RZ4P -VfMhqHDRirX0KwuRhunlFsCy0wQpy3XqBA== +MHcCAQEEIIH0PuHoVgBRUbkAGH/ZJ49GxWrX5fKws3z6LJJp1pw7oAoGCCqGSM49 +AwEHoUQDQgAE79JHKa+fr3Ird9hUoZLBK5GkvlUQ1dj2sXmn21q7PSDsnjy7r44l +X/rL1uVDpd/YJO6venDB6ApRgMVdZl/msw== -----END EC PRIVATE KEY----- diff --git a/test/client_certs/server.crt b/test/client_certs/server.crt index cd8a64a1b0b4..c7090b0a8ccc 100644 --- a/test/client_certs/server.crt +++ b/test/client_certs/server.crt @@ -1,17 +1,17 @@ -----BEGIN CERTIFICATE----- -MIICxTCCAmqgAwIBAgIQQEFFmUhO6yA+4ScqpYgqoTAKBggqhkjOPQQDAjCBuTEL -MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv -MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV -BgNVBAoTDkhhc2hpQ29ycCBJbmMuMUAwPgYDVQQDEzdDb25zdWwgQWdlbnQgQ0Eg -MzI0NTYxNDUyNjQ2NDU0MDY2Mjk1MzU5NzAzNzcxNTM4MDY2MTQ1MB4XDTIyMTEw -MTE1MTczNVoXDTIzMTEwMTE1MTczNVowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j -b25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATC3nIFymQYpIn4uBxLQS6p -1W3Y2pdhIYwVT9FOrCN5PE14YESYEkPdGuebSSPf7Lblgv9mGywjpYzgDPgk/kPw -o4HvMIHsMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB -BQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgbvG1NZYTXB5wRZNGjgs+hgfT -1j+klGellDDkmXIZRpMwKwYDVR0jBCQwIoAg5ONc3k0++QDOnzWJI4N38lvRq5WS -az/dq8lQJyva894wVQYDVR0RBE4wTIILY29uc3VsLnRlc3SCGXNlcnZlcjAuc2Vy -dmVyLmRjMS5jb25zdWyCEXNlcnZlci5kYzEuY29uc3Vsgglsb2NhbGhvc3SHBH8A -AAEwCgYIKoZIzj0EAwIDSQAwRgIhAIKx/BNuRx1STi9mupvpCFsl6vvTo6eKyvXk -YlMvo3X+AiEA6YTlNvH5+cWaJQORpX+ZI1Eogkl1h0oWNL4+D0lofIo= +MIICxjCCAm2gAwIBAgIRAP6e14CosD1ulIkguwrpihowCgYIKoZIzj0EAwIwgbkx +CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj +bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw +FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB +IDI4MDcxODAzMTgwNTI5NjkwNTc0ODM1NzYyNTEyOTg0OTQwOTYyNzAgFw0yMzEx +MDIxNTI5NDVaGA8yMTIzMTAwOTE1Mjk0NVowHDEaMBgGA1UEAxMRc2VydmVyLmRj +MS5jb25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASIWF+56PgVeoqO3GW2 +j2jl1OfPyswZFvNqbthQso3nfVdmc1s+w7A9YXJYNWU1s7OTNjfYItWXs5t8OUK0 +vfqDo4HvMIHsMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI +KwYBBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgMO523nDhmf6DDJFSO9ly ++Y5UcgW1TKqCTt+yJkPWG2EwKwYDVR0jBCQwIoAgRmuuYxelsKvTpnW4CSEQmL/v +sRxvHUQVKcL0pNDJNfowVQYDVR0RBE4wTIILY29uc3VsLnRlc3SCGXNlcnZlcjAu +c2VydmVyLmRjMS5jb25zdWyCEXNlcnZlci5kYzEuY29uc3Vsgglsb2NhbGhvc3SH +BH8AAAEwCgYIKoZIzj0EAwIDRwAwRAIgRxmCHvcCJ0FoA/uelR2dNAasXkZa0pZr +bfCWeAUVf5QCIA587F7IqokthpSlbI3W9R3NyES2fffpjUtmxdrQ7cJS -----END CERTIFICATE----- diff --git a/test/client_certs/server.key b/test/client_certs/server.key index 9ef60bc14ebf..fcce44af0a38 100644 --- a/test/client_certs/server.key +++ b/test/client_certs/server.key @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIM+Rps/EV1QvlRwMo5IT9HMqWVe1LR5vfeernws0pwo8oAoGCCqGSM49 -AwEHoUQDQgAEwt5yBcpkGKSJ+LgcS0EuqdVt2NqXYSGMFU/RTqwjeTxNeGBEmBJD -3Rrnm0kj3+y25YL/ZhssI6WM4Az4JP5D8A== +MHcCAQEEIDFaDmSkx6Pnn7mQJAsAjl1XIg4YhHgUW2yclB9QoWI5oAoGCCqGSM49 +AwEHoUQDQgAEiFhfuej4FXqKjtxlto9o5dTnz8rMGRbzam7YULKN531XZnNbPsOw +PWFyWDVlNbOzkzY32CLVl7ObfDlCtL36gw== -----END EC PRIVATE KEY----- diff --git a/test/hostname/Alice.crt b/test/hostname/Alice.crt index c9ce912a6df1..f74838b1d6b5 100644 --- a/test/hostname/Alice.crt +++ b/test/hostname/Alice.crt @@ -1,23 +1,24 @@ -----BEGIN CERTIFICATE----- -MIID0zCCArugAwIBAgIBMjANBgkqhkiG9w0BAQ0FADCBmTELMAkGA1UEBhMCVVMx -EzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC0xvcyBBbmdlbGVzMRkwFwYD -VQQKExBIYWhpQ29ycCBUZXN0IENBMQ0wCwYDVQQLEwRUZXN0MREwDwYDVQQDEwhD -ZXJ0QXV0aDEiMCAGCSqGSIb3DQEJARYTamFtZXNAaGFzaGljb3JwLmNvbTAgFw0y -MjExMDExNTE2MzhaGA8yMTIyMTAwODE1MTYzOFowgYMxDjAMBgNVBAMMBUFsaWNl -MRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzEpMCcGCSqGSIb3DQEJ -ARYaZG8tbm90LXJlcGx5QGhhc2hpY29ycC5jb20xEjAQBgNVBAoMCUVuZCBQb2lu -dDEQMA4GA1UECwwHVGVzdGluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAKOBOrkFZB7absO9wimOh36sbVtwBkKyNjM86cG07U8QIAHm4WrBBEy1VVme -N6DOV0gSgU70ZufAAx7uFxp5wlf6z1uaVHYT8y7DAFwL3cUqphchR8C+pTPgOikA -3ymDyt6jqUGnnsbcv7/ml/gr8sxTqFIFyxnfevw1JjeyOwnXDwg6DYsL3co+xTNT -igwhP+QGUEsCYuoOZ+jXDbpKLrXsxycjkC7oODuW5Vq4Tv3pZQ3ZFqlbLOg9qYto -xRz15rcY9lBHoZog+dH8Yc29COxe60J6pky6N+pE8/f+NVGRGqa/3W4qunrpNYCj -a4HmrplcnjOne2lWL5qsisGfo00CAwEAAaM4MDYwCQYDVR0TBAIwADALBgNVHQ8E -BAMCBeAwHAYDVR0RBBUwE4IRc2VydmVyLmRjMS5jb25zdWwwDQYJKoZIhvcNAQEN -BQADggEBAJukWnrR9B/oJycWlVI9EV7XEwpsFsCEjpHGNM9ow7pgDUUWXL48IZbe -FtvpwFV86hQmvChdmigPy+DaM/EuXwcxQBJhTHh0qUuQZKdH1erUHtIF8XDVGhLF -VuCKD/Qb+2b/f/UcqrYXHhpov+FGnUB3NGUyRVlUVcxvq9wrtFtuNc/8521P6+L7 -HxI38L7tnltailYW/kuEmLw7mE3U+V7APVkhi4xA2yHK0g+dZcA9m34yezS/WeSI -Yht8DDadWLp8Cf/5RrgaLz66Ik+V3nuDEy4HEFW2anztcsVVz7CP73NOYV4mHcJU -synhHnqDSq1wWY94G9/UFmKAETzHU9I= +MIIECTCCAvGgAwIBAgIBOjANBgkqhkiG9w0BAQ0FADCBjzELMAkGA1UEBhMCVVMx +CzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1TYW4gRnJhbnNpc2NvMRcwFQYDVQQKDA5I +YXNoaUNvcnAgVGVzdDENMAsGA1UECwwEVGVzdDERMA8GA1UEAwwIQ2VydEF1dGgx +IDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMCAXDTIzMTEwMjE2MDcx +N1oYDzIxMjMxMDA5MTYwNzE3WjCBgzEOMAwGA1UEAwwFQWxpY2UxEzARBgNVBAgM +CkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMSkwJwYJKoZIhvcNAQkBFhpkby1ub3Qt +cmVwbHlAaGFzaGljb3JwLmNvbTESMBAGA1UECgwJRW5kIFBvaW50MRAwDgYDVQQL +DAdUZXN0aW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzjZrePTR +TuVQ7N7SbeHc0OUEDKezY/PZHTlDw7MK5p/1EICbWCL0IWq51t1N+F2NKN/Wi3Xv +PgTbdsJ5LIaTCZpKqgPzFrq5edYnbAVneaobPR5V8Fwxv+qn2QuNFULUq5SRliWy +sDqm3o5CMH+5K9ejOcFnQ/6+BVFGU0SiLISBHRm7aKjFPDQ6jkv9fTopvwmRNwrf +hjueMg5QD/JtlPRArBulwFaBCmB6/sIdO2Dw+5BzAuOKcGe+McMu0tX+whlx2Rgm +3cuNlTDGRsFdWQ3GNCYbk8xgw76l9bKOF9nE/vCesjzY4uMzfTmBwHsuVgCWzQnk +3L7h/dSkUwsZPwIDAQABo3gwdjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAcBgNV +HREEFTATghFzZXJ2ZXIuZGMxLmNvbnN1bDAdBgNVHQ4EFgQUaFqSFmBGU9+H8pdc +BkGCU2swEhIwHwYDVR0jBBgwFoAUITcAt4ctta2/yGsSFfNF/QmXkkYwDQYJKoZI +hvcNAQENBQADggEBANHHnsC/Gi9yAKp1AyWPLmqztdkn0ES9n1cDL0m3khpbxyW4 +/KnnjhncUNHu5Ozo1F8nV4sRnNZ+v3tbA4uWp/8ZUHz3F7epBfINBIvUGM4pQmAJ +nmTIs8nvLzqNt8hUy6hoOIQIzqljf/dscfZ9lT7mdxVWenLfsTJL0rOCJV+w8WAQ +LtIs86sxZca3tr7JnzX9D2KTVGJVPLTungYy3pdZfVhPdQfqCVnf0lG3KSiMBk62 +8tZC61KThJLyj7HTtT9QkTJGcZcfFJuLh+72aPoWVazWnSlid971zgTzj5NfNMPX +HdUvj9jEd4JhgcLvIeZEKFmu3wA5uxT8vTC5YwY= -----END CERTIFICATE----- diff --git a/test/hostname/Alice.key b/test/hostname/Alice.key index 466daaf56982..190977331081 100644 --- a/test/hostname/Alice.key +++ b/test/hostname/Alice.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCjgTq5BWQe2m7D -vcIpjod+rG1bcAZCsjYzPOnBtO1PECAB5uFqwQRMtVVZnjegzldIEoFO9GbnwAMe -7hcaecJX+s9bmlR2E/MuwwBcC93FKqYXIUfAvqUz4DopAN8pg8reo6lBp57G3L+/ -5pf4K/LMU6hSBcsZ33r8NSY3sjsJ1w8IOg2LC93KPsUzU4oMIT/kBlBLAmLqDmfo -1w26Si617McnI5Au6Dg7luVauE796WUN2RapWyzoPamLaMUc9ea3GPZQR6GaIPnR -/GHNvQjsXutCeqZMujfqRPP3/jVRkRqmv91uKrp66TWAo2uB5q6ZXJ4zp3tpVi+a -rIrBn6NNAgMBAAECggEAamKhZNWfKXwS6gXEGeoFO2TR2tbvG+J85aXSqxkf93uU -d+hT73QbahXqrN8HbvgTTm/L9yWK92u2HB/qpG1pCHnHBeFK53Ffn6N9zmZiK/Hu -E8qxtzXUpAZXkWphyc9Y5rgyXufDpbzofuJ5Kx7dYhlkwcnHNtR0Xznt3ft38pQT -gZGA7wDY+ups2May8zGESXd96BOcYRF6PnMEiFDTuzcoSNKEhcuP0ftOvmvO/Vph -Nel0phPT0Le57njjw5wQOJBou0WkxC9GJ/UfOaDfwCC058W1yDKSTSZeZbAoGvjX -Hg9U1DAlfVHv8P0pcquoJbfB1W3+ev5nundM47qO+QKBgQDRduMGkBJ8aji5SOMj -h6xCQEDosSVl6A9Y8H6q5yro0Eu+oD2BdOTdcYGa5Y+lasi0K9uyOuzLnkaF91YB -7+aqSG2CipiQxnOXR1/pWsFD+eGNf2npybbhbi6ik6lqzDm27qAfYJjyrThJWZbE -QihuRgHKwv+Dsa2H2Iqacn+QvwKBgQDH1G29y4YmXMX3iGSiowYcG4Fy/HeWQqR+ -huuMmdEenCpMtujb7GG4MbJA1GgWK6fZhkbcAuTmtPAffq8adqauPgmv21qoHYgg -Fm+2qiSMctRELBxEBc1ym00bu4jISvU7dF26mQ9sTUGcTQI9nOkQKFKOTAYjfSG0 -d+xqZshC8wKBgHzej9aQusR6mlgykF3U+qcAIPHW8QGARu3xaMG/T4A89HqukhwD -sJAmo2nQ4kJtlzp5Tt5AbHuyXj5sxVQgTPVEeiwxLWRZOf18Kjw1wzMf2wt8Yoph -mulmwtxehMfK+bkJJmGuN1+sTfrEMrHK8slSaK0UdDhxCo8KUw5hpZSHAoGAXkXD -eBS6NwLxijPYdjm+uifnzB17NXI/NEnmejBezbgS5JouBQLhnwoi9B7A9CSoTSDh -8Q2Ue5rE5bbYWP286Nrvqv0rKcC05Z5wGZbvIytRJNBCjXzHTdgiaoDwqL1kMCZX -yZ5H/mn8GAbklbie4zaCrAsFolx4ODGTYScYNy0CgYBCFxcTBRCqhQd1Hzp6NNIf -Iqzh21FH+uGfG8LtvYE33IUFasUmdcPKq2ZlItfLrG+bOsxXqsKAwKH+Y/XtX/RA -zySeMr1aIBWRowlNZ3CihnYgJ14IZi2JrvVPfY5UIyWYUm6ykEWOANAICTYMXtKL -hIvXoK+Yj5Kq5ZZIp5cITA== +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDONmt49NFO5VDs +3tJt4dzQ5QQMp7Nj89kdOUPDswrmn/UQgJtYIvQharnW3U34XY0o39aLde8+BNt2 +wnkshpMJmkqqA/MWurl51idsBWd5qhs9HlXwXDG/6qfZC40VQtSrlJGWJbKwOqbe +jkIwf7kr16M5wWdD/r4FUUZTRKIshIEdGbtoqMU8NDqOS/19Oim/CZE3Ct+GO54y +DlAP8m2U9ECsG6XAVoEKYHr+wh07YPD7kHMC44pwZ74xwy7S1f7CGXHZGCbdy42V +MMZGwV1ZDcY0JhuTzGDDvqX1so4X2cT+8J6yPNji4zN9OYHAey5WAJbNCeTcvuH9 +1KRTCxk/AgMBAAECggEAKyRJgcm+TII/Vv8bCTAasX1oRnmDV2L5xlpnqfa4Th2i ++KvfVCYj6yXX8XLlUBPKZ4XE7fJjdhcwDv2Kul0BQB4OhtlCrzureCjsoHXU+ygy +gKvrENlI8zzVltwKzSrpMWhouP/0DViH9sHOaTUfeWOo23lx8FDIUnZ5fww53ZQO +8QASgcyMeb2mBZZiwG4m8U4iPW1B1sAMOJKeq8pLWX+bLL7JGt6FH2/fUg54Rctt +0S/KYBl6coFMNO9hxateTkUhz8DSPH2mhx5TiNbwnsI2nE7r8IUv8kh7qPxKREbA +WW0Qoie/3vVjn8qYffrFj2kUDhVrQp1yPnQO+CigoQKBgQDv1hEzLeacrHzxDJwZ +5yj5qT2wUIqCuggpBK514cGrTu99t90s8pR2M5fjhqFfIul0fWKkpBjrdT4bsZdk +JQfncEr2Y7JC8Nl835Y//vOLisISZwOzJlRRP+rpgUVBZ1bSziZF3tT1iGlzJDUg +zuvtLfvvXzWIHWfBWf5xv1570QKBgQDcHD0jUH2Xx6vKRuvfgCrtqdHcnT7I1Cgz +FqeVDV4D3nzqmuJ7YwWmk2ZGI5uJWDv4TvLB6y65t+7AWfpDPM3/ig32bcl7ffdn +pYMGJ/ExWgicLC3i082aYdGlYx6m6qJp9m90auo7GDT0vE5d+5mIQKu7vX2Nwi8P +1nxhqVJYDwKBgFDGD9TkyJ5LmWi1jn1K1QoAbb5L4dpVPRpTcU5SUh+X3iDBI8RX +jpigl68RUJfx8h5BfE9m1N24Bsrc7NfVgOv5bcW9nfPdmeHsi3XSL8P3X5VDDIPx +jMQwerVZzDFS1HL66vjtK1vmLV2R/DKofdzLd+YOcsD85kzAOmmkwfWBAoGAOiWX +nRmpZAxSfKhJrYxtSsWe9BnyORma2Qw2DzEt0fXXqB5skE3zczLjRMopT5oolYs9 +pC7d9B/8CYJ7k4Gfpc8xqxULsfzv+8iEmX65v+DZ/2/IW3C6kvseaAOMWGoJp9Z7 +URThdeUKMFECnt9ViuISvBDt9yICTrvJtf8GCs8CgYEAije1UlRA498ZpzuGrlYs +xiPwasPxm82Dje5FzaNBmRUBD7/fkONsNIga9UdayKv+Mw/1L/f9oPOvaMkoiatQ +pD9XZt3vEjuEV6hoFMcb+aY+X0OOlUyTFg3MwtjpD8xYBCL9YWWsRp02OFeveUUl +N/P3yG9zG16Xk994XoAxOXQ= -----END PRIVATE KEY----- diff --git a/test/hostname/Betty.crt b/test/hostname/Betty.crt index 3fbeb5fe8b21..592ce1a5a231 100644 --- a/test/hostname/Betty.crt +++ b/test/hostname/Betty.crt @@ -1,23 +1,25 @@ -----BEGIN CERTIFICATE----- -MIID7DCCAtSgAwIBAgIBNDANBgkqhkiG9w0BAQ0FADCBmTELMAkGA1UEBhMCVVMx -EzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC0xvcyBBbmdlbGVzMRkwFwYD -VQQKExBIYWhpQ29ycCBUZXN0IENBMQ0wCwYDVQQLEwRUZXN0MREwDwYDVQQDEwhD -ZXJ0QXV0aDEiMCAGCSqGSIb3DQEJARYTamFtZXNAaGFzaGljb3JwLmNvbTAgFw0y -MjExMDExNTE2MzhaGA8yMTIyMTAwODE1MTYzOFowgYMxDjAMBgNVBAMMBUJldHR5 -MRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzEpMCcGCSqGSIb3DQEJ -ARYaZG8tbm90LXJlcGx5QGhhc2hpY29ycC5jb20xEjAQBgNVBAoMCUVuZCBQb2lu -dDEQMA4GA1UECwwHVGVzdGluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAKQlj8NuFi8jBF3NrU1bUopIfCnJJBVUrITAa4H+m3NiipWh4QZirQctKrf0 -vaG2sZ8UJprESsYhWDyZ/6+U196b1y6KVEU9bvfXbaGEZTKsjnNrKIU90JbBbZvw -3eH1J8bMPkvkzkPrhMn7uO+ng04lorVkQ8tk6i8fzSpYFX8mxeWz0yz6KK1C8Bre -RGtBe2kcMWwCzEdCabE1BwwPLf7wn2vfePdbyc4gxS4OzQcKFRJEb1R9E+l0Gmvx -sJxK/RggPCNeHvD/ypWm69ssddLvdJ76Ut9jUAVKlQLxBb8anHm2w+ybPXlrDfnU -37Bi6QjsgNwH+EUhvjgowc9PLPUCAwEAAaNRME8wCQYDVR0TBAIwADALBgNVHQ8E -BAMCBeAwNQYDVR0RBC4wLIIRc2VydmVyLmRjMi5jb25zdWyCF2JldHR5LnNlcnZl -ci5kYzIuY29uc3VsMA0GCSqGSIb3DQEBDQUAA4IBAQC+qTIIkbk+ekiAnijKw9ae -VdLoMgFoGTUpf/RnNjcHvHlITprQoobdHMmOKV3EXT9zFaUjNOcrUXq7Z5LQozc2 -wHhh5M3FWg2BHQqosePZx+8o5aPJgmbr3upOB9xWQtcEeTh2q+ozA6ZqjVvHQXH9 -k4VOSls0Hzv+SwOsVIul/AKm7gXlr097YxvKhaQNoYdo21eyM6Kk5t6iwYq7u+II -DcvWvMNX4p99bOPv8RfbnnKeLF85i00evZ0VW80TBGJtcBXnEIviuL6lQzZ3H1rt -zr8psCb+iOitfgh0Sv7Zk+zKGlbPc050RGYTjwNcgxnsPoPzm3hPJXZ81erq6w8O +MIIEJDCCAwygAwIBAgIBPDANBgkqhkiG9w0BAQ0FADCBjzELMAkGA1UEBhMCVVMx +CzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1TYW4gRnJhbnNpc2NvMRcwFQYDVQQKDA5I +YXNoaUNvcnAgVGVzdDENMAsGA1UECwwEVGVzdDERMA8GA1UEAwwIQ2VydEF1dGgx +IDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMCAXDTIzMTEwMjE2MDcx +N1oYDzIxMjMxMDA5MTYwNzE3WjCBgzEOMAwGA1UEAwwFQmV0dHkxEzARBgNVBAgM +CkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMSkwJwYJKoZIhvcNAQkBFhpkby1ub3Qt +cmVwbHlAaGFzaGljb3JwLmNvbTESMBAGA1UECgwJRW5kIFBvaW50MRAwDgYDVQQL +DAdUZXN0aW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Qrs3sGo +Xz5wsPXk+lkBzibzOiFr5i40wyzlh1C/sdRhoUTUrji2zbcBAmSuHFL5BkSxF1cl +8RmCE6kM+aEl5WET9nthVUuSxqz7q/Mi04ssFROMnGn6WL67YIwiIxkOWe3DOfaj +9gw+f4Sx3AhpTHBd3qxkY/P/8umjzIyWbK4dBSYIR4X7TGHEZ7m98pPUAPLeygvy +32ybh9nkU8Cdj2kHmW5CzHEhAJ2wdcclbhbXGBbyMxpRACKqtJS5WWYlFR+C0tMg +mFHRtK311NQ7L6QR9R7NNcX73LrP1fCzPMoI0Sb88WdlI0ZrmaA+ElLFIvw/7HQp +UwfvmANmNLR1eQIDAQABo4GSMIGPMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMDUG +A1UdEQQuMCyCEXNlcnZlci5kYzIuY29uc3VsghdiZXR0eS5zZXJ2ZXIuZGMyLmNv +bnN1bDAdBgNVHQ4EFgQUfNlec2HQa3T4QQiqvRjfMumuLpkwHwYDVR0jBBgwFoAU +ITcAt4ctta2/yGsSFfNF/QmXkkYwDQYJKoZIhvcNAQENBQADggEBAFcLpLMqVMcg +QY23LX3lYRKRZs3tT4aqjyZwQ3uP+k2BY8FlzXNapEGGBLJyy51W748AxT2JzkGU +DFp3DDawyN58z1RDWnRC7cfnNFsJAFC1HKvsuljjv9YR5Fbl+vyEKb4NOd4LoGYl +DSdpfihX63g7zkDAwCquYZ2IIWwQEXg+AlJ1hLj5YI4J9+OEJG5zun4F+LD921iI +cNO9RA9wKb7939eDsjKvU5rcdYb1edq5p/q5l+qw5DhyuN+kLFWhZjEmoTSRjy/4 +PwLOqNDOtLI4gpHdTzhjrnzq4lstRxv3pc4G1f0bFPcXzzD2snlg23tR9KP1NTmt +nlFALloJ0iE= -----END CERTIFICATE----- diff --git a/test/hostname/Betty.key b/test/hostname/Betty.key index d97e32c84825..53896e41b2ef 100644 --- a/test/hostname/Betty.key +++ b/test/hostname/Betty.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCkJY/DbhYvIwRd -za1NW1KKSHwpySQVVKyEwGuB/ptzYoqVoeEGYq0HLSq39L2htrGfFCaaxErGIVg8 -mf+vlNfem9cuilRFPW73122hhGUyrI5zayiFPdCWwW2b8N3h9SfGzD5L5M5D64TJ -+7jvp4NOJaK1ZEPLZOovH80qWBV/JsXls9Ms+iitQvAa3kRrQXtpHDFsAsxHQmmx -NQcMDy3+8J9r33j3W8nOIMUuDs0HChUSRG9UfRPpdBpr8bCcSv0YIDwjXh7w/8qV -puvbLHXS73Se+lLfY1AFSpUC8QW/Gpx5tsPsmz15aw351N+wYukI7IDcB/hFIb44 -KMHPTyz1AgMBAAECggEAAKOAxrLj9TT+rFrDhNyJGq6jhQoaUNbugOm6wVu7QRyu -C10A4iR6JeAAHY0fO8TZNhQ+/jUrUVAJ5tp2izlaCayzjqPNJiPSDbbR32IDfsn7 -F+nf03zlFeEUyxmJ03o/uF9NEsCGKO9+qcaH9q7BLQmqc2g7d0wiOSK3iqWjF8aO -QCvjtbmdZasefRD42ouhVkWBKcuEy2ATqV4l8M1Ne/iVDhExVTCshYjpqPDoBNwm -19H0k+VRoUFVQNG1t7W31E/R5Oo2p6Xu3heevqVwb/2cX1c1RDJnDEZZH1/LimN1 -qDvcl8YxEhqlMjYmraeob8aTbOaByNfGK5kS9cQnwQKBgQDOx5Avo4mG2F779YSV -oVpabAfbl9t+4hsZosIoHRgUMp5uRnxyV11qoXw61Wq08aRAjUJvXeJDP/9nceSg -4Zptlm7BOnHrL1ksho+Dx7T0qNBTiiXWe24gx5RHOyYm4LrtHujXM46nxuWG+qRU -MX19GBHyrnb91zoEcmXR7eK3JQKBgQDLOBm4AJSmkRwEBcQtxGW9svLE9psqXUBf -rEFee0Ueiv/YJiRhmPWgOED06KMhWn858aI6VxXFCt+bu9hRkRdsVuB1Jw7EdcQ3 -oi2oD0Q4c1wBASw4uJ6Z+w5AARlDE5TY0sEMNcBxQl4Sr4f/JDSjuaAgRbp0jnlH -9LNRa9ldkQKBgQC9b4Zgnmn353HdUmhMzK2B+UaZnt2vuGUrbziAl2bf2h/a1yhb -eD5U2ex92dcQPfBEUyVx8YjAI3lQw764xPY9P3vn+iszUwVXDU+dYvAc1CtG3WEc -xad20GC/gSjKpUeaxJ57yPgALO9KYYT6vPxCBjMrKTpKA0tbl5JAaLczIQKBgQDC -MuZA9C0Zz+nZ3jjPE7O2SF++4Xr+TQbLZq1BQMOYoHRFdo2lxqpTZe6NHBNoODcE -hGjnH3lqRy3QgP4DVIfxvEPbMGvoSjIsiArhY1VqLLNrMle0DJljxIqll2cwtnGz -khNxO5yfnzCO4rcvlsXHAAiJTpkT8WLs5GbIFCwwQQKBgDscsFXLFX2BCB1ouscx -yL4CE10d3NM3adODHgRWZ08YxbxG4iwX+NdfKV//tHBsyGzkDAKdWfw7m5ADf900 -l7+Re3rwEbhFKm5Adlj/BYydyrEbFJWE7cwejugJLX7+v0XsiqrnNSt3hGdGbgrN -sRMcxtzUUP89jbpLrYwg5rKX +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDZCuzewahfPnCw +9eT6WQHOJvM6IWvmLjTDLOWHUL+x1GGhRNSuOLbNtwECZK4cUvkGRLEXVyXxGYIT +qQz5oSXlYRP2e2FVS5LGrPur8yLTiywVE4ycafpYvrtgjCIjGQ5Z7cM59qP2DD5/ +hLHcCGlMcF3erGRj8//y6aPMjJZsrh0FJghHhftMYcRnub3yk9QA8t7KC/LfbJuH +2eRTwJ2PaQeZbkLMcSEAnbB1xyVuFtcYFvIzGlEAIqq0lLlZZiUVH4LS0yCYUdG0 +rfXU1DsvpBH1Hs01xfvcus/V8LM8ygjRJvzxZ2UjRmuZoD4SUsUi/D/sdClTB++Y +A2Y0tHV5AgMBAAECggEAAtN27MTuFvoOfZS2ETcXeZey6GQxriLr4kleCQ+uxKH/ +ThpCAAK9CUYDaASSP8wqHJVzDjAUTmSxTOWRRa7TeikexBbXLZp4+XKcfvYA02r8 +fUnD4EWA/PwpdG20BBZPbtxUWReHtaxzI+CWcEcBF/2z5d0DcZ8RC23/Xqp19Z7z +SP7fUT2lkh73kzJxnprjTK388n1ShKpfpSSNlnMEnqLXIsJ3342fBePu6odfATD0 +bg4M0NrMeuq3zkPeMe4vyqme4kihPwWvzdXevznV0YOKf7Xy0UHzOUJ9wehBT2rc +L66tp4dXLicEeJyx8vCgOt7UDCZ5YVXH+kUqOXLgAQKBgQDsE7rtZhGdpydxmFjD +c1lc6hC6yNnArYv278eOmRqHe+Cqco0TlEQ7LA2tKUzpP283wznL1HRUZFztsaxp +X4DXWAAvjkWfstn+1HFtpmRMnSJP+PFMJ9UrKeZW5UMUqwGo3qKTitt7VBw2s6TP +DAHdrkYgp44CFViNI4yKXV8sxQKBgQDrW/iccl2FtxEDwsXu+3nk0bJz3IPkzGjz +I5y3OneQx7HVEmX+nO1TLUaSKP3Gad3voOt9GSn8fmm4t2fGPJTJe+YPskxxzPz5 +0bv1DXZrKuYnaNfyF7Xe74P3nt/aqu5+YnU18D+AKU44NaHdiL5aaDGlk1exsryX +PVJPdQDZJQKBgH+CsKZlSQKENHPQu7Dl7tCWxG5+6c5+bmj0Xi8RVxjyugiWUsjO +foQPaVusQRSC5MmTsvX7TNIAW4kvPFa19Ntbds445DY73i8cBCAbjXUsMkpLxdlC +cosb2IP61N6m9wCFL/7NM3tLlOme4lfKvn9EEDC3D6bkbK3fE5vwjuWZAoGAFrQu +jVjy8J0yRPya/2y+23XnEwoopv+Y+CttSLeZJRw+aWF2+VLGCgoKDrtpj6RSxnTt +gonU5QiExk7a8eKSL8WF8emvOiMeHDNBQGhmDfx7az3P5wimgLT2NALdcUif7Q0u +ZV+hoIlbhEyYKriwNCRs9Z37DadCTgyaThPpWwkCgYBxQ59hMALw+HDVmxwl/kgA +ETxq4RHwenbGiq8edsaFsnhEd7IPzsaWLrtHZev3Isn42hRATuf1D0+lsYkOIfmW ++xfoE7AepT9sHgjENHO1PfUowt6gENAzGL1jFx2Q6BKShEmGrs1R4A9r/f1jP7uI +ILk7XSEVQIalAmjW7INPSg== -----END PRIVATE KEY----- diff --git a/test/hostname/Bob.crt b/test/hostname/Bob.crt index 5f96a5dbee59..fdf8a3a994b6 100644 --- a/test/hostname/Bob.crt +++ b/test/hostname/Bob.crt @@ -1,23 +1,25 @@ -----BEGIN CERTIFICATE----- -MIID6DCCAtCgAwIBAgIBMzANBgkqhkiG9w0BAQ0FADCBmTELMAkGA1UEBhMCVVMx -EzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC0xvcyBBbmdlbGVzMRkwFwYD -VQQKExBIYWhpQ29ycCBUZXN0IENBMQ0wCwYDVQQLEwRUZXN0MREwDwYDVQQDEwhD -ZXJ0QXV0aDEiMCAGCSqGSIb3DQEJARYTamFtZXNAaGFzaGljb3JwLmNvbTAgFw0y -MjExMDExNTE2MzhaGA8yMTIyMTAwODE1MTYzOFowgYExDDAKBgNVBAMMA0JvYjET -MBEGA1UECAwKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMxKTAnBgkqhkiG9w0BCQEW -GmRvLW5vdC1yZXBseUBoYXNoaWNvcnAuY29tMRIwEAYDVQQKDAlFbmQgUG9pbnQx -EDAOBgNVBAsMB1Rlc3RpbmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB -AQC34ozQD0NWzSZMzapl2NFpOZaYNcO14xEClUZsr+w6MwShUDtfumEc6IHFl/FG -WHVgVluhDlC/OhDBIYAojzHCqE5q76sQyzjvoPP9KDB1lPBFOh1CELwj7vLsbjXn -LTw8bnrPQ8pA7va5d9T1BtAWIiu6IA//YCwhJCKCgUbUascdBWtoH7jgFsYhDC9p -Bca3ix/Tm2gbdfu3sbAaDGLDUnh63oWg/wXJcaMbusXuVyifPencBxdJALf1UX8A -ohV7xqcrLPRvkMX4eR0LSSuSZbk/iiwNGy8T9mrr1Iq2LUorobWzISJEPkMOIgDD -Up43o7kgV3A6RLsGERY1cZzPAgMBAAGjTzBNMAkGA1UdEwQCMAAwCwYDVR0PBAQD -AgXgMDMGA1UdEQQsMCqCEXNlcnZlci5kYzEuY29uc3VsghVib2Iuc2VydmVyLmRj -MS5jb25zdWwwDQYJKoZIhvcNAQENBQADggEBAJvwWyA2Eg/B8Um0dAIjaibW4/Mi -2Zh4SOFqUlD7waDqqR6Nx0k4iUuOOUULGNxQI1TKcrnqYBuGJjXkpQ30GnSD014c -5n3X4ebZ1spX/3dn994vEx1anfF7xxERqIvmeKFJmJMS2zIAzvrcQ9bBEuICMdf5 -Iz/Z2h4CPYXmm8Lt7TwqamO+CuU5ekScSLSn2AAomYIuYQZ4KfqeocFeOuo7bWtN -BcWcRwE1FXrhVj1reNXLwkSQAjnhTOGnepy9StntlHHtEMkX1WF9CqwQg7rgvJ1H -pOV9ijfSDrbQqEKTQ+4alGPi3Hk2Agzgv1Hxc3qTmTdmoNweviktvlL58dQ= +MIIEIDCCAwigAwIBAgIBOzANBgkqhkiG9w0BAQ0FADCBjzELMAkGA1UEBhMCVVMx +CzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1TYW4gRnJhbnNpc2NvMRcwFQYDVQQKDA5I +YXNoaUNvcnAgVGVzdDENMAsGA1UECwwEVGVzdDERMA8GA1UEAwwIQ2VydEF1dGgx +IDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMCAXDTIzMTEwMjE2MDcx +N1oYDzIxMjMxMDA5MTYwNzE3WjCBgTEMMAoGA1UEAwwDQm9iMRMwEQYDVQQIDApD +YWxpZm9ybmlhMQswCQYDVQQGEwJVUzEpMCcGCSqGSIb3DQEJARYaZG8tbm90LXJl +cGx5QGhhc2hpY29ycC5jb20xEjAQBgNVBAoMCUVuZCBQb2ludDEQMA4GA1UECwwH +VGVzdGluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPfUJGiCFYYG +uDuhJw16HD0SMvL4FmWY/8GpRWsMceWyIzHpYtj7YYe7uSHTQPfLXUG0IjWMsGDd +CAo1VYfUlCzISZFcHKlOhdKESVzt27qzBLOM6oJFoarXYslZtKRljGauNHzC5oL3 +WpCnhJ/BOCzRoN7JXuP8zY8eFDCL+DhgWVBNAWfg3UKhv0pmCMSMLbw2UWhVw7Us +nfXRrsuQENyj3gbdssuwjWvYrEjMdUzeFp6ci3sfiyKKBxTF7yY3M/XWYF3+qecQ +IvkMbaojg5EuxY4Qrh0MP7yP1GLzT6Z0iGrGw/lkWyh7RGsRJ2yhhjeL7oQUIv71 +6EJ5XwS4aMsCAwEAAaOBkDCBjTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAzBgNV +HREELDAqghFzZXJ2ZXIuZGMxLmNvbnN1bIIVYm9iLnNlcnZlci5kYzEuY29uc3Vs +MB0GA1UdDgQWBBR5+mEpMR96/uIp6VKldIgn0XLrhjAfBgNVHSMEGDAWgBQhNwC3 +hy21rb/IaxIV80X9CZeSRjANBgkqhkiG9w0BAQ0FAAOCAQEAf/ChdsjyyA0qFguI +kyg+UucyJeRYgbn1QmGvT/Cw7Vwc0Cjdt6foOGZ8eUHprwiBIFJn/6uDR7VC7/Sl +tS+LXW12QYfEsiSNwXuPquZ0yB52bQB7epLZSvm+1mmgV3aj0AxTQwyEoYxCKAlE +UjuwZgkr0uduEm/xuUdkMqqO1YxiVyrjOd0lYo9qZjiRGNvq1VV/4DiBimzbWV7Q +Zwv6lCVYwbNUJ7K7y6ZADcQ0t1vrusowO4a5rQzH+C3YtgtwPsR/gj+rsBerJk0c +bso1DDsupqE7wEGRMohcUyOO7uSCHQksIF5Ej36dIKXHbiRrzMGs3LVOcdYUkqx/ +9Hgp1w== -----END CERTIFICATE----- diff --git a/test/hostname/Bob.key b/test/hostname/Bob.key index 32cd0c96d561..0c31ea1834a1 100644 --- a/test/hostname/Bob.key +++ b/test/hostname/Bob.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC34ozQD0NWzSZM -zapl2NFpOZaYNcO14xEClUZsr+w6MwShUDtfumEc6IHFl/FGWHVgVluhDlC/OhDB -IYAojzHCqE5q76sQyzjvoPP9KDB1lPBFOh1CELwj7vLsbjXnLTw8bnrPQ8pA7va5 -d9T1BtAWIiu6IA//YCwhJCKCgUbUascdBWtoH7jgFsYhDC9pBca3ix/Tm2gbdfu3 -sbAaDGLDUnh63oWg/wXJcaMbusXuVyifPencBxdJALf1UX8AohV7xqcrLPRvkMX4 -eR0LSSuSZbk/iiwNGy8T9mrr1Iq2LUorobWzISJEPkMOIgDDUp43o7kgV3A6RLsG -ERY1cZzPAgMBAAECggEBAJOKi0FFfdpfsKNfQaGGXj/3nQVz3hxKnJNeAquiXAA2 -fziPj5Q3j0QKqlVInKa8wzERGWQYgGFuzZKotpPUkTCGqqTSuIc5B+39TseJP5iY -cFCbWG5xzwNl7jQWGdnrSbGTU6aJ1fZTxlL5+zy+wqd/s2Yb47ocCExvGeFsqNA1 -oAeCK961KfEjf4qDJHNP/DjdfdJdFCDxydtX4/1zTEfGV3TQj3P0nuwU60nkpJPT -LvNXwoxyu0EgSkMP3RUjZ6LHCB9eyeRZYZ3wBKmoudIudVsl0mS8wmg8GfhBpEGI -2vqVaS+631oSf0IIuIyEUIcQuU9l7Am4QAAn3YTyKkECgYEA48abEEQPGgNP9Ng1 -B6/VZAx2bghLMKtdeq+z1At3NrFNOtaooVnIeCQo0xAZK0D4aLsvTAJmvQ8cU0zg -qujSQc7uF82eCTJurQYKQjAx7w4Bcm18ylL1ovxQUCQzdneqv6P5po0kKn1Ba9ov -E1mWyR04mVUvy3EUajyteNnQ05UCgYEAzqupAXDxEfWtJeM20IcyuXo7kfmbgkPc -oOdsWyeXHHAGuXpriknDhzdHX+wVmLBK1YODY/42BywCe57ZcKLtyv+xcWJGtGLH -eimc/qPgV8QbpHEY4hWtPlRV+r51g54jrsXkaLOygVqMtISR276TdWS5QB6BcHFN -jnoh2BsYFdMCgYEA3Oh88XygjOETheq/G9JsClmP7s16Zxx8UAXiSdBI8bFprpwL -9lkGdYbUVUdysaGUiraoe3aEv+3M0flomDmv2gVgo5NXJ6JS9to5ztHBTBFwU9Ne -STfGZimBlwhVJRuQbccR1Hdk0RSkA38bUw/7jtgZUZTuAsiMPTDWKbROtTUCgYEA -rHLmcfJo5WCHWy7txTCa7dOFs3eBAEBZ79VLQACYAb2kjs4Mv/Zu9fv1TZ/0IVUx -DFpRn3U2ZeOeKsLQk0EQhKu4x3CGqOwnoNLqUjwx7WoQ2rUYW0ZVKcY7fB/CdNHW -2nX78jXHhFInSFW6U48BAhrKzSrnPQj9+x4D8YwiG8sCgYBs/gmj1JDEDcyptPTy -DpyAQ9KsgA68mEaQW4dOnydyzR4lxq8ujnED8WiDTrejvh1XcJquDFP/82Dg+Df+ -5XvXH885YZh/yNqI+rJ3zYkjEFZEK3eKJFeDKq3a6EDIJMSpnfdR170V+Db2T0JW -44Qe+CefzX8Mq7kg+D0YTgGOjA== +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQD31CRoghWGBrg7 +oScNehw9EjLy+BZlmP/BqUVrDHHlsiMx6WLY+2GHu7kh00D3y11BtCI1jLBg3QgK +NVWH1JQsyEmRXBypToXShElc7du6swSzjOqCRaGq12LJWbSkZYxmrjR8wuaC91qQ +p4SfwTgs0aDeyV7j/M2PHhQwi/g4YFlQTQFn4N1Cob9KZgjEjC28NlFoVcO1LJ31 +0a7LkBDco94G3bLLsI1r2KxIzHVM3haenIt7H4siigcUxe8mNzP11mBd/qnnECL5 +DG2qI4ORLsWOEK4dDD+8j9Ri80+mdIhqxsP5ZFsoe0RrESdsoYY3i+6EFCL+9ehC +eV8EuGjLAgMBAAECggEAD6o2pO54CtE46vf8PnNV/pw8YTRCQijCHc0jyKjwOBsi +82AzsdBt8UTx5kvyotcVbXZD5UufyHegLvkBD4Vl2lDMqaX/X8pJVi2rb3bPeUUg +inLhTdu15NUZdu23J98NWV4wjiRJqsSU0mjsTqbJdLfJadujpliP67h0gT8PsQxy +MNIoFbhhHDukmLjehL0a5HhH89+aZVxOuvUU9HV8lkpCnNJuajJuwnu5gv/7RUZd +EG4lZLPTEb3ao9Bnm7/4q1IHQKGC9Cpwaegde3dYYSn5vxoOp87I6wnWxi8V7g0N +bdNglwCxE9d1hOQ4qefAq3UL6FyAL6wwbo4dNfl3bQKBgQD98vjIy6JdxSYnJOKm +VuG540uJykFqvqazgl85Vi1z4Ot6AVK1UvnWKWy4bHGiZr5H1R4afPDo/a+H9hoz +SXv8Vk8/AClcL/u2+czHqNipCssQIkhRfJ1hu3P7zDgVykSxJTrUCoTzHmKBtarn +kgGQnJC2M44hxFPI26FV0eyyzwKBgQD51IRGdfZT8jw7Bk6f6UFLXV8O7F/pDFs1 +HjUw6+sPselXUSaNk9pIlWr+uTEfwqTG66fLoTFlw0dMzjTejXBiZomZB4Pw0jdF +ccJj0FvTqi4C6VabHP3S7CSp9eDyaaUDEDn/a8fjG+R08crif+jwTwSHbBdaDbaq +CArRW6oZRQKBgBmGIUE1TmV0WkhW6bzkQJ3JXZ9Ex9xtux2RvfZqVfkuoxxJI8H7 +zAaddUL4C1fSUc+weO0an7AbR1g4ARwkh6SuHBrt7jpIzFjwtIdgzh33ar99Yp1m +E/9tstOdDAoMoWjYoBgN0p0I8cettba+sw+Q3O6jMebs76rhgE664bp7AoGAX458 +paK6/DLb/MuVyS5jrhrhoAijSrVSMYgDWlnyR8eJ877zWxWhWT/lc9aLxpUhh4Bd +ZtKZ3U2K+QKqUDGTOd/0Y1bvjW4qe+JeMuVgKh6eiLiNSrkVENcH0wZb6vyjg/9x +35NvGhvyDxTowCeihkADAHVEnUo/gtuen6NK9W0CgYAyLd3mTpPUEfvb3SA2oibJ +j0Z2z4QC85UjoKa/6XKvK31hHABlYdtJLDap5WiXBSGbfZSLRa6bKioQh3a7Skyj +rWjIFdeAG2M08C+fjD7gci2bEE2zA2juaWYjGlsaQ82uKIvL0YXnYPDFFrubPRhv +Ut1e3EKg0Ys3N9ngov6A2w== -----END PRIVATE KEY----- diff --git a/test/hostname/Bonnie.crt b/test/hostname/Bonnie.crt index 4e71f5983824..287a4b93d136 100644 --- a/test/hostname/Bonnie.crt +++ b/test/hostname/Bonnie.crt @@ -1,24 +1,25 @@ -----BEGIN CERTIFICATE----- -MIID7jCCAtagAwIBAgIBNTANBgkqhkiG9w0BAQ0FADCBmTELMAkGA1UEBhMCVVMx -EzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC0xvcyBBbmdlbGVzMRkwFwYD -VQQKExBIYWhpQ29ycCBUZXN0IENBMQ0wCwYDVQQLEwRUZXN0MREwDwYDVQQDEwhD -ZXJ0QXV0aDEiMCAGCSqGSIb3DQEJARYTamFtZXNAaGFzaGljb3JwLmNvbTAgFw0y -MjExMDExNTE2MzlaGA8yMTIyMTAwODE1MTYzOVowgYQxDzANBgNVBAMMBkJvbm5p -ZTETMBEGA1UECAwKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMxKTAnBgkqhkiG9w0B -CQEWGmRvLW5vdC1yZXBseUBoYXNoaWNvcnAuY29tMRIwEAYDVQQKDAlFbmQgUG9p -bnQxEDAOBgNVBAsMB1Rlc3RpbmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQDCpPFR+nO9czgQT1VLY/uCZ1O35ighW+pCuXJNSnO8xPtesXpdpV7HfijD -2G9zza5kxC3Gvg9Lh2Hj+6R1mTxJj15vqhVdj61hQrK/qbYh2NkH35BQP+z92i8x -3qp0syzCZ+Q/0CdtawZQa4milVCGtwrsBOnETCN0Qh1AzR2mJVpB7TPE49R9BbFy -GZEWlpQ1YKJu7lYDN+YFlgI5sOcVZYI9NjT+mW+RS5Zrv0nFZFsmlYuXUN+mGXmr -0rOS0Mdl1jr06EBJTxXImyfuostb8dSAJ9E7nhv5VMYrdp0ooS3XSbOxparOkh4j -2HwWY8Sv5AKqoTPjRceN/a9n7+JFAgMBAAGjUjBQMAkGA1UdEwQCMAAwCwYDVR0P -BAQDAgXgMDYGA1UdEQQvMC2CEXNlcnZlci5kYzMuY29uc3Vsghhib25uaWUuc2Vy -dmVyLmRjMy5jb25zdWwwDQYJKoZIhvcNAQENBQADggEBABCfAENvsVaDNL88NfYF -u/C3FPjse/gIcDQYpXqTUpzbUaSZwaeV15RZEvDSu5JlFZzjW8ABaiM5+IYX3l5+ -bILkEJlVeL5VYDFAy2IymwmFXozlbAhE9kEdcubm3DCLsZtK+byP8iUCEaAu43Cr -lxny4BOsfPK+37/ojNK36DlRruUmxcuWN7Cwbg9tHCnkvZOd8e/iMY8/jPw7pzgM -TjnpahD9veEtWsTtmYpe6CiJ3JmliIeGlhlflAoVw6cw1pwgueDDiRfuFfJcsJMI -BQsSUd4DRVcgc30PgsK9cotXrCXjnFnmM7cKZUa0/JJ+8ZpoERN+6qybSZSIGns/ -tww= +MIIEJjCCAw6gAwIBAgIBPTANBgkqhkiG9w0BAQ0FADCBjzELMAkGA1UEBhMCVVMx +CzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1TYW4gRnJhbnNpc2NvMRcwFQYDVQQKDA5I +YXNoaUNvcnAgVGVzdDENMAsGA1UECwwEVGVzdDERMA8GA1UEAwwIQ2VydEF1dGgx +IDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMCAXDTIzMTEwMjE2MDcx +N1oYDzIxMjMxMDA5MTYwNzE3WjCBhDEPMA0GA1UEAwwGQm9ubmllMRMwEQYDVQQI +DApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzEpMCcGCSqGSIb3DQEJARYaZG8tbm90 +LXJlcGx5QGhhc2hpY29ycC5jb20xEjAQBgNVBAoMCUVuZCBQb2ludDEQMA4GA1UE +CwwHVGVzdGluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM8deDJn +eoCIa0P9rsOuVw9GED2wRZQZwxcWrG+JBtaLczAk1u2zjCG0g5wfQ0WqW8u3wJ3R +lT6NAcF7m/rMSOBIfja6f1vxzgo6798sp//XLKe5Z4RLO37P+94Mr22P5o3160IW +mO58jU93C72/oblV/PuToTId5cJjZbsOnRkOb6k+JzaCeXYWtieVhFINLwtxH6te +7Hv+tWts1mTEkU9xCbSRvmrWkK9AIjQWM0ioOxANLIt7Ca/LvMdw5UyYE1oxAc2X +2Wwg9EIufmGwyqBhTsKYglvP1qQ2Gsz+XPRDyD143h5yKd2QZLTRcZy8IIitbSTt +pnRNFy+GxDaMU8cCAwEAAaOBkzCBkDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DA2 +BgNVHREELzAtghFzZXJ2ZXIuZGMzLmNvbnN1bIIYYm9ubmllLnNlcnZlci5kYzMu +Y29uc3VsMB0GA1UdDgQWBBSWnibIDeJaLeIg8k1QKK1f/qtzUjAfBgNVHSMEGDAW +gBQhNwC3hy21rb/IaxIV80X9CZeSRjANBgkqhkiG9w0BAQ0FAAOCAQEA2CpX5bIl +qXXMsDGwoSvJiDRHYzVYIykyo56M8JpIJKca3xLDvb+FlgKKfHBKng5QCnqrSEaf +B1/1X+bRJBEr5ILmgQB76hCBPqnMDv835DoTkHEYHXqk9sdVjeXoTvMjPHeG+L27 +aL1zz3VAllsQp0aNr7UVDGh3Sny6Lez4G8DRo46zuZnOMgrIPVchfNetP4EkEt0s ++x8aEzbuSnBTw7kWXVBnrj0MMR6pKir/RQz+1YRCMog/FiSo18KgOoTyHSlInT64 +ym4G/NHbXycjxIDWz+wShdFq4BV4dbMtVZqx7InMoauc1+s4oIVXaPs7kXuGqDHW +AbzLfegInE5sbA== -----END CERTIFICATE----- diff --git a/test/hostname/Bonnie.key b/test/hostname/Bonnie.key index da4909f39ef4..538da04b21dd 100644 --- a/test/hostname/Bonnie.key +++ b/test/hostname/Bonnie.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDCpPFR+nO9czgQ -T1VLY/uCZ1O35ighW+pCuXJNSnO8xPtesXpdpV7HfijD2G9zza5kxC3Gvg9Lh2Hj -+6R1mTxJj15vqhVdj61hQrK/qbYh2NkH35BQP+z92i8x3qp0syzCZ+Q/0CdtawZQ -a4milVCGtwrsBOnETCN0Qh1AzR2mJVpB7TPE49R9BbFyGZEWlpQ1YKJu7lYDN+YF -lgI5sOcVZYI9NjT+mW+RS5Zrv0nFZFsmlYuXUN+mGXmr0rOS0Mdl1jr06EBJTxXI -myfuostb8dSAJ9E7nhv5VMYrdp0ooS3XSbOxparOkh4j2HwWY8Sv5AKqoTPjRceN -/a9n7+JFAgMBAAECggEAJv42He8nipdvbs0F0FGaTBh5DAk+ltg8CNvvyw4UO4fW -t7SkR+heIWbjscBFK5TTz/oBFaRzmfToJmz+GFT3X+Ep0QLovtKOsEJVXtIX25X+ -fHZMCdeUmZJBDCOIUFKor9VyQ1pm26OqIyg37WsuM56twHSHhDygiaTJCXdN7j+J -3JSQTUXIQI4pjwMf7GmvwaxrbOI+luxyZioXPtUbnB6fmTXrGYykuif5TV+l+C25 -QeH/nvcksJ/TnGbKFbdVVQJRSKl4oc4X3oHTujEIrn06/oQ98OGu2NTyuBTcmOGe -tkwjbMLabiPguPUml6xHh4U63oDnCVHirCrvUjlabQKBgQDpIgomMCQ7jZpkC2WO -dvtHiJPlqQAwsuhy8RziS+FKp6MZ/OcpKtTE8attxrZoEyPN9N9o4hsX2soKkWyc -IJZrppSBeBxyxAJqXXVfa1ATW4dvwCr1SUZIxqHchQFjtzsh1rTyqesCmPFvFL3w -EEIBRiadJtzQjjvbSTSXKelunwKBgQDVvHRDV60uJzJ7BmeYexzJscS9rwaMjoLI -m//4dv9u2wa3k10ZSrJQDjCT3KVzUR1x9kYp3VffAJcqYoRiHegrgBZfeziyr1gk -KbwnUN1lluPDp9f1XuZ70FTR9WW1p8vMtfFIBcEbgZHPFEr4p8KV7RuqbcHmsP8o -47VkL+UYmwKBgQDLMekIqdMauOwFIM3OYzPWgFrvw+Ivj+/8Jt0W/C4L5JrLDtvn -zLYQRdc14gmgInaFj1Wd09zraL3Kgj/YwKp6f4FWavrYqLC2RmkD1sO/a3pbU3Hd -wpTo33+6dY7le5Glh77E9oaoB+f++mQmNfVhqOQE+xdhC2duVJrq2hPkXwKBgGic -5db0OfpmCwo2F0yFrZB25xHkcfMn6ZFg8YdeTyWmJIKDqUSwz9fpKhOlIoHvyNa3 -sJ3bDaBDvLltINiZRMLN3aV8PUMQGbcRils/9C0+Dlr8cvJRMcSWMn3Ve6PO7ixT -PTaAQoVBBOnzR8Ku8cnKFQl00Twlk64izeysmJhTAoGADeHDHJ9SZGXsWx4qfAP3 -w/X0Z78hjj03F1wZy/WCT0fBo2ZPwgNvJycihs5nevvOxyh0T4kU9LcJpP4Xh9uy -xvcHXhfm730ihVVvrSbcqKipVtUQVQjKNkgi3LesUU6fVtR3cYeZjgFX8gK7qlyh -r/DA0g7GHp+pHoQ/koo15Io= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDPHXgyZ3qAiGtD +/a7DrlcPRhA9sEWUGcMXFqxviQbWi3MwJNbts4whtIOcH0NFqlvLt8Cd0ZU+jQHB +e5v6zEjgSH42un9b8c4KOu/fLKf/1yynuWeESzt+z/veDK9tj+aN9etCFpjufI1P +dwu9v6G5Vfz7k6EyHeXCY2W7Dp0ZDm+pPic2gnl2FrYnlYRSDS8LcR+rXux7/rVr +bNZkxJFPcQm0kb5q1pCvQCI0FjNIqDsQDSyLewmvy7zHcOVMmBNaMQHNl9lsIPRC +Ln5hsMqgYU7CmIJbz9akNhrM/lz0Q8g9eN4ecindkGS00XGcvCCIrW0k7aZ0TRcv +hsQ2jFPHAgMBAAECggEAK+I0m4ltXVqKT8eqhe+kpqnTux5kP7MNsRCuzJseBcta +RrMnjwniASo8UJIXMOWduZZfi5DirHQ4EQTd0dADCPKTO4lcfuDHJUfDl2fg2MaA +wbD5DADcxEvRNAVADljVIvMeO8yJ7s4ZKuMwa6302E4t4igvmWzYR83DulSoWKxi +uWvgGieOzo/+ke9bGoL84B4x2JrBCsZBil2kuTz2QPzzHcUtYAKRUT7X9pRttYro +HnegvpkcjHm6oyiSxQbzRL5JlDA+hB5oroNvEvblxLsRtGnO27DD80DoRExn1wqL +kKgQ7fFCTNkHXR4MRfDdQu35+Yk4EJZaVqEWDs6cwQKBgQDvZZVz3KfmXG26S7WP +7svDd/0ouksGaJ7EMjM8M2mjoFr8bmf9+YE1A07rr5yLRngy3Y4xxLnNBgHylpHx +NL3qkkvYtwFd2ONusRUWB50ACGIth59GrEb3GfwaeefLnCIBdnH0/MVVcrF+uOJ1 +tJsUGVj/vwBgdL0SYBT2WxPMtwKBgQDderv01aNlmS82cwNegb8p9f3BNHfT1Tja +PbOXMJ+hNofMjQ/YwZE2lQq+JGFjr5VvcxAe+u5PU/Ikzhsz/8e3z8s72N4vZD+u +stWulcXnp8ySGqVmgMBfJwal2ytJfdg00TXbHsI/asW/fMYkNSt/enE1GqZW9nwE +bGr4X0/BcQKBgDakmkNy90QGjuk6BLxQxmPcjIVyWFOjJ7Iivz0bgx5dKMd7r/Lx +s4NVOPtk/zdvI1qA5ccIX1yj5Wfo5HEJF9xl/jf+NaqlKeyHMQfxPu3V/ArmbP2l +ryER5lBoyPbZsY1h6sr/s084ubjyHIa/bbJdwsnFYCGkI9AA7Gf7C/7rAoGBAKTy +qJMinSuol4H8zHCRPvcYTqGa2vd4IHxhYaRjQS/GtgLAuCGdn/G/tJ2B6MpeVXQI +hOQdzGhmQ7vniFkE0RBzgJAU5vzys37/j6cTwq3RyciycabSkvMK1KengCiewews +N+j2koK6mYYQfl0vADNT1IZRT7sKnbiJqm1KRtLxAoGANamO5efOeb6suuwe3mU0 ++ti9OxNVOiq4W0sILMb5Lb3uKtipCyhjUzLjzlMwDAOLgrWb7QeHsNCFjhtjQ+K8 +lIf/wznCBzmxybEqB3QSvVMcyC9g5KBXMb0DVOJ3/dUC2p/N4Gednc8rwlxKmmd7 +z3kkUaDQlYWt6UPceWmKz7o= -----END PRIVATE KEY----- diff --git a/test/hostname/CertAuth.crt b/test/hostname/CertAuth.crt index 5293cd09241e..b80fe1c99ccc 100644 --- a/test/hostname/CertAuth.crt +++ b/test/hostname/CertAuth.crt @@ -1,28 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEujCCA6KgAwIBAgIJAPjcMEu1o/4sMA0GCSqGSIb3DQEBBQUAMIGZMQswCQYD -VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLTG9zIEFuZ2Vs -ZXMxGTAXBgNVBAoTEEhhaGlDb3JwIFRlc3QgQ0ExDTALBgNVBAsTBFRlc3QxETAP -BgNVBAMTCENlcnRBdXRoMSIwIAYJKoZIhvcNAQkBFhNqYW1lc0BoYXNoaWNvcnAu -Y29tMB4XDTE3MDUxMjA1NTAzNloXDTI3MDUxMDA1NTAzNlowgZkxCzAJBgNVBAYT -AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRQwEgYDVQQHEwtMb3MgQW5nZWxlczEZ -MBcGA1UEChMQSGFoaUNvcnAgVGVzdCBDQTENMAsGA1UECxMEVGVzdDERMA8GA1UE -AxMIQ2VydEF1dGgxIjAgBgkqhkiG9w0BCQEWE2phbWVzQGhhc2hpY29ycC5jb20w -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAnc7C+h+HWU6RsC7dc0dT -GZp+sIkh/XQT17n8q7P852Epc97yuoIualLWtKih08MgipdGoBq5caPjq4WYKJzk -TIqXy0DAuuhCXoTfPaizNgS0jqpWMiufjbu7LRh3vaKL9dgtnAQnl2vwHu7IKya7 -VtfUb6kZAxBo5DxD2vGnX+Sgbe66GsvrqrrjDGM0z24d3Tjndq6Vap50ZF+Kz9+M -XDlu+MAymMipnN5I4SiJOmL1xUpvz49cuW3aKaumMicW3NRGu6lMeSVfxAjADIQW -oqqJjjqIBJksDoKYuowbJfn6QVd5uW02prEoxMHb8bxhUC6Dx0nkiYnp94Z4WOit -AgMBAAGjggEBMIH+MB0GA1UdDgQWBBRVf6RplHdliGUCrnwvq/QxF4tjATCBzgYD -VR0jBIHGMIHDgBRVf6RplHdliGUCrnwvq/QxF4tjAaGBn6SBnDCBmTELMAkGA1UE -BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC0xvcyBBbmdlbGVz -MRkwFwYDVQQKExBIYWhpQ29ycCBUZXN0IENBMQ0wCwYDVQQLEwRUZXN0MREwDwYD -VQQDEwhDZXJ0QXV0aDEiMCAGCSqGSIb3DQEJARYTamFtZXNAaGFzaGljb3JwLmNv -bYIJAPjcMEu1o/4sMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAEj2 -huhEXrFXMlm/HarFjZm0Di5mq9cmudF5Kq6pDZnfI39d1Y4EgeWMThBHjiCtBT3E -xQufEa7s7CNQdjAneUhJdYyUAQmnpOzCtl69qexqQHEQws8kBhE0xyzRFpmCSs39 -ZGt9A4Lc6+0XAeIl87oj6spCAbNZOAaNckKMenrZ/MbkPw7HRPoulex2rx1o9oox -G951WjEk7nJnKAsdQRFnz5DG83Gf8QZcWCnI3Gz3fa8dM1VVa5kuAhk10umDXyEA -UFEbTg8vR9tCvQHJJCnmCRSrIR53m4773WvxfEXlTT70ITn4FnS1F7kO0RkZ1Ylm -h8w/4nK2L6XBxgjweiw= +MIIEATCCAumgAwIBAgIUDkJm2djdx+Z3t1EE3x7sd7KqUAswDQYJKoZIhvcNAQEL +BQAwgY8xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZy +YW5zaXNjbzEXMBUGA1UECgwOSGFzaGlDb3JwIFRlc3QxDTALBgNVBAsMBFRlc3Qx +ETAPBgNVBAMMCENlcnRBdXRoMSAwHgYJKoZIhvcNAQkBFhF0ZXN0QGludGVybmFs +LmNvbTAeFw0yMzExMDIxNjA2MzFaFw0zMzEwMzAxNjA2MzFaMIGPMQswCQYDVQQG +EwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuc2lzY28xFzAVBgNV +BAoMDkhhc2hpQ29ycCBUZXN0MQ0wCwYDVQQLDARUZXN0MREwDwYDVQQDDAhDZXJ0 +QXV0aDEgMB4GCSqGSIb3DQEJARYRdGVzdEBpbnRlcm5hbC5jb20wggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmNX2YYxysQtt9hx5Vm2SGOmzWGj+rTxRM +9tFTyHOnnTi55j//+2Uv/o187X8vQgZLHu57C1c0sKuj07IHp2Ewoc/2xjyt3Pu/ +m2Y7wcLMh+ANYlcL2p7FBFaRnkmJ2r2l2Jl47BucUJyOa2KiZZ9eXsYaiMErgtI0 +lAoJBFXtc/w1bQVChrL8TONBmCWmC5Dsb0fxuJbMBthUfyKbaxObL6HWjtB4hHEf +ObgOLRXzGHhoFM0p4Pby5zb3DTBkb3AOLHwvYf896JeIkG8uK/QD5t+2bL6SP9xY +smjvq+8FyChRT3qXbekiWJHSaC8S6t6hKtJQ9+1RbaMXEXt16xQBAgMBAAGjUzBR +MB0GA1UdDgQWBBQhNwC3hy21rb/IaxIV80X9CZeSRjAfBgNVHSMEGDAWgBQhNwC3 +hy21rb/IaxIV80X9CZeSRjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA +A4IBAQAWzKhzVZ7VOyv4c9io+NetBUYRjne04n/TMG3X+hhc9o0Ce22cQlYqXGZ/ +MfmrOeNRSLwv6i7w9K5xBmXOucfXNlWh+L8CSjvcyQWMgsvpwB0NwihgZZphUxBq +GeU08D4AU1ssyr3mTbZkNdc/nVeFA0kpiAhGBnRaTxo/g52CGnRgJ8QHJx+p639s +Uif3JY9CPnH2B3PaeEDjqmwiRoJahNUNjT0qvxBkDOy/kqzm6hR3po2HfmzCgjBc +t39HKGOrrdnIINXkEaW7lXgQc+roKeMjpugFFtjHyzLekmaYUhk29gchEQtELXRm +4LOUhj7UvGjmqOgyIGeAzwe+49+b -----END CERTIFICATE----- diff --git a/test/hostname/certindex b/test/hostname/certindex index 5b723c8534b7..f25c3d003292 100644 --- a/test/hostname/certindex +++ b/test/hostname/certindex @@ -6,3 +6,11 @@ V 21221008151638Z 32 unknown /CN=Alice/ST=California/C=US/emailAddress=do-not-r V 21221008151638Z 33 unknown /CN=Bob/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing V 21221008151638Z 34 unknown /CN=Betty/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing V 21221008151639Z 35 unknown /CN=Bonnie/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009141716Z 36 unknown /CN=Alice/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009141717Z 37 unknown /CN=Bob/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009141717Z 38 unknown /CN=Betty/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009141717Z 39 unknown /CN=Bonnie/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009160717Z 3A unknown /CN=Alice/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009160717Z 3B unknown /CN=Bob/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009160717Z 3C unknown /CN=Betty/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing +V 21231009160717Z 3D unknown /CN=Bonnie/ST=California/C=US/emailAddress=do-not-reply@hashicorp.com/O=End Point/OU=Testing diff --git a/test/hostname/privkey.pem b/test/hostname/privkey.pem index bbb51ef417b6..0de066fc18d7 100644 --- a/test/hostname/privkey.pem +++ b/test/hostname/privkey.pem @@ -1,27 +1,28 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAwJ3Owvofh1lOkbAu3XNHUxmafrCJIf10E9e5/Kuz/OdhKXPe -8rqCLmpS1rSoodPDIIqXRqAauXGj46uFmCic5EyKl8tAwLroQl6E3z2oszYEtI6q -VjIrn427uy0Yd72ii/XYLZwEJ5dr8B7uyCsmu1bX1G+pGQMQaOQ8Q9rxp1/koG3u -uhrL66q64wxjNM9uHd0453aulWqedGRfis/fjFw5bvjAMpjIqZzeSOEoiTpi9cVK -b8+PXLlt2imrpjInFtzURrupTHklX8QIwAyEFqKqiY46iASZLA6CmLqMGyX5+kFX -ebltNqaxKMTB2/G8YVAug8dJ5ImJ6feGeFjorQIDAQABAoIBACfixcUETHEXojhy -9lFvJK7ll2NypQL/3ACb5GyZFa1iMHGIB/vVeU2pQLwrLtxL4JUlfcvnLYGHMbvc -cc6fYlW4L97c/OysB5puvi8IMp3hqrnE7SrqOrRQgjZxUSbCgx1ebESNkSKtrXFM -xn92yA91HT5lXOvMAaLm2D/o36+bxN/VvSQnYQZFU8fJoMvUBNOdNUlJZock89PL -E9F1qXrqsex1q9jH7Uykpk9HMSznIhX8s5tMjREa1ZLllaSplP2uQO9DB2dVCqWV -zp11DQpZB4ukSVVu987OrW6Ic16RLi5jgd41GY792KQE/7ILqU/0iLBidCTXTbOm -ckBZJyECgYEA4OpVith3ty7YH7VS12hrxql3BaXKk+3rAvXiwdlHlVs9vB61Ugv3 -AiWao88xADt/9NGKQb7oX++7KogE/lZpkE5Gs3s45xcKZDCmfIqyI2ojXPEJR2MR -reCTAAfDnqiYQtmGRqbObNy/bSRY7urZ94Vv+2Q4NHMkxfBUQMf3lZUCgYEA2zy2 -3XECt4T/ieWx/VSqHeNklG7p2UMiXUlLID1I7Xcx0+7W+g4JscE4+M/d/OCiIknB -Logd3UfVX1avuvu0HAg6ZqNBlzYfSDLvqtG9ZyfKGZNkPZEu9TivXKo+hG7AaDDw -yOuvyt7ncUFNI1aXi5iEJrs4TO8+f+WQX2KikLkCgYEAkUnuzk09MED7bag1Bl82 -19MaxrQtY1faa0QpIe3Y1vtkqsPvfzupaWKfPVgXID5PTveY5xWKiIaVEklhaGar -tINMGp7ryCPTG5ttwJ/bqRLkGyK9SrcNcZPTgb6COFhSW0Sm/7a7PAlxQvCq3lMp -UEKLbwpzYDZNN+wikOJb5e0CgYAa3ZrPEg0yLgMeg95G2/wow3fM1LalYBuy8Mta -/QeVyfh6Lxd69wNrG/F+VAKw/VoA96bLq/R07FuSXk4UjMmqcbuuXi0oeYJl15AV -D7S1EmQqtCwhe0wU0shyg447rlK3sd+fz3nwU1ZrQ4RPY0oY2iy/jku86chv5dLG -TZD8SQKBgCwz5sHh+X8J5+PxQxBeWfY32Neo1LkWpswFjNYbk7mdzvtMqXmsTn/y -8CqnXumBYkm//lnigqyA+o8CRZK+NvZAqR5++t7U3R9plFhNWBLjuPVwi7KuWAKw -M7vyWgYYLTwnd7YwEJlVVGXzLlghs0mONhmgM3iQiOlIfd0DFBc3 ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDmNX2YYxysQtt9 +hx5Vm2SGOmzWGj+rTxRM9tFTyHOnnTi55j//+2Uv/o187X8vQgZLHu57C1c0sKuj +07IHp2Ewoc/2xjyt3Pu/m2Y7wcLMh+ANYlcL2p7FBFaRnkmJ2r2l2Jl47BucUJyO +a2KiZZ9eXsYaiMErgtI0lAoJBFXtc/w1bQVChrL8TONBmCWmC5Dsb0fxuJbMBthU +fyKbaxObL6HWjtB4hHEfObgOLRXzGHhoFM0p4Pby5zb3DTBkb3AOLHwvYf896JeI +kG8uK/QD5t+2bL6SP9xYsmjvq+8FyChRT3qXbekiWJHSaC8S6t6hKtJQ9+1RbaMX +EXt16xQBAgMBAAECggEAAwLfm/Lt8NXmC5gNHkcMU1In0swgmZPM+u2+krc8RgzB +LXNU0nseGXjdrmzn3T0imnBy46KkFyEZeaje+wkmNQ3ky8BPkmGh3GGCvpTcALNl +S5+F7naDXaXfIQP+R8KX+PeimEmUWeDXD2jZrzCfm0snkbjIuBI7wCrQj8oh+ptj +ro7GCLoERAJQccqCFdhAU1pkO6wHosxQO+/VcP1WJcxHlLZCWgby4GCyUXAESKTH +A5lHaK2YTRlyX6vgSCVAQ5E/8G7pKw4LQ0jsw8FQBMXFyR9sRqQN6CY7/xdNLGwE +Rvy9KTFXybX+ERcMzfOhbUu+qXi3BoLF6MKDYGy4fQKBgQD48fEcdTCfNUe55+WH +h0asZix3ZzzeRbSP62SlhCzbb/QEDCByvhPbAxT4+eTnfI+XfjO/b8+uNuiD36sV +RaK2DFgdMN2mswWDKh8tXkHmMxkiKODoTEeog1/iwMQ/O4ulDObgzD+E4m2XhXA5 +z7zV5CkM68ALetObym74P3juBQKBgQDsu574jgL8ZumNXBnUvRdprpX1B4fMSR4W +dvguwNsuy+rMdD/pBywnhQPp0V0YF7OcMPCnm8FoLoUXPwa9RQOzkPGPZGT1ob5T +9BMGVMgAzMKGQ1lmHnOr5Wf7X2sBLKcQXk9ShC5SnU4dSlIZ2BDhHgKa2cuOJ5ck +CFi12VGyzQKBgQDrfpQDw6hXM2PCrWgoKQPmGlF+Mp8V9QK2EouHN93nR6SiH4ai +hMTrraKtVFgB04dSXAQ/2FmyCCc0eOWynckqRcsk8hD7nOZeCf6sQDo+tZ/U/K6l +kWNIOd7+9jOvTXjwjZ/qj8yWvEvHxmc/iRCtlcRvgKSPN4XuHjWTiRewsQKBgQCQ +Y/uZdNzjYE3Rl7x1ooP2RLNYSaiNdIdygkvsEFtf1qa236zfkC1hSWNSqQ1UFZjK +ipsuT/UOe1lYDWwp4z9Xte9wW3asz2OMR1GXSfzXaAy54bhUbfx1ey4KB2/3vmmD +tVJCbTbn0uSDPwKGmt/ovuot0uuyH/my05hwCkYnfQKBgQDUWns1jJV+pLDMDUYw +d6wju9UkA7Mpo5zPOLQ3UsdfOJMKBC/xiB93WjJSGfaXkg+QoH2rOfea1l94W1rw +3xHWFcGR/UHO16UYsH4VGW7kucireMp/WDn4oYjVQJ8viBLdVXtgi7aIQmtMdinu +p17ypJ/0W7tKm0eowg1N7N1AnQ== +-----END PRIVATE KEY----- diff --git a/test/hostname/serialfile b/test/hostname/serialfile index 7facc89938bb..5c789eff7a40 100644 --- a/test/hostname/serialfile +++ b/test/hostname/serialfile @@ -1 +1 @@ -36 +3E diff --git a/test/integration/connect/envoy/helpers.bash b/test/integration/connect/envoy/helpers.bash index 01e59b6c2846..dad65089303f 100755 --- a/test/integration/connect/envoy/helpers.bash +++ b/test/integration/connect/envoy/helpers.bash @@ -328,6 +328,19 @@ function get_envoy_cluster_config { " } +function get_envoy_endpoints_configs { + local HOSTPORT=$1 + local CLUSTER_NAME=$2 + run retry_default curl -s -f $HOSTPORT/config_dump?include_eds=on + [ "$status" -eq 0 ] + echo "$output" | jq --raw-output " + .configs[] + | select(.\"@type\" == \"type.googleapis.com/envoy.admin.v3.EndpointsConfigDump\") + | .dynamic_endpoint_configs[] + | .endpoint_config + " +} + function get_envoy_stats_flush_interval { local HOSTPORT=$1 run retry_default curl -s -f $HOSTPORT/config_dump @@ -344,7 +357,7 @@ function snapshot_envoy_admin { local OUTDIR="${LOG_DIR}/envoy-snapshots/${DC}/${ENVOY_NAME}" mkdir -p "${OUTDIR}" - docker_wget "$DC" "http://${HOSTPORT}/config_dump" -q -O - >"${OUTDIR}/config_dump.json" + docker_wget "$DC" "http://${HOSTPORT}/config_dump?include_eds=on" -q -O - >"${OUTDIR}/config_dump.json" docker_wget "$DC" "http://${HOSTPORT}/clusters?format=json" -q -O - >"${OUTDIR}/clusters.json" docker_wget "$DC" "http://${HOSTPORT}/stats" -q -O - >"${OUTDIR}/stats.txt" docker_wget "$DC" "http://${HOSTPORT}/stats/prometheus" -q -O - >"${OUTDIR}/stats_prometheus.txt" diff --git a/test/integration/connect/envoy/helpers.windows.bash b/test/integration/connect/envoy/helpers.windows.bash index 5b6969ca8557..d8a1a0f5b875 100644 --- a/test/integration/connect/envoy/helpers.windows.bash +++ b/test/integration/connect/envoy/helpers.windows.bash @@ -389,7 +389,7 @@ function snapshot_envoy_admin { local OUTDIR="${LOG_DIR}/envoy-snapshots/${DC}/${ENVOY_NAME}" mkdir -p "${OUTDIR}" - docker_consul_exec "$DC" bash -c "curl -s http://${HOSTPORT}/config_dump" > "${OUTDIR}/config_dump.json" + docker_consul_exec "$DC" bash -c "curl -s http://${HOSTPORT}/config_dump?include_eds=on" > "${OUTDIR}/config_dump.json" docker_consul_exec "$DC" bash -c "curl -s http://${HOSTPORT}/clusters?format=json" > "${OUTDIR}/clusters.json" docker_consul_exec "$DC" bash -c "curl -s http://${HOSTPORT}/stats" > "${OUTDIR}/stats.txt" docker_consul_exec "$DC" bash -c "curl -s http://${HOSTPORT}/stats/prometheus" > "${OUTDIR}/stats_prometheus.txt" diff --git a/test/integration/connect/envoy/test-sds-server/go.mod b/test/integration/connect/envoy/test-sds-server/go.mod index 916d9b7211ac..48bc8283bbf2 100644 --- a/test/integration/connect/envoy/test-sds-server/go.mod +++ b/test/integration/connect/envoy/test-sds-server/go.mod @@ -3,13 +3,11 @@ module test-sds-server go 1.16 require ( - github.com/envoyproxy/go-control-plane v0.11.0 + github.com/envoyproxy/go-control-plane v0.11.1 github.com/fatih/color v1.14.1 // indirect github.com/hashicorp/consul v1.15.2 github.com/hashicorp/go-hclog v1.5.0 github.com/hashicorp/go-uuid v1.0.3 // indirect - github.com/stretchr/testify v1.8.3 // indirect - golang.org/x/net v0.13.0 // indirect - google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect - google.golang.org/grpc v1.55.0 + golang.org/x/net v0.17.0 // indirect + google.golang.org/grpc v1.56.3 ) diff --git a/test/integration/connect/envoy/test-sds-server/go.sum b/test/integration/connect/envoy/test-sds-server/go.sum index 1a851374f877..9a4f641fcfbb 100644 --- a/test/integration/connect/envoy/test-sds-server/go.sum +++ b/test/integration/connect/envoy/test-sds-server/go.sum @@ -172,6 +172,7 @@ cloud.google.com/go/compute v1.14.0/go.mod h1:YfLtxrj9sU4Yxv+sXzZkyPjEyPBZfXHUvj cloud.google.com/go/compute v1.15.1/go.mod h1:bjjoF/NtFUrkD/urWfdHaKuOPDR5nWIs63rR+SXhcpA= cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs= cloud.google.com/go/compute v1.19.0/go.mod h1:rikpw2y+UMidAe9tISo04EHNOIf42RLYF/q8Bs93scU= +cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE= cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZEXYonfTBHHFPO/4UU= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= @@ -751,8 +752,10 @@ github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20220314180256-7f1daf1720fc/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20230105202645-06c439db220b/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195 h1:58f1tJ1ra+zFINPlwLWvQsR9CzAKt2e+EWV2yX9oXQ4= github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20230428030218-4003588d1b74/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k= +github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/coredns/coredns v1.6.6/go.mod h1:Bdcnka9HmKGYj12ZIDF3lpQSfDHSsMc85Wj9xEyZUts= @@ -815,13 +818,17 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.m github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/go-control-plane v0.10.3/go.mod h1:fJJn/j26vwOu972OllsvAgJJM//w9BV6Fxbg2LuVd34= -github.com/envoyproxy/go-control-plane v0.11.0 h1:jtLewhRR2vMRNnq2ZZUoCjUlgut+Y0+sDDWPOfwOi1o= github.com/envoyproxy/go-control-plane v0.11.0/go.mod h1:VnHyVMpzcLvCFt9yUz1UnCwHLhwx1WguiVDV7pTG/tI= +github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f/go.mod h1:sfYdkwUW4BA3PbKjySwjJy+O4Pu0h62rlqCMHNk+K+Q= +github.com/envoyproxy/go-control-plane v0.11.1 h1:wSUXTlLfiAQRWs2F+p+EKOY9rUyis1MyGqJ2DIk5HpM= +github.com/envoyproxy/go-control-plane v0.11.1/go.mod h1:uhMcXKCQMEJHiAb0w+YGefQLaTEw+YhGluxZkrTmD0g= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.6.7/go.mod h1:dyJXwwfPK2VSqiB9Klm1J6romD608Ba7Hij42vrOBCo= github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w= -github.com/envoyproxy/protoc-gen-validate v0.10.0 h1:oIfnZFdC0YhpNNEX+SuIqko4cqqVZeN9IGTrhZje83Y= github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= +github.com/envoyproxy/protoc-gen-validate v0.10.1/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= +github.com/envoyproxy/protoc-gen-validate v1.0.1 h1:kt9FtLiooDc0vbwTLhdg3dyNX1K9Qwa1EK9LcD4jVUQ= +github.com/envoyproxy/protoc-gen-validate v1.0.1/go.mod h1:0vj8bNkYbSTNS2PIyH87KZaeN4x9zpL9Qt8fQC7d+vs= github.com/evanphx/json-patch v0.0.0-20190203023257-5858425f7550/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.1.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= @@ -1341,6 +1348,7 @@ github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2 github.com/lyft/protoc-gen-star v0.6.0/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA= github.com/lyft/protoc-gen-star v0.6.1/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA= github.com/lyft/protoc-gen-star/v2 v2.0.1/go.mod h1:RcCdONR2ScXaYnQC5tUzxzlpA3WVYF7/opLeUgcQs/o= +github.com/lyft/protoc-gen-star/v2 v2.0.3/go.mod h1:amey7yeodaJhXSbf/TlLvWiqQfLOSpEk//mLlc+axEk= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= @@ -1510,6 +1518,7 @@ github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1: github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= +github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= @@ -1730,7 +1739,7 @@ golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= +golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1790,6 +1799,7 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91 golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180611182652-db08ff08e862/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1874,9 +1884,10 @@ golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= +golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY= -golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1906,6 +1917,7 @@ golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec= golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw= +golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -2043,9 +2055,10 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= -golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -2054,8 +2067,9 @@ golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= +golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= -golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= +golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2074,8 +2088,8 @@ golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= -golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20161028155119-f51c12702a4d/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -2167,6 +2181,7 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= +golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -2384,8 +2399,18 @@ google.golang.org/genproto v0.0.0-20230320184635-7606e756e683/go.mod h1:NWraEVix google.golang.org/genproto v0.0.0-20230323212658-478b75c54725/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= google.golang.org/genproto v0.0.0-20230330154414-c0448cd141ea/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= google.golang.org/genproto v0.0.0-20230331144136-dcfb400f0633/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= -google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A= google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= +google.golang.org/genproto v0.0.0-20230525234025-438c736192d0/go.mod h1:9ExIQyXL5hZrHzQceCwuSYwZZ5QZBazOcprJ5rgs3lY= +google.golang.org/genproto v0.0.0-20230526203410-71b5a4ffd15e h1:Ao9GzfUMPH3zjVfzXG5rlWlk+Q8MXWKwWpwVQE1MXfw= +google.golang.org/genproto v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:zqTuNwFlFRsw5zIts5VnzLQxSRqh+CGOTVMlYbY0Eyk= +google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a/go.mod h1:ts19tUU+Z0ZShN1y3aPyq2+O3d5FUNNgT6FtOzmrNn8= +google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= +google.golang.org/genproto/googleapis/api v0.0.0-20230526203410-71b5a4ffd15e h1:AZX1ra8YbFMSb7+1pI8S9v4rrgRR7jU1FmuFSSjTVcQ= +google.golang.org/genproto/googleapis/api v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234015-3fc162c6f38a/go.mod h1:xURIpW9ES5+/GZhnV6beoEtxQrnkRGIfP5VQG2tCBLc= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e h1:NumxXLPfHSndr3wBBdeKiVHjGVFzi9RX2HwwQke94iY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= @@ -2430,10 +2455,12 @@ google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCD google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= +google.golang.org/grpc v1.52.3/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= -google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag= google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= +google.golang.org/grpc v1.56.3 h1:8I4C0Yq1EjstUzUJzpcRVbuYA2mODtEmpWiQoN/b2nc= +google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= diff --git a/test/integration/consul-container/go.mod b/test/integration/consul-container/go.mod index 3bca51fc2193..8161503c518e 100644 --- a/test/integration/consul-container/go.mod +++ b/test/integration/consul-container/go.mod @@ -10,10 +10,10 @@ require ( github.com/evanphx/json-patch v4.12.0+incompatible github.com/go-jose/go-jose/v3 v3.0.0 github.com/hashicorp/consul v1.16.1 - github.com/hashicorp/consul/api v1.24.0 - github.com/hashicorp/consul/envoyextensions v0.4.1 - github.com/hashicorp/consul/proto-public v0.4.1 - github.com/hashicorp/consul/sdk v0.14.1 + github.com/hashicorp/consul/api v1.26.1 + github.com/hashicorp/consul/envoyextensions v0.5.1 + github.com/hashicorp/consul/proto-public v0.5.1 + github.com/hashicorp/consul/sdk v0.15.0 github.com/hashicorp/consul/testing/deployer v0.0.0-20230811171106-4a0afb5d1373 github.com/hashicorp/go-cleanhttp v0.5.2 github.com/hashicorp/go-multierror v1.1.1 @@ -30,8 +30,7 @@ require ( github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569 github.com/testcontainers/testcontainers-go v0.22.0 golang.org/x/mod v0.12.0 - google.golang.org/grpc v1.57.0 - k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 + google.golang.org/grpc v1.57.2 ) require ( @@ -72,8 +71,8 @@ require ( github.com/docker/distribution v2.8.2+incompatible // indirect github.com/docker/go-units v0.5.0 // indirect github.com/emicklei/go-restful/v3 v3.10.1 // indirect - github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f // indirect - github.com/envoyproxy/protoc-gen-validate v0.10.1 // indirect + github.com/envoyproxy/go-control-plane v0.11.1 // indirect + github.com/envoyproxy/protoc-gen-validate v1.0.1 // indirect github.com/fatih/color v1.14.1 // indirect github.com/fsnotify/fsnotify v1.6.0 // indirect github.com/go-logr/logr v1.2.4 // indirect @@ -105,6 +104,7 @@ require ( github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 // indirect github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706 // indirect github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69 // indirect + github.com/hashicorp/consul-server-connection-manager v0.1.4 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-bexpr v0.1.2 // indirect github.com/hashicorp/go-connlimit v0.3.0 // indirect @@ -113,6 +113,7 @@ require ( github.com/hashicorp/go-memdb v1.3.4 // indirect github.com/hashicorp/go-msgpack v1.1.5 // indirect github.com/hashicorp/go-msgpack/v2 v2.0.0 // indirect + github.com/hashicorp/go-netaddrs v0.1.0 // indirect github.com/hashicorp/go-plugin v1.4.5 // indirect github.com/hashicorp/go-raftchunking v0.7.0 // indirect github.com/hashicorp/go-retryablehttp v0.6.7 // indirect @@ -132,7 +133,7 @@ require ( github.com/hashicorp/raft v1.5.0 // indirect github.com/hashicorp/raft-autopilot v0.1.6 // indirect github.com/hashicorp/raft-boltdb/v2 v2.2.2 // indirect - github.com/hashicorp/raft-wal v0.3.0 // indirect + github.com/hashicorp/raft-wal v0.4.1 // indirect github.com/hashicorp/vault-plugin-auth-alicloud v0.14.0 // indirect github.com/hashicorp/vault/api v1.8.3 // indirect github.com/hashicorp/vault/api/auth/gcp v0.3.0 // indirect @@ -176,7 +177,7 @@ require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect github.com/prometheus/client_golang v1.14.0 // indirect - github.com/prometheus/client_model v0.3.0 // indirect + github.com/prometheus/client_model v0.4.0 // indirect github.com/prometheus/common v0.39.0 // indirect github.com/prometheus/procfs v0.8.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect @@ -199,14 +200,14 @@ require ( go.opentelemetry.io/otel/trace v1.16.0 // indirect go.opentelemetry.io/proto/otlp v0.19.0 // indirect go.uber.org/atomic v1.9.0 // indirect - golang.org/x/crypto v0.12.0 // indirect + golang.org/x/crypto v0.14.0 // indirect golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 // indirect - golang.org/x/net v0.14.0 // indirect + golang.org/x/net v0.17.0 // indirect golang.org/x/oauth2 v0.8.0 // indirect golang.org/x/sync v0.3.0 // indirect - golang.org/x/sys v0.11.0 // indirect - golang.org/x/term v0.11.0 // indirect - golang.org/x/text v0.12.0 // indirect + golang.org/x/sys v0.13.0 // indirect + golang.org/x/term v0.13.0 // indirect + golang.org/x/text v0.13.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 // indirect google.golang.org/api v0.126.0 // indirect @@ -225,6 +226,7 @@ require ( k8s.io/client-go v0.26.2 // indirect k8s.io/klog/v2 v2.90.1 // indirect k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect + k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect sigs.k8s.io/yaml v1.3.0 // indirect diff --git a/test/integration/consul-container/go.sum b/test/integration/consul-container/go.sum index eeb6f251dd03..1cbb9315f5bc 100644 --- a/test/integration/consul-container/go.sum +++ b/test/integration/consul-container/go.sum @@ -178,11 +178,11 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= -github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f h1:7T++XKzy4xg7PKy+bM+Sa9/oe1OC88yz2hXQUISoXfA= -github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f/go.mod h1:sfYdkwUW4BA3PbKjySwjJy+O4Pu0h62rlqCMHNk+K+Q= +github.com/envoyproxy/go-control-plane v0.11.1 h1:wSUXTlLfiAQRWs2F+p+EKOY9rUyis1MyGqJ2DIk5HpM= +github.com/envoyproxy/go-control-plane v0.11.1/go.mod h1:uhMcXKCQMEJHiAb0w+YGefQLaTEw+YhGluxZkrTmD0g= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v0.10.1 h1:c0g45+xCJhdgFGw7a5QAfdS4byAbud7miNWJ1WwEVf8= -github.com/envoyproxy/protoc-gen-validate v0.10.1/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= +github.com/envoyproxy/protoc-gen-validate v1.0.1 h1:kt9FtLiooDc0vbwTLhdg3dyNX1K9Qwa1EK9LcD4jVUQ= +github.com/envoyproxy/protoc-gen-validate v1.0.1/go.mod h1:0vj8bNkYbSTNS2PIyH87KZaeN4x9zpL9Qt8fQC7d+vs= github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.5.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= @@ -391,6 +391,8 @@ github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706 h1:1ZEjnv github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706/go.mod h1:1Cs8FlmD1BfSQXJGcFLSV5FuIx1AbJP+EJGdxosoS2g= github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69 h1:wzWurXrxfSyG1PHskIZlfuXlTSCj1Tsyatp9DtaasuY= github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69/go.mod h1:svUZZDvotY8zTODknUePc6mZ9pX8nN0ViGwWcUSOBEA= +github.com/hashicorp/consul-server-connection-manager v0.1.4 h1:wrcSRV6WGXFBNpNbN6XsdoGgBOyso7ZbN5VaWPEX1jY= +github.com/hashicorp/consul-server-connection-manager v0.1.4/go.mod h1:LMqHkALoLP0HUQKOG21xXYr0YPUayIQIHNTlmxG100E= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -425,6 +427,8 @@ github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHh github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= +github.com/hashicorp/go-netaddrs v0.1.0 h1:TnlYvODD4C/wO+j7cX1z69kV5gOzI87u3OcUinANaW8= +github.com/hashicorp/go-netaddrs v0.1.0/go.mod h1:33+a/emi5R5dqRspOuZKO0E+Tuz5WV1F84eRWALkedA= github.com/hashicorp/go-plugin v1.4.3/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ= github.com/hashicorp/go-plugin v1.4.5 h1:oTE/oQR4eghggRg8VY7PAz3dr++VwDNBGCcOfIvHpBo= github.com/hashicorp/go-plugin v1.4.5/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s= @@ -492,8 +496,8 @@ github.com/hashicorp/raft-boltdb v0.0.0-20210409134258-03c10cc3d4ea/go.mod h1:qR github.com/hashicorp/raft-boltdb v0.0.0-20220329195025-15018e9b97e0 h1:CO8dBMLH6dvE1jTn/30ZZw3iuPsNfajshWoJTnVc5cc= github.com/hashicorp/raft-boltdb/v2 v2.2.2 h1:rlkPtOllgIcKLxVT4nutqlTH2NRFn+tO1wwZk/4Dxqw= github.com/hashicorp/raft-boltdb/v2 v2.2.2/go.mod h1:N8YgaZgNJLpZC+h+by7vDu5rzsRgONThTEeUS3zWbfY= -github.com/hashicorp/raft-wal v0.3.0 h1:Mi6RPoRbsxIIYZryI+bSTXHD97Ua6rIYO51ibYV9bkY= -github.com/hashicorp/raft-wal v0.3.0/go.mod h1:A6vP5o8hGOs1LHfC1Okh9xPwWDcmb6Vvuz/QyqUXlOE= +github.com/hashicorp/raft-wal v0.4.1 h1:aU8XZ6x8R9BAIB/83Z1dTDtXvDVmv9YVYeXxd/1QBSA= +github.com/hashicorp/raft-wal v0.4.1/go.mod h1:A6vP5o8hGOs1LHfC1Okh9xPwWDcmb6Vvuz/QyqUXlOE= github.com/hashicorp/serf v0.10.1 h1:Z1H2J60yRKvfDYAOZLd2MU0ND4AH/WDz7xYHDWQsIPY= github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4= github.com/hashicorp/vault-plugin-auth-alicloud v0.14.0 h1:O6tNk0s/arubLUbLeCyaRs5xGo9VwmbQazISY/BfPK4= @@ -689,8 +693,8 @@ github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1: github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= -github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= +github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= +github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= @@ -829,8 +833,8 @@ golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= -golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= +golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= +golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -918,8 +922,8 @@ golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= -golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= -golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1025,13 +1029,13 @@ golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= -golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0= -golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= +golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= +golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1043,8 +1047,8 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc= -golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1251,8 +1255,8 @@ google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9K google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k= google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= -google.golang.org/grpc v1.57.0 h1:kfzNeI/klCGD2YPMUlaGNT3pxvYfga7smW3Vth8Zsiw= -google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= +google.golang.org/grpc v1.57.2 h1:uw37EN34aMFFXB2QPW7Tq6tdTbind1GpRxw5aOX3a5k= +google.golang.org/grpc v1.57.2/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= diff --git a/test/integration/consul-container/libs/assert/envoy.go b/test/integration/consul-container/libs/assert/envoy.go index 760b1f87bc5a..076f2e1af62b 100644 --- a/test/integration/consul-container/libs/assert/envoy.go +++ b/test/integration/consul-container/libs/assert/envoy.go @@ -75,6 +75,7 @@ func GetEnvoyListenerTCPFiltersWithClient( // AssertUpstreamEndpointStatus validates that proxy was configured with provided clusterName in the healthStatus func AssertUpstreamEndpointStatus(t *testing.T, adminPort int, clusterName, healthStatus string, count int) { + t.Helper() require.True(t, adminPort > 0) AssertUpstreamEndpointStatusWithClient( t, @@ -94,6 +95,7 @@ func AssertUpstreamEndpointStatusWithClient( healthStatus string, count int, ) { + t.Helper() require.NotNil(t, client) require.NotEmpty(t, addr) failer := func() *retry.Timer { @@ -116,7 +118,7 @@ func AssertUpstreamEndpointStatusWithClient( clusterName, healthStatus) results, err := utils.JQFilter(clusters, filter) require.NoErrorf(r, err, "could not find cluster name %q: %v \n%s", clusterName, err, clusters) - require.Len(r, results, 1) // the final part of the pipeline is "length" which only ever returns 1 result + require.Len(r, results, 1, "clusters: "+clusters) // the final part of the pipeline is "length" which only ever returns 1 result result, err := strconv.Atoi(results[0]) assert.NoError(r, err) @@ -126,6 +128,7 @@ func AssertUpstreamEndpointStatusWithClient( // AssertEnvoyMetricAtMost assert the filered metric by prefix and metric is >= count func AssertEnvoyMetricAtMost(t *testing.T, adminPort int, prefix, metric string, count int) { + t.Helper() var ( stats string err error diff --git a/test/integration/consul-container/libs/assert/service.go b/test/integration/consul-container/libs/assert/service.go index 35fad6bfb15b..7434a1d5e36f 100644 --- a/test/integration/consul-container/libs/assert/service.go +++ b/test/integration/consul-container/libs/assert/service.go @@ -12,12 +12,16 @@ import ( "testing" "time" + "github.com/hashicorp/consul/api" + pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" + "github.com/hashicorp/consul/proto-public/pbresource" + "github.com/hashicorp/consul/sdk/testutil" + "github.com/hashicorp/consul/sdk/testutil/retry" + "github.com/hashicorp/consul/testing/deployer/util" "github.com/hashicorp/go-cleanhttp" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/hashicorp/consul/api" - "github.com/hashicorp/consul/sdk/testutil/retry" libservice "github.com/hashicorp/consul/test/integration/consul-container/libs/service" ) @@ -26,6 +30,64 @@ const ( defaultHTTPWait = defaultWait ) +// CatalogV2ServiceExists verifies the service name exists in the Consul catalog +func CatalogV2ServiceExists(t *testing.T, client pbresource.ResourceServiceClient, svc string, tenancy *pbresource.Tenancy) { + t.Helper() + CatalogV2ServiceHasEndpointCount(t, client, svc, tenancy, -1) +} + +// CatalogV2ServiceDoesNotExist verifies the service name does not exist in the Consul catalog +func CatalogV2ServiceDoesNotExist(t *testing.T, client pbresource.ResourceServiceClient, svc string, tenancy *pbresource.Tenancy) { + t.Helper() + ctx := testutil.TestContext(t) + retry.Run(t, func(r *retry.R) { + got, err := util.GetDecodedResource[*pbcatalog.Service](ctx, client, &pbresource.ID{ + Type: pbcatalog.ServiceType, + Name: svc, + Tenancy: tenancy, + }) + require.NoError(r, err, "error reading service data") + require.Nil(r, got, "unexpectedly found Service resource for %q", svc) + + got2, err := util.GetDecodedResource[*pbcatalog.ServiceEndpoints](ctx, client, &pbresource.ID{ + Type: pbcatalog.ServiceEndpointsType, + Name: svc, + Tenancy: tenancy, + }) + require.NotNil(r, err, "error reading service data") + require.Nil(r, got2, "unexpectedly found ServiceEndpoints resource for %q", svc) + }) +} + +// CatalogV2ServiceHasEndpointCount verifies the service name exists in the Consul catalog and has the specified +// number of workload endpoints. +func CatalogV2ServiceHasEndpointCount(t *testing.T, client pbresource.ResourceServiceClient, svc string, tenancy *pbresource.Tenancy, count int) { + t.Helper() + + ctx := testutil.TestContext(t) + retry.Run(t, func(r *retry.R) { + got, err := util.GetDecodedResource[*pbcatalog.Service](ctx, client, &pbresource.ID{ + Type: pbcatalog.ServiceType, + Name: svc, + Tenancy: tenancy, + }) + require.NoError(r, err, "error reading service data") + require.NotNil(r, got, "did not find Service resource for %q", svc) + + got2, err := util.GetDecodedResource[*pbcatalog.ServiceEndpoints](ctx, client, &pbresource.ID{ + Type: pbcatalog.ServiceEndpointsType, + Name: svc, + Tenancy: tenancy, + }) + require.NoError(r, err, "error reading service data") + require.NotNil(r, got2, "did not find ServiceEndpoints resource for %q", svc) + require.NotEmpty(r, got2.Data.Endpoints, "did not find any workload data in the ServiceEndpoints resource for %q", svc) + if count > 0 { + require.Len(r, got2.Data.Endpoints, count) + } + }) +} + // CatalogServiceExists verifies the service name exists in the Consul catalog func CatalogServiceExists(t *testing.T, c *api.Client, svc string, opts *api.QueryOptions) { retry.Run(t, func(r *retry.R) { @@ -39,6 +101,15 @@ func CatalogServiceExists(t *testing.T, c *api.Client, svc string, opts *api.Que }) } +// CatalogServiceDoesNotExist verifies the service name does not exist in the Consul catalog +func CatalogServiceDoesNotExist(t *testing.T, c *api.Client, svc string, opts *api.QueryOptions) { + retry.Run(t, func(r *retry.R) { + services, _, err := c.Catalog().Service(svc, "", opts) + require.NoError(r, err, "error reading service data") + require.Empty(r, services) + }) +} + // CatalogServiceHasInstanceCount verifies the service name exists in the Consul catalog and has the specified // number of instances. func CatalogServiceHasInstanceCount(t *testing.T, c *api.Client, svc string, count int, opts *api.QueryOptions) { @@ -66,6 +137,17 @@ func CatalogNodeExists(t *testing.T, c *api.Client, nodeName string) { }) } +// CatalogNodeDoesNotExist verifies the node name does not exist in the Consul catalog +func CatalogNodeDoesNotExist(t *testing.T, c *api.Client, nodeName string) { + retry.Run(t, func(r *retry.R) { + node, _, err := c.Catalog().Node(nodeName, nil) + if err != nil { + r.Fatal("error reading node data") + } + require.Nil(r, node) + }) +} + // CatalogServiceIsHealthy verifies the service name exists and all instances pass healthchecks func CatalogServiceIsHealthy(t *testing.T, c *api.Client, svc string, opts *api.QueryOptions) { CatalogServiceExists(t, c, svc, opts) @@ -105,6 +187,7 @@ func HTTPServiceEchoesWithClient(t *testing.T, client *http.Client, addr string, func HTTPServiceEchoesResHeader(t *testing.T, ip string, port int, path string, expectedResHeader map[string]string) { doHTTPServiceEchoes(t, ip, port, path, nil, expectedResHeader) } + func HTTPServiceEchoesResHeaderWithClient(t *testing.T, client *http.Client, addr string, path string, expectedResHeader map[string]string) { doHTTPServiceEchoesWithClient(t, client, addr, path, nil, expectedResHeader) } @@ -142,7 +225,7 @@ func doHTTPServiceEchoesWithClient( reader := strings.NewReader(phrase) req, err := http.NewRequest("POST", url, reader) - require.NoError(t, err, "could not construct request") + require.NoError(r, err, "could not construct request") for k, v := range requestHeaders { req.Header.Add(k, v) diff --git a/test/integration/consul-container/libs/cluster/agent.go b/test/integration/consul-container/libs/cluster/agent.go index 09568f21c565..a6dcb546749e 100644 --- a/test/integration/consul-container/libs/cluster/agent.go +++ b/test/integration/consul-container/libs/cluster/agent.go @@ -10,7 +10,6 @@ import ( "io" jsonpatch "github.com/evanphx/json-patch" - agentconfig "github.com/hashicorp/consul/agent/config" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/lib/decode" "github.com/hashicorp/hcl" @@ -96,10 +95,6 @@ func (c Config) Clone() Config { return c2 } -type decodeTarget struct { - agentconfig.Config `mapstructure:",squash"` -} - // MutatebyAgentConfig mutates config by applying the fields in the input hclConfig // Note that the precedence order is config > hclConfig, because user provider hclConfig // may not work with the testing environment, e.g., data dir, agent name, etc. @@ -135,7 +130,10 @@ func convertHcl2Json(in string) (string, error) { return "", err } - var target decodeTarget + // We target an opaque map so that changes to config fields not yet present + // in a tagged version of `consul` (missing from latest released schema) + // can be used in tests. + var target map[string]any var md mapstructure.Metadata d, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{ DecodeHook: mapstructure.ComposeDecodeHookFunc( diff --git a/test/integration/consul-container/libs/cluster/cluster.go b/test/integration/consul-container/libs/cluster/cluster.go index fbee48333eb1..630fda2bc4a3 100644 --- a/test/integration/consul-container/libs/cluster/cluster.go +++ b/test/integration/consul-container/libs/cluster/cluster.go @@ -16,13 +16,13 @@ import ( "time" goretry "github.com/avast/retry-go" - "github.com/hashicorp/consul/api" - "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/serf/serf" "github.com/stretchr/testify/require" "github.com/teris-io/shortid" "github.com/testcontainers/testcontainers-go" + "github.com/hashicorp/consul/api" + "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/test/integration/consul-container/libs/utils" ) diff --git a/test/integration/consul-container/libs/utils/version.go b/test/integration/consul-container/libs/utils/version.go index 24e66a869814..1f62306f4479 100644 --- a/test/integration/consul-container/libs/utils/version.go +++ b/test/integration/consul-container/libs/utils/version.go @@ -5,6 +5,7 @@ package utils import ( "flag" + "os" "strings" "github.com/hashicorp/consul/testing/deployer/topology" @@ -59,15 +60,18 @@ func GetLatestImageName() string { func TargetImages() topology.Images { img := DockerImage(targetImageName, TargetVersion) + var set topology.Images if IsEnterprise() { - return topology.Images{ - ConsulEnterprise: img, - } + set.ConsulEnterprise = img } else { - return topology.Images{ - ConsulCE: img, - } + set.ConsulCE = img } + + if cdp := os.Getenv("DEPLOYER_CONSUL_DATAPLANE_IMAGE"); cdp != "" { + set.Dataplane = cdp + } + + return set } func IsEnterprise() bool { return isInEnterpriseRepo } diff --git a/test/integration/consul-container/test/catalog/catalog_test.go b/test/integration/consul-container/test/catalog/catalog_test.go index b6e821e1f1f7..0c8e913c8fbe 100644 --- a/test/integration/consul-container/test/catalog/catalog_test.go +++ b/test/integration/consul-container/test/catalog/catalog_test.go @@ -12,9 +12,14 @@ import ( libtopology "github.com/hashicorp/consul/test/integration/consul-container/libs/topology" "github.com/hashicorp/consul/internal/catalog/catalogtest" + rtest "github.com/hashicorp/consul/internal/resource/resourcetest" "github.com/hashicorp/consul/proto-public/pbresource" ) +var ( + cli = rtest.ConfigureTestCLIFlags() +) + func TestCatalog(t *testing.T) { t.Parallel() @@ -29,10 +34,10 @@ func TestCatalog(t *testing.T) { client := pbresource.NewResourceServiceClient(followers[0].GetGRPCConn()) t.Run("one-shot", func(t *testing.T) { - catalogtest.RunCatalogV1Alpha1IntegrationTest(t, client) + catalogtest.RunCatalogV2Beta1IntegrationTest(t, client, cli.ClientOptions(t)...) }) t.Run("lifecycle", func(t *testing.T) { - catalogtest.RunCatalogV2Beta1LifecycleIntegrationTest(t, client) + catalogtest.RunCatalogV2Beta1LifecycleIntegrationTest(t, client, cli.ClientOptions(t)...) }) } diff --git a/test/integration/consul-container/test/gateways/http_route_test.go b/test/integration/consul-container/test/gateways/http_route_test.go index 96c93da955a4..bf2c7d69567e 100644 --- a/test/integration/consul-container/test/gateways/http_route_test.go +++ b/test/integration/consul-container/test/gateways/http_route_test.go @@ -9,7 +9,6 @@ import ( "encoding/hex" "fmt" "github.com/testcontainers/testcontainers-go" - "k8s.io/utils/pointer" "testing" "time" @@ -869,7 +868,7 @@ func TestHTTPRouteRetryAndTimeout(t *testing.T) { { Filters: api.HTTPFilters{ RetryFilter: &api.RetryFilter{ - NumRetries: pointer.Uint32(10), + NumRetries: 10, RetryOnStatusCodes: []uint32{500}, }, }, diff --git a/test/integration/consul-container/test/multiport/explicit_destination_test.go b/test/integration/consul-container/test/multiport/explicit_destination_test.go deleted file mode 100644 index a65ff2095dbc..000000000000 --- a/test/integration/consul-container/test/multiport/explicit_destination_test.go +++ /dev/null @@ -1,228 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package multiport - -import ( - "context" - "fmt" - pbauth "github.com/hashicorp/consul/proto-public/pbauth/v2beta1" - pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" - pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" - libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert" - "github.com/stretchr/testify/require" - "testing" - - rtest "github.com/hashicorp/consul/internal/resource/resourcetest" - "github.com/hashicorp/consul/proto-public/pbresource" - libcluster "github.com/hashicorp/consul/test/integration/consul-container/libs/cluster" - libservice "github.com/hashicorp/consul/test/integration/consul-container/libs/service" - "github.com/hashicorp/consul/test/integration/consul-container/libs/topology" - "github.com/hashicorp/consul/test/integration/consul-container/libs/utils" -) - -// TestMultiportService_Explicit makes sure two services in the same datacenter have connectivity -// with transparent proxy enabled. -// -// Steps: -// - Create a single server cluster. -// - Create the example static-server and sidecar containers, then register them both with Consul -// - Create an example static-client sidecar, then register both the service and sidecar with Consul -// - Make sure a request from static-client to the virtual address (.virtual.consul) returns a -// response from the upstream. -func TestMultiportService_Explicit(t *testing.T) { - t.Parallel() - - cluster := createCluster(t) - followers, err := cluster.Followers() - require.NoError(t, err) - client := pbresource.NewResourceServiceClient(followers[0].GetGRPCConn()) - resourceClient := rtest.NewClient(client) - - serverIP := cluster.Agents[1].GetIP() - clientIP := cluster.Agents[2].GetIP() - - serverService := createServerServicesAndWorkloads(t, resourceClient, serverIP) - createClientResources(t, resourceClient, serverService, clientIP) - - _, clientDataplane := createServices(t, cluster) - - _, port := clientDataplane.GetAddr() - - assertDataplaneContainerState(t, clientDataplane, "running") - libassert.HTTPServiceEchoes(t, "localhost", port, "") - libassert.AssertFortioName(t, fmt.Sprintf("http://localhost:%d", port), "static-server", "") -} - -// createServices creates the static-client and static-server services with -// transparent proxy enabled. It returns a Service for the static-client. -func createServices(t *testing.T, cluster *libcluster.Cluster) (*libcluster.ConsulDataplaneContainer, *libcluster.ConsulDataplaneContainer) { - n1 := cluster.Agents[1] - - // Create a service and dataplane - serverDataplane, err := createServiceAndDataplane(t, n1, "static-server-workload", "static-server", 8080, 8079, []int{}) - require.NoError(t, err) - - n2 := cluster.Agents[2] - // Create a service and dataplane - clientDataplane, err := createServiceAndDataplane(t, n2, "static-client-workload", "static-client", 8080, 8079, []int{libcluster.ServiceUpstreamLocalBindPort}) - require.NoError(t, err) - - return serverDataplane, clientDataplane -} - -func createServiceAndDataplane(t *testing.T, node libcluster.Agent, proxyID, serviceName string, httpPort, grpcPort int, serviceBindPorts []int) (*libcluster.ConsulDataplaneContainer, error) { - // Do some trickery to ensure that partial completion is correctly torn - // down, but successful execution is not. - var deferClean utils.ResettableDefer - defer deferClean.Execute() - - // Create a service and proxy instance - svc, err := libservice.NewExampleService(context.Background(), serviceName, httpPort, grpcPort, node) - if err != nil { - return nil, err - } - deferClean.Add(func() { - _ = svc.Terminate() - }) - - // Create Consul Dataplane - dp, err := libcluster.NewConsulDataplane(context.Background(), proxyID, "0.0.0.0", 8502, serviceBindPorts, node, false, "") - require.NoError(t, err) - deferClean.Add(func() { - _ = dp.Terminate() - }) - - // disable cleanup functions now that we have an object with a Terminate() function - deferClean.Reset() - - return dp, nil -} - -func createServerServicesAndWorkloads(t *testing.T, resourceClient *rtest.Client, ipAddress string) *pbresource.Resource { - serverService := rtest.ResourceID(&pbresource.ID{ - Name: "static-server-service", - Type: pbcatalog.ServiceType, - }).WithData(t, &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"static-server"}}, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - }, - }).Write(t, resourceClient) - - workloadPortMap := map[string]*pbcatalog.WorkloadPort{ - "tcp": { - Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP, - }, - "mesh": { - Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH, - }, - } - - rtest.ResourceID(&pbresource.ID{ - Name: "static-server-identity", - Type: pbauth.WorkloadIdentityType, - }).Write(t, resourceClient) - - rtest.ResourceID(&pbresource.ID{ - Name: "static-server-workload", - Type: pbcatalog.WorkloadType, - }). - WithData(t, &pbcatalog.Workload{ - Addresses: []*pbcatalog.WorkloadAddress{ - {Host: ipAddress}, - }, - Ports: workloadPortMap, - Identity: "static-server-identity", - }). - Write(t, resourceClient) - return serverService -} - -func createClientResources(t *testing.T, resourceClient *rtest.Client, staticServerResource *pbresource.Resource, ipAddress string) { - rtest.ResourceID(&pbresource.ID{ - Name: "static-client-service", - Type: pbcatalog.ServiceType, - }).WithData(t, &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"static-client"}}, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - }, - }).Write(t, resourceClient) - - workloadPortMap := map[string]*pbcatalog.WorkloadPort{ - "tcp": { - Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP, - }, - "mesh": { - Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH, - }, - } - - rtest.ResourceID(&pbresource.ID{ - Name: "static-client-workload", - Type: pbcatalog.WorkloadType, - }). - WithData(t, &pbcatalog.Workload{ - Addresses: []*pbcatalog.WorkloadAddress{ - {Host: ipAddress}, - }, - Ports: workloadPortMap, - Identity: "static-client-identity", - }). - Write(t, resourceClient) - - destId := staticServerResource.GetId() - destRef := &pbresource.Reference{ - Type: destId.Type, - Tenancy: destId.Tenancy, - Name: destId.Name, - Section: "", - } - rtest.ResourceID(&pbresource.ID{ - Name: "static-client-upstreams", - Type: pbmesh.DestinationsType, - }). - WithData(t, &pbmesh.Destinations{ - Destinations: []*pbmesh.Destination{ - { - DestinationRef: destRef, - DestinationPort: "tcp", - ListenAddr: &pbmesh.Destination_IpPort{ - IpPort: &pbmesh.IPPortAddress{ - Ip: "0.0.0.0", - Port: libcluster.ServiceUpstreamLocalBindPort, - }, - }, - }, - }, - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"static-client"}, - }, - }). - Write(t, resourceClient) -} - -func createCluster(t *testing.T) *libcluster.Cluster { - cluster, _, _ := topology.NewCluster(t, &topology.ClusterConfig{ - NumServers: 3, - BuildOpts: &libcluster.BuildOptions{ - Datacenter: "dc1", - InjectAutoEncryption: true, - InjectGossipEncryption: true, - AllowHTTPAnyway: true, - }, - Cmd: `-hcl=experiments=["resource-apis"] log_level="TRACE"`, - }) - - return cluster -} - -// assertDataplaneContainerState validates service container status -func assertDataplaneContainerState(t *testing.T, dataplane *libcluster.ConsulDataplaneContainer, state string) { - containerStatus, err := dataplane.GetStatus() - require.NoError(t, err) - require.Equal(t, containerStatus, state, fmt.Sprintf("Expected: %s. Got %s", state, containerStatus)) -} diff --git a/test/integration/consul-container/test/ratelimit/ratelimit_test.go b/test/integration/consul-container/test/ratelimit/ratelimit_test.go index e598e0ceb8ad..89293da7f8ee 100644 --- a/test/integration/consul-container/test/ratelimit/ratelimit_test.go +++ b/test/integration/consul-container/test/ratelimit/ratelimit_test.go @@ -4,17 +4,19 @@ package ratelimit import ( + "context" "fmt" "strings" "testing" "time" - "github.com/stretchr/testify/require" - "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/sdk/testutil/retry" + "github.com/stretchr/testify/require" + libcluster "github.com/hashicorp/consul/test/integration/consul-container/libs/cluster" libtopology "github.com/hashicorp/consul/test/integration/consul-container/libs/topology" + "github.com/hashicorp/consul/test/integration/consul-container/libs/utils" ) const ( @@ -45,10 +47,11 @@ func TestServerRequestRateLimit(t *testing.T) { expectMetric bool } type testCase struct { - description string - cmd string - operations []operation - mode string + description string + cmd string + operations []operation + mode string + enterpriseOnly bool } // getKV and putKV are net/RPC calls @@ -69,6 +72,30 @@ func TestServerRequestRateLimit(t *testing.T) { rateLimitType: "global/write", } + // listPartition and putPartition are gRPC calls + listPartition := action{ + function: func(client *api.Client) error { + ctx := context.Background() + _, _, err := client.Partitions().List(ctx, nil) + return err + }, + rateLimitOperation: "/partition.PartitionService/List", + rateLimitType: "global/read", + } + + putPartition := action{ + function: func(client *api.Client) error { + ctx := context.Background() + p := api.Partition{ + Name: "ptest", + } + _, _, err := client.Partitions().Create(ctx, &p, nil) + return err + }, + rateLimitOperation: "/partition.PartitionService/Write", + rateLimitType: "global/write", + } + testCases := []testCase{ // HTTP & net/RPC { @@ -128,9 +155,73 @@ func TestServerRequestRateLimit(t *testing.T) { }, }, }, + // gRPC + { + description: "GRPC / Mode: disabled - errors: no / exceeded logs: no / metrics: no", + cmd: `-hcl=limits { request_limits { mode = "disabled" read_rate = 0 write_rate = 0 }}`, + mode: "disabled", + operations: []operation{ + { + action: putPartition, + expectedErrorMsg: "", + expectExceededLog: false, + expectMetric: false, + }, + { + action: listPartition, + expectedErrorMsg: "", + expectExceededLog: false, + expectMetric: false, + }, + }, + enterpriseOnly: true, + }, + { + description: "GRPC / Mode: permissive - errors: no / exceeded logs: yes / metrics: no", + cmd: `-hcl=limits { request_limits { mode = "permissive" read_rate = 0 write_rate = 0 }}`, + mode: "permissive", + operations: []operation{ + { + action: putPartition, + expectedErrorMsg: "", + expectExceededLog: true, + expectMetric: true, + }, + { + action: listPartition, + expectedErrorMsg: "", + expectExceededLog: true, + expectMetric: true, + }, + }, + enterpriseOnly: true, + }, + { + description: "GRPC / Mode: enforcing - errors: yes / exceeded logs: yes / metrics: yes", + cmd: `-hcl=limits { request_limits { mode = "enforcing" read_rate = 0 write_rate = 0 }}`, + mode: "enforcing", + operations: []operation{ + { + action: putPartition, + expectedErrorMsg: nonRetryableErrorMsg, + expectExceededLog: true, + expectMetric: true, + }, + { + action: listPartition, + expectedErrorMsg: retryableErrorMsg, + expectExceededLog: true, + expectMetric: true, + }, + }, + enterpriseOnly: true, + }, } for _, tc := range testCases { + if tc.enterpriseOnly && !utils.IsEnterprise() { + continue + } tc := tc t.Run(tc.description, func(t *testing.T) { t.Parallel() diff --git a/test/integration/consul-container/test/upgrade/catalog/catalog_test.go b/test/integration/consul-container/test/upgrade/catalog/catalog_test.go index 61c479c989d4..ae8ed0401a8f 100644 --- a/test/integration/consul-container/test/upgrade/catalog/catalog_test.go +++ b/test/integration/consul-container/test/upgrade/catalog/catalog_test.go @@ -60,7 +60,7 @@ func TestCatalogUpgrade(t *testing.T) { cluster, _, _ := topology.NewCluster(t, &topology.ClusterConfig{ NumServers: 1, BuildOpts: buildOpts, - ApplyDefaultProxySettings: true, + ApplyDefaultProxySettings: false, Cmd: `-hcl=experiments=["resource-apis"]`, }) diff --git a/test/key/ourdomain.cer b/test/key/ourdomain.cer index 3d48f12e74f3..bc238b3cd145 100644 --- a/test/key/ourdomain.cer +++ b/test/key/ourdomain.cer @@ -1,26 +1,26 @@ -----BEGIN CERTIFICATE----- -MIIETTCCAzWgAwIBAgIBEjANBgkqhkiG9w0BAQ0FADCBmDELMAkGA1UEBhMCVVMx -CzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNI -YXNoaUNvcnAgVGVzdCBDZXJ0MQwwCgYDVQQLEwNEZXYxFjAUBgNVBAMTDXRlc3Qu -aW50ZXJuYWwxIDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMCAXDTIy -MTEwMTE1MTMyOVoYDzIxMjIxMDA4MTUxMzI5WjCBjTEYMBYGA1UEAwwPdGVzdGNv +MIIETTCCAzWgAwIBAgIBKDANBgkqhkiG9w0BAQ0FADCBmDELMAkGA1UEBhMCVVMx +CzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKDBNI +YXNoaUNvcnAgVGVzdCBDZXJ0MQwwCgYDVQQLDANEZXYxFjAUBgNVBAMMDXRlc3Qu +aW50ZXJuYWwxIDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMCAXDTIz +MTEwMjE3MjAxNloYDzIxMjMxMDA5MTcyMDE2WjCBjTEYMBYGA1UEAwwPdGVzdGNv LmludGVybmFsMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzEpMCcG CSqGSIb3DQEJARYaZG8tbm90LXJlcGx5QGhhc2hpY29ycC5jb20xEjAQBgNVBAoM CUVuZCBQb2ludDEQMA4GA1UECwwHVGVzdGluZzCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBANmKHQFznmOmtmvLSA2/f5xjUmJrscZkYa7ooy5bqkFxBKSa -cZn+rru0PjuUIElw2r6iOgVSTmWvBd78ej5qS9+xqfOpWUOBOnl2G6uit676Hlzb -/B/obEek8rmbTYHPT/Lz39oFbmJLc36Wdqp7hq/FMMJd7jEr3r5TIny1eHi1A8Iv -aTa/2vHpW79YMMkGifTO4NsdXgNXuomgnZgUWesDfDQ4zlQZeMrGT5JO6VcNICuR -MNCklBqWYONjdG62AePEu8hCePok3qec9ibhCWotqFpEPe+Myu0gCAxhKUVa6GNd -4iBle1eHbsOsYJcq7aLvujGyixd1EqigqizIvX8CAwEAAaOBqDCBpTAJBgNVHRME -AjAAMB0GA1UdDgQWBBRNjhD63/a2jm+hawLfWZXrJIBFTDAfBgNVHSMEGDAWgBSj -+es5+q9t57ZWSVUogWXJARu4lTALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB +ggEPADCCAQoCggEBAOR5UJpDbgTsIgDNF6/fcafrPYTZlJnvMmYGxgPBH7lV2qqI +64yDE03++lLIOwPy8p0JHgCeoCsxRKhOXjaaBjOi3QGQFUU6rl/v8IZFsUo9NIyS +JJttiJaZCTjzgSZri3PdOHAClP5zF1/aAhTmNf326vAxqkn2MI8yglorOq+CSlOM +6p9nUGRAsoSvfjmz1vYDoyf4T0ZCUU+ieQ9KbcSVSrMip+r/CekfXglfIygfA+dx +dSK2Ivp0YjQbsnGEueDOaXMd2HX6Fh93K7IuvGKF2fAHHNl92uhnkbe63aJ7ZYgO +ftHKvVZFgq6cFFccAuI9qJlk6mo8P+m1ZNfv3dsCAwEAAaOBqDCBpTAJBgNVHRME +AjAAMB0GA1UdDgQWBBTxigs6/Ob0ULZZeeWqgTrxhfwQRDAfBgNVHSMEGDAWgBTm +rmqnZIdFOj6vhCUAJKLZNUDwFDALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB BQUHAwEGCCsGAQUFBwMCMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly9wYXRoLnRv -LmNybC9teWNhLmNybDANBgkqhkiG9w0BAQ0FAAOCAQEAHQ5n79cM6G789AGKKjB9 -cbOld9SwzRUzb1MFrG3rs48ZaOp65mdm9zdI2Cmh9SkoT+lOK6+g1wAQ3p22p+2X -xY3BEFE9gpjdryvR0KFeGkS1fpvIrFAp/cDa67elQR1fX/ADvxSj8GA7gibpS3Ov -DfuUek8GP7HJEdwM+/0Q6g5qKZcZVb6UU/4WySGkuScukmIxbJTrdtctusthHBp9 -+WJtCHKGnziA0VlWTDCkfX04Mpyixzno4jk1QPdEiOB8PHonvJF7RUsLbuDVv5p2 -SXw4zUgFoTPQ5FuUVN0GInObUJ1IKZ3V4VuAIoTw5kZ165PjLiRRwQuFjLrCmVQR -AQ== +LmNybC9teWNhLmNybDANBgkqhkiG9w0BAQ0FAAOCAQEAXS69n70i8mdd2KpUtuVQ +TqCZPggLJ0ctSzSOVFz3ZFMTg50g3bvMZaK3jdwpL8GH7tMjEZANFaM/QNAJWMVb +pc0UD1UxdqahNj40I5V5RL/ocYZbzCVcNi6Y5Z9skROHS6/j4OsvCseYRkpVGMkE +x9bcWJ/cRfLmK9CO8MUrq8gCPYBA1av/uMAot7aT+2rLLcduF5bKuBGGTccVQ01x +5h+2bmFj8jxpju39HPGvZ7mnOqseVKhbKwE87vxirccM4UkwJDmWNuL7pX4CvwHi +aDtzDHJws/WPduT/r4eaXjMat7CF42tLP+w4FWNJH/P3UAzHPaPq2i2eHmCcuw4A +eA== -----END CERTIFICATE----- diff --git a/test/key/ourdomain.key b/test/key/ourdomain.key index 0550aac70d80..eeda2c3328f4 100644 --- a/test/key/ourdomain.key +++ b/test/key/ourdomain.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDZih0Bc55jprZr -y0gNv3+cY1Jia7HGZGGu6KMuW6pBcQSkmnGZ/q67tD47lCBJcNq+ojoFUk5lrwXe -/Ho+akvfsanzqVlDgTp5dhuroreu+h5c2/wf6GxHpPK5m02Bz0/y89/aBW5iS3N+ -lnaqe4avxTDCXe4xK96+UyJ8tXh4tQPCL2k2v9rx6Vu/WDDJBon0zuDbHV4DV7qJ -oJ2YFFnrA3w0OM5UGXjKxk+STulXDSArkTDQpJQalmDjY3RutgHjxLvIQnj6JN6n -nPYm4QlqLahaRD3vjMrtIAgMYSlFWuhjXeIgZXtXh27DrGCXKu2i77oxsosXdRKo -oKosyL1/AgMBAAECggEAI6qSUN+c82es9wVwPdjM2l4qbrqLfiSNI3k+7+XVhz85 -bKdpwr7P9TR7E5eYp5HaO3ErpB23ftJwWvv4Ku2QnQ9q9ukoGnpAlRN5O+3Ewep+ -OelTcAPSZPi1VxsQXR0ZVZMIe51yWKlYOUQAFrmD/qOM+AEggW1Y6smEmP/Dzb5K -cILo3+lEMXxc5ffZ8foS4l5ub3mdYvpjW30s+jzAzfPo2gj0CeMAYKQo+ndTlp6C -3sXPvpgjomq29EBijHCIehiYVj2D1sk0tkfqSzaFcypWfGC8oKTGpUb20aOrcMY2 -hBFGlU0yLntIerja9LhYlFrysa8NPByY1kPLtk6gGQKBgQD4Xnc7FINyn5xR6gN8 -2YjZXlCi4F2oBBsuH0Tkm5GYD6rqLiaEnk5KTEZVHqOgAKQVnGBeEzbx43z/+/EI -rEXEImjc8nGS/KiBkDiUBPA4QeEIFuUrKmz1cC1ryaTRLn3DQJL0uMuXuwn8Ufn8 -CvU1bVkqbkp6IxbGS/SBrNLxawKBgQDgOSjdCZ8QgiDbjqXgd/XXvuSTRnzKKaaD -pple5OH8I84CN5WiMztFqRwvL3+XDlxtF8mHg8AoetlmQ/muMBpm0I66AXF0E1UQ -dV3v10DswRgl1UVFSznR9fDGCRFHSDa4ZErsfE9yvGeNgl3MOHUok0eIYuW4rc13 -lXrpk1JlPQKBgQDAPDWit8Tp4hoW2L6sUp72R2a4OlqjIdJ7x14GZ1awUGgka2YK -vZCxNwo09csFm5lk1K1OAydC36WvaCxuXxB8t3lckhZQA1jVN3BjONNJZ8wp+7aS -y3qcGaA+TktQUOCsUH2uBp4mKXGYJ0cKytxx5tnd2pGwqRoGj2GHQOHgUwKBgQCP -X71jaW2Orsa33cTvfYVzyRp7mczdsDhLYlIbvZtLENH/1O8XYk76QiJFgcfCHWq4 -T0eMIZDT0YoFvF2BJj0blSxOf/G92UbBWWsRm8BmIyp/tpmur2VvfiXRW6byv5hN -28OU6AAdS5+jesLjfQ5dPZ+19BcUOf5yAuEvTgaXuQKBgQDM47vsNeStbvNvuW2w -LYCavmz1ci/H1LDStRwMn3kFVT6S30BQZW5WCa9JH1VJPLCZyAsXqMiMqVwbRkrP -ThY6k+OynaDaEKFURHFZ9TH7QnvAwq0fHRy7nVVUoh5A3I8hqx/lPTyBzJdfEZ/2 -yqxT1bclUFf59IlXukMf/pXxCw== +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDkeVCaQ24E7CIA +zRev33Gn6z2E2ZSZ7zJmBsYDwR+5VdqqiOuMgxNN/vpSyDsD8vKdCR4AnqArMUSo +Tl42mgYzot0BkBVFOq5f7/CGRbFKPTSMkiSbbYiWmQk484Ema4tz3ThwApT+cxdf +2gIU5jX99urwMapJ9jCPMoJaKzqvgkpTjOqfZ1BkQLKEr345s9b2A6Mn+E9GQlFP +onkPSm3ElUqzIqfq/wnpH14JXyMoHwPncXUitiL6dGI0G7JxhLngzmlzHdh1+hYf +dyuyLrxihdnwBxzZfdroZ5G3ut2ie2WIDn7Ryr1WRYKunBRXHALiPaiZZOpqPD/p +tWTX793bAgMBAAECggEAT6obWEbFwHKjoprgtQLY6v+j6kRBw/D7JkcbWWjICoQs +pETsuQhlPU94ck/9//EA9o+cxgOJfrYFphf5Utme6vdRT3+xYvvEnJAZ0n/Pgz7X +KWK13/ov468F37VMZZyfOe27hZbo49Y2osXt7uKcleq4Xbs7kOGGag/nEtC6/EHt +iFdHkRTJVehdYlkAY4XWaO4JFyksrnA9JW5wtYSlBPzwuW6IOUaDbz2+mYQzoUCu +c7KyAiO8TWBnxkikc83x0Op8yHTIJrLHoj6EM5X0HNwvuxonlhx1uLrtYbrLLK6z +M5wMiNYxu73AvRNpWtf3OpMHGhyv6UnYM1uaPVS75QKBgQD/TXTUEgnTefNwIP+/ +liUCbkvUiNYqthcV4ZAbF4lzm8UCHUPErfuogxApTS2m6uD7L1SPCps5Nk5fEFIv +QzI12avRmPmBdgG4Eo8po/QmP7+DfztGb/2uSmc59Oga2Cu3KzO90V/x4AWCW6LC +nUNRzMjC3p01VzjtCrA14cFanwKBgQDlGRiZTo2MerQE32TyX3zFp82m++lloKeW +Zm40rMOe4Lf6DMSxn5m5jlTSXzZrIhPl7iuRBx53D1EUYPSHRULaWMQrHmNzDUTF +qh5dTQvvmP0UNlSN0iDeXo2E0RloF8vtOqqdMAsMr2U9Tuwj1LrAZFaJMXV+3Uar +VOAj8cjvRQKBgQCNinXQ9Uc5VY0fh0wC/cz68gdch5ilCVr3KJzqSDxOOfgZWfwu +WH8DR9Z372/18JZW7ECnJSw1peQBVF0cEtcNf+aAR51cpv4A/VkdruY3JnSZBLrq +LECqlllwilT8PQjPfkYrYJ8ezCKBySgNWX7vJOfREfZ6kibfVGOpG8ZE5QKBgFv9 +TrZIJ2gP4PbP6I21r7kB3v68ygPHlWM7r+awtD+4Rcc+l0AnMKekMgTivEwaO9ko +YA/0xtPRr6G6KJWkRuq7l9Eke5Q38LRZ0aVvCWrkiEI0apEjnZUMbFC3UTdNztFr +rBQ/tUAbsVADv6fHhFE6ONEPrfkJypWDGBj2vdLtAoGBAKqnpHH8rp5GjIk/Kzcl +mesVx32MCYu8SIYRzgvnkpmrqlntNHE89c/oXIYZI/uDC/KsnZvcaTatlI2uc61K +WRkwTr7NELU8ZitFqUgfutJjmi2LuIVplYpILA+krQ73z089zDRXM1/QfyOUDPAF +Xh52im1jJlE68mHaq6bnrVaT -----END PRIVATE KEY----- diff --git a/test/key/ourdomain_server.cer b/test/key/ourdomain_server.cer index 728aefc77a23..2e0a073e019c 100644 --- a/test/key/ourdomain_server.cer +++ b/test/key/ourdomain_server.cer @@ -1,23 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIDyTCCArGgAwIBAgIURPvvB7dOIjTd54ojjHIw2imSpEgwDQYJKoZIhvcNAQEL -BQAwgZgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZy -YW5jaXNjbzEcMBoGA1UEChMTSGFzaGlDb3JwIFRlc3QgQ2VydDEMMAoGA1UECxMD -RGV2MRYwFAYDVQQDEw10ZXN0LmludGVybmFsMSAwHgYJKoZIhvcNAQkBFhF0ZXN0 -QGludGVybmFsLmNvbTAeFw0xOTA1MjAxMjE5MDBaFw0yOTA1MTcxMjE5MDBaMAAw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9G2dzg4w9ZqgiINgZJXDV -7ueWUE42wf6qS8WjdPZVci+ondLI4QTvbGE5wwy5EF/GTRTnVQup3VK8axaNqDqB -ThBrh7MUMeUgqhnElKxC7tgJOxvKE6JpyAz+e2jXwYMx8wFxDNd9Ve36yA1R6cc1 -T/lupisRl6ARgNOXb/l89fkpM8aHKpwWFFaoXxabsH2Jgnfai2wXLmf7vRnvAM7m -GwtioWRjt2UCOltZbh/AYL/HVpNeD/IVRaOUHdw72lpAwPHMhvEbqQQkklj4Aldz -/xs8U82XjyeDhAbeNqAWps2EjFwkmHy+dVSXK9a2hW+Qgw2CQq+By10DmR7rPZWl -AgMBAAGjgaEwgZ4wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB -BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTXwQO3LMRTMtINOYgD -sMREIqezCTAfBgNVHSMEGDAWgBSj+es5+q9t57ZWSVUogWXJARu4lTAfBgNVHREB -Af8EFTATghFzZXJ2ZXIuZGMxLmNvbnN1bDANBgkqhkiG9w0BAQsFAAOCAQEAHrvb -XYi87gpvyrXUCwihHCFDjKdvo+3b9a3MoFzn+/e3gcUwz9fLnup4kGq+Fh+iyitn -YtraUvFLb0QSZmROTRYRzGwmLLYYOguIcbadRKJkd3NkiJ5QDw4+S8OXE+1/hZpm -sjM3fnzQPhspxweSZZPtDvgI6JFA8IKCvh2jUfdKdWVfhBonEb/le2ox/7RfqQ+M -JZ7rorpvSCat+NOQKKIbIAlNcntflXGBE2ken/IHihtUREk5pYKpplMf4PqkyFkB -MuATqNoXuARYcN3u8HYWv6ewwHqBuUB86NurYArCw3Antl0hJBLDPQ7X8ukJZDoB -lhe56raXzfZxn9BIrw== +MIIEBDCCAuygAwIBAgIBJzANBgkqhkiG9w0BAQ0FADCBmDELMAkGA1UEBhMCVVMx +CzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKDBNI +YXNoaUNvcnAgVGVzdCBDZXJ0MQwwCgYDVQQLDANEZXYxFjAUBgNVBAMMDXRlc3Qu +aW50ZXJuYWwxIDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMCAXDTIz +MTEwMjE3MTkwOFoYDzIxMjMxMDA5MTcxOTA4WjCBjTEYMBYGA1UEAwwPdGVzdGNv +LmludGVybmFsMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzEpMCcG +CSqGSIb3DQEJARYaZG8tbm90LXJlcGx5QGhhc2hpY29ycC5jb20xEjAQBgNVBAoM +CUVuZCBQb2ludDEQMA4GA1UECwwHVGVzdGluZzCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAKBYr0oa+qozTXeMoQOIWYxhPRfoLJk0YZbMTVoXzIpr0/Vu +CmMjVxPAzw1bz0mrQCgA66ftkEnn+ieIfrkhtKXeXtWNpvYwpDXlm1dXavAeccDm +Ik6BWM49WDuZYo7OWsrgh3ia4xRLzhlCyBhK8ckiEeym58nXKNK21KXQD/DKvxlA +I41WNHJ3hpIIYzxtTLvmv6tEZnmqocfDlbvT/wNVbsuXMVb+tzbwKS9iI7DdWMqe +IFv9G6h26WijVYcH4pTSAO54933oghguE+WZ8i9FPksCZvYjVKFosr0fALfAGScn +9kkbbpNM2VJ8s9qfsA1xoPn6Vpm058mc4WQ/rmkCAwEAAaNgMF4wHAYDVR0RBBUw +E4IRc2VydmVyLmRjMS5jb25zdWwwHQYDVR0OBBYEFNy73y5a0ZSJ8y1G5ujW6KGI +sEItMB8GA1UdIwQYMBaAFOauaqdkh0U6Pq+EJQAkotk1QPAUMA0GCSqGSIb3DQEB +DQUAA4IBAQAWc1KXB4fENj5oFgVV3B6U/F9nrxriMqJnYO7SXBlh8gBLIxqK7cBv +FBye4P35HBceOLUKCOqcIU/rtNzOvDBJkYmolCQ40OAP4QHolzl+dNrGC9ew5VdM +nACkcWLfYVAIPcaxtagVoR1+zuHq3r08Vf9opGXfUlhnKboHUVmCK8dIvujRzJcE +4mmgADRB+lDgC4dIX0E/JtY4RrDrd/DUiJ0WDrKKQEpOF3HRkbU9z17SsuniD6K9 +8Y84GchDBKFaCA0jydXF6uyIqfxqkv5DQgfi8CooPY6kEpM3m0DZCca4AwaLNlyt +rjfbJq847rcN0mvw7GYc8byw5uzoaKlK -----END CERTIFICATE----- diff --git a/test/key/ourdomain_server.cfg b/test/key/ourdomain_server.cfg new file mode 100644 index 000000000000..2f2d3c3214ae --- /dev/null +++ b/test/key/ourdomain_server.cfg @@ -0,0 +1,22 @@ +[ req ] +prompt = no +distinguished_name = dn +req_extensions = req_ext + + +[dn] +C = US +ST = California +L = Los Angeles +O = End Point +OU = Testing +emailAddress = do-not-reply@hashicorp.com +CN = testco.internal + +[ v3_req ] +basicConstraints = CA:false +extendedKeyUsage = serverAuth +subjectAltName = @alt_names + +[alt_names] +DNS.1 = server.dc1.consul \ No newline at end of file diff --git a/test/key/ourdomain_server.key b/test/key/ourdomain_server.key index 4278f1d01597..b9439ada88d0 100644 --- a/test/key/ourdomain_server.key +++ b/test/key/ourdomain_server.key @@ -1,27 +1,28 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAvRtnc4OMPWaoIiDYGSVw1e7nllBONsH+qkvFo3T2VXIvqJ3S -yOEE72xhOcMMuRBfxk0U51ULqd1SvGsWjag6gU4Qa4ezFDHlIKoZxJSsQu7YCTsb -yhOiacgM/nto18GDMfMBcQzXfVXt+sgNUenHNU/5bqYrEZegEYDTl2/5fPX5KTPG -hyqcFhRWqF8Wm7B9iYJ32otsFy5n+70Z7wDO5hsLYqFkY7dlAjpbWW4fwGC/x1aT -Xg/yFUWjlB3cO9paQMDxzIbxG6kEJJJY+AJXc/8bPFPNl48ng4QG3jagFqbNhIxc -JJh8vnVUlyvWtoVvkIMNgkKvgctdA5ke6z2VpQIDAQABAoIBAEhSerYK0U+KOzMS -LJMxZn3q6FbsT31Ro/utDuD8klkLWn66HSsGI8UNRgG5PtxoDrjgMeZm+Bb2tfWp -Xu6+L+HT4SO+uhY3HtHnPAOaeGcAwU6GdJJMAAlEoPOSbv5U27/2l86Mgr1EZ8dJ -Sw7QwYb6FwLiOgZ4XpdTFZkNEfVf1CeZSlxTIpvlJMJJvVg7crhVnS4boI6d8z24 -b0LerEbvVC97N++sKhSGtSF/QX0wW7BkbTquruaRbWsL/e0o8Bydy1jRVFLTet4l -GO9MNcN8Cdt7eOptsK00Ma9S9AZfTvaXdrPERimJ0JDtqjMSyfly6M7fK7Yx2gUn -HcPSOAECgYEAy8IQ5+jw16qJDfAhc9jer5i0E/fj2xohYfUF6IniGFYT9Ih6D/2T -D55W1m8PSoNM5gfYkLZ6dvjzcF6kDCD5vppVr07B3RlS7caMkM1GGmLxOgX/YIa7 -OpEzaTr1kIefvsrR4c4b2wBzZm1XuGDE/lw5yCQmoBAbzyq4X2Mlr+UCgYEA7Zey -0vUxCPxBp+spdPuZuH5oW9b2L5D2c87em7+tObuf20wQic7vXfZ4TDTDojSkeEJk -S7aUKEivzMePdNJ+QYxK+/0w4klYUS62Xk5422zg90dvQ5P86aYHagrQ61jmpUIe -rthLgP+fHtXEJyb2Ud2fc+yx+Sn38ptWi52AcsECgYBIQe0O4Ouv/5kU6Uhjtc/a -w7NwtWMHiy+1dlf/DA6zBKuU92UaEJm7WzJ+Xuo0SXXWyYeCYkPxtv1VpypT5snK -Tx79yVc0mktvaQ7mNvWaW+Yh5oiW6ZCyB1YNBkyZUY9T8McXZak5M+K4uyP1jdOu -RHR1RmSwNKY4BHVX1mhCBQKBgQCNmuBFw0Uaad5nykzHID2aLBzev9uytd9tXlpm -0XLY+e5osYkZ2W/ovMEuCjSfNGjiFA/a4FKlP80na7kgk2QUhR0b2ueLttMgb4rZ -4kM95EKgnr69tDIEv6OjnBawbifpTuMiql813yRjKFzkSOB+ImyqluPr8QuKWPLX -+2NXAQKBgGAij1zH8M6vV486KA5l4PUyN9iaiakC262IH9bX3js93Wfwd1bGDtQA -rgxbhQNYifx3ID3HqxyJxWSennczHfEPTfkU4BooFzlqxhKPi+TT+Xd+N+fY5hGT -S8lS78V8hT8eOEIgGbsM5bckHQqNapGRCNsImIsNftLwmUCSQMDG ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCgWK9KGvqqM013 +jKEDiFmMYT0X6CyZNGGWzE1aF8yKa9P1bgpjI1cTwM8NW89Jq0AoAOun7ZBJ5/on +iH65IbSl3l7Vjab2MKQ15ZtXV2rwHnHA5iJOgVjOPVg7mWKOzlrK4Id4muMUS84Z +QsgYSvHJIhHspufJ1yjSttSl0A/wyr8ZQCONVjRyd4aSCGM8bUy75r+rRGZ5qqHH +w5W70/8DVW7LlzFW/rc28CkvYiOw3VjKniBb/Ruoduloo1WHB+KU0gDuePd96IIY +LhPlmfIvRT5LAmb2I1ShaLK9HwC3wBknJ/ZJG26TTNlSfLPan7ANcaD5+laZtOfJ +nOFkP65pAgMBAAECggEACF64v7iKzymgaJYprYKHkiFdTAstkM3ALlv5ybMmVS9t +wAj/d89Xc0uEQ2FAf8r1rWDm7DwlZQY786ZXXxiYUnQ6JRGg3ocJe1rB8hw5E9Gz +BGu+7LQpy5I+MdY+4893w9FWoQAMzHlsh7sJsOLwnhwuLVlFDi8yDVXH4ePrgRkv +DNJ1KFXvD2qJAKclFqQMmLShXy3iDjBQsYsYBZedzysakHhY8fQiQCcAKTnEwtJ1 +XpGF4pJh6o33ZQXVDhTvyaGTO6Sq2Qt+3pS1vMFSmKQFPG7iUnpsVi21a4ZMLFmq +B/PjTuDBmBSADUFHNRwLoUIrTu8opc5HoWFVp3TzgQKBgQDaIdZHQR40/nW+aa0W +4owgle9LqXCwwMESbwn7o8BAqVQkzu7C8g9OQ+fzkGVPjkBlQ/CC7zNz3d+/gb2/ +b5mL9ozBluJo37DfYehVSp2jC5SbfGmQanguwZ3ywBr3yM+RN8N4UkY6CJ+PB9I+ +199MjERu4Q6aIKXljRyIxHzLkQKBgQC8LsBK/VbMio/IEZjBLgSM2XiunWIsGd3l +HVMKNzv5HFmcVX1yVnyaPf6urqH706YkKjGoytTX/OLluxppbF2pHYhOl21c4FfR +2bMM2ES4WxgjQm2HWKb4oXQf58jdjqSfdgVvnS3rquwjnzODuT9l4GC2ZHdUPBN3 +TISb6d/ZWQKBgQCL8s+mkZnOyD9Etkot95WNxoRr178MN+7nY8RU5X+QPNNWdklr +W6AER78GXmsReqPIFKm3Z75sJTrLhHL34qLx0HIINkT2oiW5e/hy2FeA5womI9Ea +raSD4wbyWtwyg2zgr5VCmg6iZyvvuUXjud5zHz88oDodGrs1Jq7a9K1YcQKBgQCO +VcY4cjpO55ctOrIRm97xMiRn3r68oKwHehCvL2v7VggpiTgjXWtNtwqF0azPrxyB +SjDZfOFUpQBxxv2JM9/75EyPNVYQ49dI8KLPWl1QHAa71KjHsLRKZsRQxZ5WhmfZ +/QjLjVWIZXXK08XBIkLjqb089+ySGAaZO5Up4NHhsQKBgH6qHYHQ4x2Py1cZ1RiP +fwcMMlHA3+Ng1yuSvbwqY73XvIeN6Hhd5BtoFwe2xQJO0iBKI208pBDic1eDAr33 +1WID7atHLJI5eTZZzvnINUPnMi1D3ziohPknatca37cL/3i2JVaVELpmSmr92Tqu +TSNt6UCeZ2xyyGmUIPzRVmZB +-----END PRIVATE KEY----- diff --git a/test/notes.txt b/test/notes.txt deleted file mode 100644 index ae4f7098249f..000000000000 --- a/test/notes.txt +++ /dev/null @@ -1 +0,0 @@ -Instructions from https://langui.sh/2009/01/18/openssl-self-signed-ca/ diff --git a/testing/deployer/go.mod b/testing/deployer/go.mod index df6cb924f087..9a8f53a322ac 100644 --- a/testing/deployer/go.mod +++ b/testing/deployer/go.mod @@ -4,44 +4,64 @@ go 1.20 require ( github.com/google/go-cmp v0.5.9 + github.com/hashicorp/consul-server-connection-manager v0.1.4 github.com/hashicorp/consul/api v1.24.0 - github.com/hashicorp/consul/sdk v0.14.1 + github.com/hashicorp/consul/proto-public v0.1.0 + github.com/hashicorp/consul/sdk v0.15.0 github.com/hashicorp/go-cleanhttp v0.5.2 github.com/hashicorp/go-hclog v1.5.0 github.com/hashicorp/go-multierror v1.1.1 + github.com/hashicorp/go-rootcerts v1.0.2 github.com/hashicorp/hcl/v2 v2.16.2 github.com/mitchellh/copystructure v1.2.0 github.com/rboyer/safeio v0.2.2 github.com/stretchr/testify v1.8.3 - golang.org/x/crypto v0.11.0 + golang.org/x/crypto v0.14.0 + golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 + google.golang.org/grpc v1.56.3 + google.golang.org/protobuf v1.31.0 ) require ( github.com/agext/levenshtein v1.2.1 // indirect github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect github.com/armon/go-metrics v0.4.1 // indirect + github.com/beorn7/perks v1.0.1 // indirect + github.com/cenkalti/backoff/v4 v4.1.3 // indirect + github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/fatih/color v1.14.1 // indirect + github.com/golang/protobuf v1.5.3 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect - github.com/hashicorp/go-rootcerts v1.0.2 // indirect + github.com/hashicorp/go-netaddrs v0.1.0 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect github.com/hashicorp/go-version v1.2.1 // indirect github.com/hashicorp/golang-lru v0.5.4 // indirect github.com/hashicorp/serf v0.10.1 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.17 // indirect + github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/go-wordwrap v1.0.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect + github.com/prometheus/client_golang v1.11.1 // indirect + github.com/prometheus/client_model v0.2.0 // indirect + github.com/prometheus/common v0.26.0 // indirect + github.com/prometheus/procfs v0.6.0 // indirect github.com/zclconf/go-cty v1.12.1 // indirect - golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect - golang.org/x/sys v0.10.0 // indirect - golang.org/x/text v0.11.0 // indirect + golang.org/x/net v0.17.0 // indirect + golang.org/x/sys v0.13.0 // indirect + golang.org/x/text v0.13.0 // indirect + google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) -replace github.com/hashicorp/consul/sdk => ../../sdk +replace ( + github.com/hashicorp/consul/api => ../../api + github.com/hashicorp/consul/proto-public => ../../proto-public + github.com/hashicorp/consul/sdk => ../../sdk +) diff --git a/testing/deployer/go.sum b/testing/deployer/go.sum index fb90eb4a6a33..e632e8be7907 100644 --- a/testing/deployer/go.sum +++ b/testing/deployer/go.sum @@ -1,3 +1,4 @@ +cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/agext/levenshtein v1.2.1 h1:QmvMAjj2aEICytGiWzmxoE0x2KZvE0fvmqMOfy2tjT8= github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= @@ -5,6 +6,7 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw= github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= @@ -15,9 +17,14 @@ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= +github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= +github.com/cenkalti/backoff/v4 v4.1.3 h1:cFAlzYUlVYDysBEH2T5hyJZMh3+5+WCBvSnK6Q8UtC4= +github.com/cenkalti/backoff/v4 v4.1.3/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= +github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -31,23 +38,38 @@ github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w= github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= +github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/hashicorp/consul/api v1.24.0 h1:u2XyStA2j0jnCiVUU7Qyrt8idjRn4ORhK6DlvZ3bWhA= -github.com/hashicorp/consul/api v1.24.0/go.mod h1:NZJGRFYruc/80wYowkPFCp1LbGmJC9L8izrwfyVx/Wg= +github.com/hashicorp/consul-server-connection-manager v0.1.4 h1:wrcSRV6WGXFBNpNbN6XsdoGgBOyso7ZbN5VaWPEX1jY= +github.com/hashicorp/consul-server-connection-manager v0.1.4/go.mod h1:LMqHkALoLP0HUQKOG21xXYr0YPUayIQIHNTlmxG100E= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -65,6 +87,8 @@ github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHh github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= +github.com/hashicorp/go-netaddrs v0.1.0 h1:TnlYvODD4C/wO+j7cX1z69kV5gOzI87u3OcUinANaW8= +github.com/hashicorp/go-netaddrs v0.1.0/go.mod h1:33+a/emi5R5dqRspOuZKO0E+Tuz5WV1F84eRWALkedA= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= @@ -88,10 +112,15 @@ github.com/hashicorp/memberlist v0.5.0 h1:EtYPN8DpAURiapus508I4n9CzHs2W+8NZGbmmR github.com/hashicorp/memberlist v0.5.0/go.mod h1:yvyXLpo0QaGE59Y7hDTsTzDD25JYBZ4mHgHUZ8lrOI0= github.com/hashicorp/serf v0.10.1 h1:Z1H2J60yRKvfDYAOZLd2MU0ND4AH/WDz7xYHDWQsIPY= github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4= +github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= @@ -114,6 +143,7 @@ github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27k github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng= github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.41 h1:WMszZWJG0XmzbK9FEmzH2TVcqYzFesusSIB41b8KHxY= @@ -135,6 +165,7 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= @@ -150,14 +181,24 @@ github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSg github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= +github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= +github.com/prometheus/client_golang v1.11.1 h1:+4eQaD7vAZ6DsfsxB15hbE0odUjGI5ARs9yskGu1v4s= +github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= +github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= +github.com/prometheus/common v0.26.0 h1:iMAkS2TDoNWnKM+Kopnx/8tnEStIfpYA0ur0xQzzhMQ= +github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= +github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= +github.com/prometheus/procfs v0.6.0 h1:mxy4L2jP6qMonqmq+aTtOx1ifVWUgG/TAmntgbh3xv4= +github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/rboyer/safeio v0.2.2 h1:XhtqyUTRleMYGyBt3ni4j2BtEh669U2ry2INnnd+B4k= github.com/rboyer/safeio v0.2.2/go.mod h1:pSnr2LFXyn/c/fotxotyOdYy7pP/XSh6MpBmzXPjiNc= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= @@ -167,6 +208,7 @@ github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= @@ -182,56 +224,85 @@ github.com/zclconf/go-cty v1.12.1/go.mod h1:s9IfD1LK5ccNMSWCVFCE2rJfHiZgi7JijgeW golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= -golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA= -golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= -golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug= -golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= +golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 h1:m64FZMko/V45gv0bNmrNYoDEq8U5YUhetc9cBWKS1TQ= +golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63/go.mod h1:0v4NqG35kSWCMzLaMeX+IQrlSnVE/bqGSyC2cz/9Le8= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= -golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= -golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= -golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A= +google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= +google.golang.org/grpc v1.56.3 h1:8I4C0Yq1EjstUzUJzpcRVbuYA2mODtEmpWiQoN/b2nc= +google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= +google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -240,5 +311,6 @@ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/testing/deployer/sprawl/acl.go b/testing/deployer/sprawl/acl.go index 6196d94d46f9..99179ac58664 100644 --- a/testing/deployer/sprawl/acl.go +++ b/testing/deployer/sprawl/acl.go @@ -202,58 +202,56 @@ func (s *Sprawl) createCrossNamespaceCatalogReadPolicies(cluster *topology.Clust return nil } -func (s *Sprawl) createAllServiceTokens() error { +func (s *Sprawl) createAllWorkloadTokens() error { for _, cluster := range s.topology.Clusters { - if err := s.createServiceTokens(cluster); err != nil { - return fmt.Errorf("createServiceTokens[%s]: %w", cluster.Name, err) + if err := s.createWorkloadTokens(cluster); err != nil { + return fmt.Errorf("createWorkloadTokens[%s]: %w", cluster.Name, err) } } return nil } -func (s *Sprawl) createServiceTokens(cluster *topology.Cluster) error { +func (s *Sprawl) createWorkloadTokens(cluster *topology.Cluster) error { var ( client = s.clients[cluster.Name] logger = s.logger.With("cluster", cluster.Name) ) - sids := make(map[topology.ServiceID]struct{}) + workloadIDs := make(map[topology.ID]struct{}) for _, node := range cluster.Nodes { - if !node.RunsWorkloads() || len(node.Services) == 0 || node.Disabled { + if !node.RunsWorkloads() || len(node.Workloads) == 0 || node.Disabled { continue } - for _, svc := range node.Services { - sid := svc.ID - - if _, done := sids[sid]; done { + for _, wrk := range node.Workloads { + if _, done := workloadIDs[wrk.ID]; done { continue } var overridePolicy *api.ACLPolicy - if svc.IsMeshGateway { + if wrk.IsMeshGateway { var err error - overridePolicy, err = CreateOrUpdatePolicy(client, policyForMeshGateway(svc, cluster.Enterprise)) + overridePolicy, err = CreateOrUpdatePolicy(client, policyForMeshGateway(wrk, cluster.Enterprise)) if err != nil { return fmt.Errorf("could not create policy: %w", err) } } - token, err := CreateOrUpdateToken(client, tokenForService(svc, overridePolicy, cluster.Enterprise)) + token, err := CreateOrUpdateToken(client, tokenForWorkload(wrk, overridePolicy, cluster.Enterprise)) if err != nil { return fmt.Errorf("could not create token: %w", err) } - logger.Debug("created service token", - "service", svc.ID.Name, - "namespace", svc.ID.Namespace, - "partition", svc.ID.Partition, + logger.Debug("created workload token", + "workload", wrk.ID.Name, + "namespace", wrk.ID.Namespace, + "partition", wrk.ID.Partition, "token", token.SecretID, ) - s.secrets.SaveServiceToken(cluster.Name, sid, token.SecretID) + s.secrets.SaveWorkloadToken(cluster.Name, wrk.ID, token.SecretID) - sids[sid] = struct{}{} + workloadIDs[wrk.ID] = struct{}{} } } diff --git a/testing/deployer/sprawl/acl_rules.go b/testing/deployer/sprawl/acl_rules.go index 7c360d85f610..554b418cd0f9 100644 --- a/testing/deployer/sprawl/acl_rules.go +++ b/testing/deployer/sprawl/acl_rules.go @@ -86,22 +86,34 @@ func tokenForNode(node *topology.Node, enterprise bool) *api.ACLToken { return token } -func tokenForService(svc *topology.Service, overridePolicy *api.ACLPolicy, enterprise bool) *api.ACLToken { +// Deprecated: tokenForWorkload +func tokenForService(wrk *topology.Workload, overridePolicy *api.ACLPolicy, enterprise bool) *api.ACLToken { + return tokenForWorkload(wrk, overridePolicy, enterprise) +} + +func tokenForWorkload(wrk *topology.Workload, overridePolicy *api.ACLPolicy, enterprise bool) *api.ACLToken { token := &api.ACLToken{ - Description: "service--" + svc.ID.ACLString(), + Description: "service--" + wrk.ID.ACLString(), Local: false, } if overridePolicy != nil { token.Policies = []*api.ACLTokenPolicyLink{{ID: overridePolicy.ID}} + } else if wrk.IsV2() { + token.TemplatedPolicies = []*api.ACLTemplatedPolicy{{ + TemplateName: api.ACLTemplatedPolicyWorkloadIdentityName, + TemplateVariables: &api.ACLTemplatedPolicyVariables{ + Name: wrk.WorkloadIdentity, + }, + }} } else { token.ServiceIdentities = []*api.ACLServiceIdentity{{ - ServiceName: svc.ID.Name, + ServiceName: wrk.ID.Name, }} } if enterprise { - token.Namespace = svc.ID.Namespace - token.Partition = svc.ID.Partition + token.Namespace = wrk.ID.Namespace + token.Partition = wrk.ID.Partition } return token @@ -169,20 +181,20 @@ mesh = "write" ` ) -func policyForMeshGateway(svc *topology.Service, enterprise bool) *api.ACLPolicy { - policyName := "mesh-gateway--" + svc.ID.ACLString() +func policyForMeshGateway(wrk *topology.Workload, enterprise bool) *api.ACLPolicy { + policyName := "mesh-gateway--" + wrk.ID.ACLString() policy := &api.ACLPolicy{ Name: policyName, Description: policyName, } if enterprise { - policy.Partition = svc.ID.Partition + policy.Partition = wrk.ID.Partition policy.Namespace = "default" } if enterprise { - if svc.ID.Partition == "default" { + if wrk.ID.Partition == "default" { policy.Rules = meshGatewayEntDefaultRules } else { policy.Rules = meshGatewayEntNonDefaultRules diff --git a/testing/deployer/sprawl/boot.go b/testing/deployer/sprawl/boot.go index 89c887c7574e..6c3344366b4e 100644 --- a/testing/deployer/sprawl/boot.go +++ b/testing/deployer/sprawl/boot.go @@ -32,9 +32,11 @@ const ( func (s *Sprawl) launch() error { return s.launchType(true) } + func (s *Sprawl) relaunch() error { return s.launchType(false) } + func (s *Sprawl) launchType(firstTime bool) (launchErr error) { if err := build.DockerImages(s.logger, s.runner, s.topology); err != nil { return fmt.Errorf("build.DockerImages: %w", err) @@ -180,6 +182,7 @@ func (s *Sprawl) assignIPAddresses() error { return fmt.Errorf("unknown network %q", addr.Network) } addr.IPAddress = net.IPByIndex(node.Index) + s.logger.Info("assign addr", "node", node.Name, "addr", addr.IPAddress, "enabled", !node.Disabled) } } } @@ -234,6 +237,14 @@ func (s *Sprawl) initConsulServers() error { return fmt.Errorf("error creating final client for cluster=%s: %v", cluster.Name, err) } + // Connect to gRPC as well. + if cluster.EnableV2 { + s.grpcConns[cluster.Name], s.grpcConnCancel[cluster.Name], err = s.dialServerGRPC(cluster, node, mgmtToken) + if err != nil { + return fmt.Errorf("error creating gRPC client conn for cluster=%s: %w", cluster.Name, err) + } + } + // For some reason the grpc resolver stuff for partitions takes some // time to get ready. s.waitForLocalWrites(cluster, mgmtToken) @@ -249,6 +260,13 @@ func (s *Sprawl) initConsulServers() error { return fmt.Errorf("populateInitialConfigEntries[%s]: %w", cluster.Name, err) } + if cluster.EnableV2 { + // Resources are available only in V2 + if err := s.populateInitialResources(cluster); err != nil { + return fmt.Errorf("populateInitialResources[%s]: %w", cluster.Name, err) + } + } + if err := s.createAnonymousToken(cluster); err != nil { return fmt.Errorf("createAnonymousToken[%s]: %w", cluster.Name, err) } @@ -281,12 +299,12 @@ func (s *Sprawl) createFirstTime() error { // Ideally we start services WITH a token initially, so we pre-create them // before running terraform for them. - if err := s.createAllServiceTokens(); err != nil { - return fmt.Errorf("createAllServiceTokens: %w", err) + if err := s.createAllWorkloadTokens(); err != nil { + return fmt.Errorf("createAllWorkloadTokens: %w", err) } - if err := s.registerAllServicesForDataplaneInstances(); err != nil { - return fmt.Errorf("registerAllServicesForDataplaneInstances: %w", err) + if err := s.syncAllServicesForDataplaneInstances(); err != nil { + return fmt.Errorf("syncAllServicesForDataplaneInstances: %w", err) } // We can do this ahead, because we've incrementally run terraform as @@ -349,12 +367,12 @@ func (s *Sprawl) preRegenTasks() error { // Ideally we start services WITH a token initially, so we pre-create them // before running terraform for them. - if err := s.createAllServiceTokens(); err != nil { - return fmt.Errorf("createAllServiceTokens: %w", err) + if err := s.createAllWorkloadTokens(); err != nil { + return fmt.Errorf("createAllWorkloadTokens: %w", err) } - if err := s.registerAllServicesForDataplaneInstances(); err != nil { - return fmt.Errorf("registerAllServicesForDataplaneInstances: %w", err) + if err := s.syncAllServicesForDataplaneInstances(); err != nil { + return fmt.Errorf("syncAllServicesForDataplaneInstances: %w", err) } return nil @@ -456,6 +474,9 @@ func (s *Sprawl) waitForLocalWrites(cluster *topology.Cluster, token string) { } func (s *Sprawl) waitForClientAntiEntropyOnce(cluster *topology.Cluster) error { + if cluster.EnableV2 { + return nil // v1 catalog is disabled when v2 catalog is enabled + } var ( client = s.clients[cluster.Name] logger = s.logger.With("cluster", cluster.Name) @@ -504,7 +525,7 @@ func (s *Sprawl) waitForClientAntiEntropyOnce(cluster *topology.Cluster) error { logger.Debug("all nodes have posted node updates, so first anti-entropy has happened", "elapsed", dur) return nil } - logger.Debug("not all client nodes have posted node updates yet", "nodes", stragglers) + logger.Debug("not all nodes have posted node updates yet", "nodes", stragglers) time.Sleep(1 * time.Second) } @@ -514,10 +535,10 @@ func newGossipKey() (string, error) { key := make([]byte, 16) n, err := rand.Reader.Read(key) if err != nil { - return "", fmt.Errorf("Error reading random data: %s", err) + return "", fmt.Errorf("error reading random data: %s", err) } if n != 16 { - return "", fmt.Errorf("Couldn't read enough entropy. Generate more entropy!") + return "", fmt.Errorf("couldn't read enough entropy. Generate more entropy") } return base64.StdEncoding.EncodeToString(key), nil } diff --git a/testing/deployer/sprawl/catalog.go b/testing/deployer/sprawl/catalog.go index fc5d2dbc399d..59a42fd895ea 100644 --- a/testing/deployer/sprawl/catalog.go +++ b/testing/deployer/sprawl/catalog.go @@ -4,16 +4,24 @@ package sprawl import ( + "context" "fmt" "net/http" "time" "github.com/hashicorp/consul/api" + pbauth "github.com/hashicorp/consul/proto-public/pbauth/v2beta1" + pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" + pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" + "github.com/hashicorp/consul/proto-public/pbresource" + "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/types/known/anypb" "github.com/hashicorp/consul/testing/deployer/topology" "github.com/hashicorp/consul/testing/deployer/util" ) +// registerAllServicesToAgents registers services in agent-ful mode func (s *Sprawl) registerAllServicesToAgents() error { for _, cluster := range s.topology.Clusters { if err := s.registerServicesToAgents(cluster); err != nil { @@ -23,10 +31,10 @@ func (s *Sprawl) registerAllServicesToAgents() error { return nil } -func (s *Sprawl) registerAllServicesForDataplaneInstances() error { +func (s *Sprawl) syncAllServicesForDataplaneInstances() error { for _, cluster := range s.topology.Clusters { - if err := s.registerServicesForDataplaneInstances(cluster); err != nil { - return fmt.Errorf("registerServicesForDataplaneInstances[%s]: %w", cluster.Name, err) + if err := s.syncWorkloadsForDataplaneInstances(cluster); err != nil { + return fmt.Errorf("syncWorkloadsForDataplaneInstances[%s]: %w", cluster.Name, err) } } return nil @@ -34,13 +42,16 @@ func (s *Sprawl) registerAllServicesForDataplaneInstances() error { func (s *Sprawl) registerServicesToAgents(cluster *topology.Cluster) error { for _, node := range cluster.Nodes { - if !node.RunsWorkloads() || len(node.Services) == 0 || node.Disabled { + if !node.RunsWorkloads() || len(node.Workloads) == 0 || node.Disabled { continue } if !node.IsAgent() { continue } + if node.IsV2() { + panic("don't call this") + } agentClient, err := util.ProxyAPIClient( node.LocalProxyPort(), @@ -52,8 +63,8 @@ func (s *Sprawl) registerServicesToAgents(cluster *topology.Cluster) error { return err } - for _, svc := range node.Services { - if err := s.registerAgentService(agentClient, cluster, node, svc); err != nil { + for _, wrk := range node.Workloads { + if err := s.registerAgentService(agentClient, cluster, node, wrk); err != nil { return err } } @@ -66,14 +77,17 @@ func (s *Sprawl) registerAgentService( agentClient *api.Client, cluster *topology.Cluster, node *topology.Node, - svc *topology.Service, + wrk *topology.Workload, ) error { if !node.IsAgent() { panic("called wrong method type") } + if node.IsV2() { + panic("don't call this") + } - if svc.IsMeshGateway { - return nil // handled at startup time for agent-full, but won't be for agent-less + if wrk.IsMeshGateway { + return nil // handled at startup time for agent-ful, but won't be for agent-less } var ( @@ -81,31 +95,31 @@ func (s *Sprawl) registerAgentService( ) reg := &api.AgentServiceRegistration{ - ID: svc.ID.Name, - Name: svc.ID.Name, - Port: svc.Port, - Meta: svc.Meta, + ID: wrk.ID.Name, + Name: wrk.ID.Name, + Port: wrk.Port, + Meta: wrk.Meta, } if cluster.Enterprise { - reg.Namespace = svc.ID.Namespace - reg.Partition = svc.ID.Partition + reg.Namespace = wrk.ID.Namespace + reg.Partition = wrk.ID.Partition } - if !svc.DisableServiceMesh { + if !wrk.DisableServiceMesh { var upstreams []api.Upstream - for _, u := range svc.Upstreams { + for _, dest := range wrk.Destinations { uAPI := api.Upstream{ - DestinationPeer: u.Peer, - DestinationName: u.ID.Name, - LocalBindAddress: u.LocalAddress, - LocalBindPort: u.LocalPort, + DestinationPeer: dest.Peer, + DestinationName: dest.ID.Name, + LocalBindAddress: dest.LocalAddress, + LocalBindPort: dest.LocalPort, // Config map[string]interface{} `json:",omitempty" bexpr:"-"` // MeshGateway MeshGatewayConfig `json:",omitempty"` } if cluster.Enterprise { - uAPI.DestinationNamespace = u.ID.Namespace - if u.Peer == "" { - uAPI.DestinationPartition = u.ID.Partition + uAPI.DestinationNamespace = dest.ID.Namespace + if dest.Peer == "" { + uAPI.DestinationPartition = dest.ID.Partition } } upstreams = append(upstreams, uAPI) @@ -120,18 +134,18 @@ func (s *Sprawl) registerAgentService( } switch { - case svc.CheckTCP != "": + case wrk.CheckTCP != "": chk := &api.AgentServiceCheck{ Name: "up", - TCP: svc.CheckTCP, + TCP: wrk.CheckTCP, Interval: "5s", Timeout: "1s", } reg.Checks = append(reg.Checks, chk) - case svc.CheckHTTP != "": + case wrk.CheckHTTP != "": chk := &api.AgentServiceCheck{ Name: "up", - HTTP: svc.CheckHTTP, + HTTP: wrk.CheckHTTP, Method: "GET", Interval: "5s", Timeout: "1s", @@ -141,7 +155,7 @@ func (s *Sprawl) registerAgentService( // Switch token for every request. hdr := make(http.Header) - hdr.Set("X-Consul-Token", s.secrets.ReadServiceToken(cluster.Name, svc.ID)) + hdr.Set("X-Consul-Token", s.secrets.ReadWorkloadToken(cluster.Name, wrk.ID)) agentClient.SetHeaders(hdr) RETRY: @@ -150,22 +164,107 @@ RETRY: time.Sleep(50 * time.Millisecond) goto RETRY } - return fmt.Errorf("failed to register service %q to node %q: %w", svc.ID, node.ID(), err) + return fmt.Errorf("failed to register workload %q to node %q: %w", wrk.ID, node.ID(), err) } - logger.Debug("registered service to client agent", - "service", svc.ID.Name, + logger.Debug("registered workload to client agent", + "workload", wrk.ID.Name, "node", node.Name, - "namespace", svc.ID.Namespace, - "partition", svc.ID.Partition, + "namespace", wrk.ID.Namespace, + "partition", wrk.ID.Partition, ) return nil } -func (s *Sprawl) registerServicesForDataplaneInstances(cluster *topology.Cluster) error { +// syncWorkloadsForDataplaneInstances register/deregister services in the given cluster +func (s *Sprawl) syncWorkloadsForDataplaneInstances(cluster *topology.Cluster) error { + identityInfo := make(map[topology.ID]*Resource[*pbauth.WorkloadIdentity]) + + // registerWorkloadToNode is called when node is not disabled + registerWorkloadToNode := func(node *topology.Node, wrk *topology.Workload) error { + if node.IsV2() { + pending := workloadInstanceToResources(node, wrk) + + workloadID := topology.NewID(wrk.WorkloadIdentity, wrk.ID.Namespace, wrk.ID.Partition) + if _, ok := identityInfo[workloadID]; !ok { + identityInfo[workloadID] = pending.WorkloadIdentity + } + + // Write workload + res, err := pending.Workload.Build() + if err != nil { + return fmt.Errorf("error serializing resource %s: %w", util.IDToString(pending.Workload.Resource.Id), err) + } + workload, err := s.writeResource(cluster, res) + if err != nil { + return err + } + // Write check linked to workload + for _, check := range pending.HealthStatuses { + check.Resource.Owner = workload.Id + res, err := check.Build() + if err != nil { + return fmt.Errorf("error serializing resource %s: %w", util.IDToString(check.Resource.Id), err) + } + if _, err := s.writeResource(cluster, res); err != nil { + return err + } + } + // maybe write destinations + if pending.Destinations != nil { + res, err := pending.Destinations.Build() + if err != nil { + return fmt.Errorf("error serializing resource %s: %w", util.IDToString(pending.Destinations.Resource.Id), err) + } + if _, err := s.writeResource(cluster, res); err != nil { + return err + } + } + if pending.ProxyConfiguration != nil { + res, err := pending.ProxyConfiguration.Build() + if err != nil { + return fmt.Errorf("error serializing resource %s: %w", util.IDToString(pending.ProxyConfiguration.Resource.Id), err) + } + if _, err := s.writeResource(cluster, res); err != nil { + return err + } + } + } else { + if err := s.registerCatalogServiceV1(cluster, node, wrk); err != nil { + return fmt.Errorf("error registering service: %w", err) + } + if !wrk.DisableServiceMesh { + if err := s.registerCatalogSidecarServiceV1(cluster, node, wrk); err != nil { + return fmt.Errorf("error registering sidecar service: %w", err) + } + } + } + return nil + } + + // deregisterWorkloadFromNode is called when node is disabled + deregisterWorkloadFromNode := func(node *topology.Node, wrk *topology.Workload) error { + if node.IsV2() { + // TODO: implement deregister workload for v2 + panic("deregister workload is not implemented for V2") + } else { + if err := s.deregisterCatalogServiceV1(cluster, node, wrk); err != nil { + return fmt.Errorf("error deregistering service: %w", err) + } + if !wrk.DisableServiceMesh { + if err := s.deregisterCatalogSidecarServiceV1(cluster, node, wrk); err != nil { + return fmt.Errorf("error deregistering sidecar service: %w", err) + } + } + } + return nil + } + + var syncWorkload func(node *topology.Node, wrk *topology.Workload) error + for _, node := range cluster.Nodes { - if !node.RunsWorkloads() || len(node.Services) == 0 || node.Disabled { + if !node.RunsWorkloads() || len(node.Workloads) == 0 { continue } @@ -173,18 +272,65 @@ func (s *Sprawl) registerServicesForDataplaneInstances(cluster *topology.Cluster continue } - if err := s.registerCatalogNode(cluster, node); err != nil { - return fmt.Errorf("error registering virtual node: %w", err) + // Register virtual node service first if node is not disabled + if !node.Disabled { + if err := s.registerCatalogNode(cluster, node); err != nil { + return fmt.Errorf("error registering virtual node: %w", err) + } } - for _, svc := range node.Services { - if err := s.registerCatalogService(cluster, node, svc); err != nil { - return fmt.Errorf("error registering service: %w", err) + // Register/deregister services on the node + for _, wrk := range node.Workloads { + if !node.Disabled { + syncWorkload = registerWorkloadToNode + } else { + syncWorkload = deregisterWorkloadFromNode } - if !svc.DisableServiceMesh { - if err := s.registerCatalogSidecarService(cluster, node, svc); err != nil { - return fmt.Errorf("error registering sidecar service: %w", err) - } + if err := syncWorkload(node, wrk); err != nil { + return err + } + } + + // Deregister the virtual node if node is disabled + if node.Disabled { + if err := s.deregisterCatalogNode(cluster, node); err != nil { + return fmt.Errorf("error deregistering virtual node: %w", err) + } + } + } + + if cluster.EnableV2 { + for _, identity := range identityInfo { + res, err := identity.Build() + if err != nil { + return fmt.Errorf("error serializing resource %s: %w", util.IDToString(identity.Resource.Id), err) + } + if _, err := s.writeResource(cluster, res); err != nil { + return err + } + } + + for id, svcData := range cluster.Services { + svcInfo := &Resource[*pbcatalog.Service]{ + Resource: &pbresource.Resource{ + Id: &pbresource.ID{ + Type: pbcatalog.ServiceType, + Name: id.Name, + Tenancy: &pbresource.Tenancy{ + Partition: id.Partition, + Namespace: id.Namespace, + }, + }, + }, + Data: svcData, + } + + res, err := svcInfo.Build() + if err != nil { + return fmt.Errorf("error serializing resource %s: %w", util.IDToString(svcInfo.Resource.Id), err) + } + if _, err := s.writeResource(cluster, res); err != nil { + return err } } } @@ -195,6 +341,96 @@ func (s *Sprawl) registerServicesForDataplaneInstances(cluster *topology.Cluster func (s *Sprawl) registerCatalogNode( cluster *topology.Cluster, node *topology.Node, +) error { + if node.IsV2() { + + // TODO(rb): nodes are optional in v2 and won't be used in k8s by + // default. There are some scoping issues with the Node Type in 1.17 so + // disable it for now. + // + // To re-enable you also need to link it to the Workload by setting the + // NodeName field. + // + // return s.registerCatalogNodeV2(cluster, node) + return nil + } + return s.registerCatalogNodeV1(cluster, node) +} + +func (s *Sprawl) deregisterCatalogNode( + cluster *topology.Cluster, + node *topology.Node, +) error { + if node.IsV2() { + panic("deregister V2 node is not implemented") + } + return s.deregisterCatalogNodeV1(cluster, node) +} + +func (s *Sprawl) registerCatalogNodeV2( + cluster *topology.Cluster, + node *topology.Node, +) error { + if !node.IsDataplane() { + panic("called wrong method type") + } + + nodeRes := &Resource[*pbcatalog.Node]{ + Resource: &pbresource.Resource{ + Id: &pbresource.ID{ + Type: pbcatalog.NodeType, + Name: node.PodName(), + Tenancy: &pbresource.Tenancy{ + Partition: node.Partition, + Namespace: "default", // temporary requirement + }, + }, + Metadata: map[string]string{ + "dataplane-faux": "1", + }, + }, + Data: &pbcatalog.Node{ + Addresses: []*pbcatalog.NodeAddress{ + {Host: node.LocalAddress()}, + }, + }, + } + + res, err := nodeRes.Build() + if err != nil { + return err + } + + _, err = s.writeResource(cluster, res) + return err +} + +func (s *Sprawl) writeResource(cluster *topology.Cluster, res *pbresource.Resource) (*pbresource.Resource, error) { + var ( + client = s.getResourceClient(cluster.Name) + logger = s.logger.With("cluster", cluster.Name) + ) + + ctx := s.getManagementTokenContext(context.Background(), cluster.Name) +RETRY: + wrote, err := client.Write(ctx, &pbresource.WriteRequest{ + Resource: res, + }) + if err != nil { + if isACLNotFound(err) { // TODO: is this right for v2? + time.Sleep(50 * time.Millisecond) + goto RETRY + } + return nil, fmt.Errorf("error creating resource %s: %w", util.IDToString(res.Id), err) + } + + logger.Info("resource upserted", "id", util.IDToString(res.Id)) + return wrote.Resource, nil +} + +func (s *Sprawl) registerCatalogNodeV1( + cluster *topology.Cluster, + node *topology.Node, ) error { if !node.IsDataplane() { panic("called wrong method type") @@ -233,10 +469,9 @@ RETRY: return nil } -func (s *Sprawl) registerCatalogService( +func (s *Sprawl) deregisterCatalogNodeV1( cluster *topology.Cluster, node *topology.Node, - svc *topology.Service, ) error { if !node.IsDataplane() { panic("called wrong method type") @@ -247,7 +482,87 @@ func (s *Sprawl) registerCatalogService( logger = s.logger.With("cluster", cluster.Name) ) - reg := serviceToCatalogRegistration(cluster, node, svc) + dereg := &api.CatalogDeregistration{ + Node: node.PodName(), + Address: node.LocalAddress(), + } + if cluster.Enterprise { + dereg.Partition = node.Partition + } + + // deregister synthetic node +RETRY: + if _, err := client.Catalog().Deregister(dereg, nil); err != nil { + if isACLNotFound(err) { + time.Sleep(50 * time.Millisecond) + goto RETRY + } + return fmt.Errorf("error deregistering virtual node %s: %w", node.ID(), err) + } + + logger.Info("virtual node removed", + "node", node.ID(), + ) + + return nil +} + +func (s *Sprawl) deregisterCatalogServiceV1( + cluster *topology.Cluster, + node *topology.Node, + wrk *topology.Workload, +) error { + if !node.IsDataplane() { + panic("called wrong method type") + } + if node.IsV2() { + panic("don't call this") + } + + var ( + client = s.clients[cluster.Name] + logger = s.logger.With("cluster", cluster.Name) + ) + + dereg := &api.CatalogDeregistration{ + Node: node.PodName(), + ServiceID: wrk.ID.Name, + } +RETRY: + if _, err := client.Catalog().Deregister(dereg, nil); err != nil { + if isACLNotFound(err) { + time.Sleep(50 * time.Millisecond) + goto RETRY + } + return fmt.Errorf("error deregistering service %s at node %s: %w", wrk.ID, node.ID(), err) + } + + logger.Info("dataplane service removed", + "service", wrk.ID, + "node", node.ID(), + ) + + return nil +} + +func (s *Sprawl) registerCatalogServiceV1( + cluster *topology.Cluster, + node *topology.Node, + wrk *topology.Workload, +) error { + if !node.IsDataplane() { + panic("called wrong method type") + } + if node.IsV2() { + panic("don't call this") + } + + var ( + client = s.clients[cluster.Name] + logger = s.logger.With("cluster", cluster.Name) + ) + + reg := workloadToCatalogRegistration(cluster, node, wrk) RETRY: if _, err := client.Catalog().Register(reg, nil); err != nil { @@ -255,42 +570,89 @@ RETRY: time.Sleep(50 * time.Millisecond) goto RETRY } - return fmt.Errorf("error registering service %s to node %s: %w", svc.ID, node.ID(), err) + return fmt.Errorf("error registering service %s to node %s: %w", wrk.ID, node.ID(), err) } logger.Debug("dataplane service created", - "service", svc.ID, + "service", wrk.ID, "node", node.ID(), ) return nil } -func (s *Sprawl) registerCatalogSidecarService( +func (s *Sprawl) deregisterCatalogSidecarServiceV1( cluster *topology.Cluster, node *topology.Node, - svc *topology.Service, + wrk *topology.Workload, ) error { if !node.IsDataplane() { panic("called wrong method type") } - if svc.DisableServiceMesh { + if wrk.DisableServiceMesh { panic("not valid") } + if node.IsV2() { + panic("don't call this") + } + + var ( + client = s.clients[cluster.Name] + logger = s.logger.With("cluster", cluster.Name) + ) + + pid := wrk.ID + pid.Name += "-sidecar-proxy" + dereg := &api.CatalogDeregistration{ + Node: node.PodName(), + ServiceID: pid.Name, + } + +RETRY: + if _, err := client.Catalog().Deregister(dereg, nil); err != nil { + if isACLNotFound(err) { + time.Sleep(50 * time.Millisecond) + goto RETRY + } + return fmt.Errorf("error deregistering service %s to node %s: %w", wrk.ID, node.ID(), err) + } + + logger.Info("dataplane sidecar service removed", + "service", pid, + "node", node.ID(), + ) + + return nil +} + +func (s *Sprawl) registerCatalogSidecarServiceV1( + cluster *topology.Cluster, + node *topology.Node, + wrk *topology.Workload, +) error { + if !node.IsDataplane() { + panic("called wrong method type") + } + if wrk.DisableServiceMesh { + panic("not valid") + } + if node.IsV2() { + panic("don't call this") + } var ( client = s.clients[cluster.Name] logger = s.logger.With("cluster", cluster.Name) ) - pid, reg := serviceToSidecarCatalogRegistration(cluster, node, svc) + pid, reg := workloadToSidecarCatalogRegistration(cluster, node, wrk) RETRY: if _, err := client.Catalog().Register(reg, nil); err != nil { if isACLNotFound(err) { time.Sleep(50 * time.Millisecond) goto RETRY } - return fmt.Errorf("error registering service %s to node %s: %w", svc.ID, node.ID(), err) + return fmt.Errorf("error registering service %s to node %s: %w", wrk.ID, node.ID(), err) } logger.Debug("dataplane sidecar service created", @@ -301,24 +663,200 @@ RETRY: return nil } -func serviceToCatalogRegistration( +type Resource[V proto.Message] struct { + Resource *pbresource.Resource + Data V +} + +func (r *Resource[V]) Build() (*pbresource.Resource, error) { + anyData, err := anypb.New(r.Data) + if err != nil { + return nil, err + } + r.Resource.Data = anyData + return r.Resource, nil +} + +type ServiceResources struct { + Workload *Resource[*pbcatalog.Workload] + HealthStatuses []*Resource[*pbcatalog.HealthStatus] + Destinations *Resource[*pbmesh.Destinations] + WorkloadIdentity *Resource[*pbauth.WorkloadIdentity] + ProxyConfiguration *Resource[*pbmesh.ProxyConfiguration] +} + +func workloadInstanceToResources( + node *topology.Node, + wrk *topology.Workload, +) *ServiceResources { + if wrk.IsMeshGateway { + panic("v2 does not yet support mesh gateways") + } + + tenancy := &pbresource.Tenancy{ + Partition: wrk.ID.Partition, + Namespace: wrk.ID.Namespace, + } + + var ( + wlPorts = map[string]*pbcatalog.WorkloadPort{} + ) + for name, port := range wrk.Ports { + wlPorts[name] = &pbcatalog.WorkloadPort{ + Port: uint32(port.Number), + Protocol: port.ActualProtocol, + } + } + + var ( + selector = &pbcatalog.WorkloadSelector{ + Names: []string{wrk.Workload}, + } + + workloadRes = &Resource[*pbcatalog.Workload]{ + Resource: &pbresource.Resource{ + Id: &pbresource.ID{ + Type: pbcatalog.WorkloadType, + Name: wrk.Workload, + Tenancy: tenancy, + }, + Metadata: wrk.Meta, + }, + Data: &pbcatalog.Workload{ + // TODO(rb): disabling this until node scoping makes sense again + // NodeName: node.PodName(), + Identity: wrk.WorkloadIdentity, + Ports: wlPorts, + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: node.LocalAddress()}, + }, + }, + } + workloadIdentityRes = &Resource[*pbauth.WorkloadIdentity]{ + Resource: &pbresource.Resource{ + Id: &pbresource.ID{ + Type: pbauth.WorkloadIdentityType, + Name: wrk.WorkloadIdentity, + Tenancy: tenancy, + }, + }, + Data: &pbauth.WorkloadIdentity{}, + } + + healthResList []*Resource[*pbcatalog.HealthStatus] + destinationsRes *Resource[*pbmesh.Destinations] + proxyConfigRes *Resource[*pbmesh.ProxyConfiguration] + ) + + if wrk.HasCheck() { + // TODO: needs ownerId + checkRes := &Resource[*pbcatalog.HealthStatus]{ + Resource: &pbresource.Resource{ + Id: &pbresource.ID{ + Type: pbcatalog.HealthStatusType, + Name: wrk.Workload + "-check-0", + Tenancy: tenancy, + }, + }, + Data: &pbcatalog.HealthStatus{ + Type: "external-sync", + Status: pbcatalog.Health_HEALTH_PASSING, + }, + } + + healthResList = []*Resource[*pbcatalog.HealthStatus]{checkRes} + } + + if node.HasPublicAddress() { + workloadRes.Data.Addresses = append(workloadRes.Data.Addresses, + &pbcatalog.WorkloadAddress{Host: node.PublicAddress(), External: true}, + ) + } + + if !wrk.DisableServiceMesh { + destinationsRes = &Resource[*pbmesh.Destinations]{ + Resource: &pbresource.Resource{ + Id: &pbresource.ID{ + Type: pbmesh.DestinationsType, + Name: wrk.Workload, + Tenancy: tenancy, + }, + }, + Data: &pbmesh.Destinations{ + Workloads: selector, + }, + } + + for _, dest := range wrk.Destinations { + meshDest := &pbmesh.Destination{ + DestinationRef: &pbresource.Reference{ + Type: pbcatalog.ServiceType, + Name: dest.ID.Name, + Tenancy: &pbresource.Tenancy{ + Partition: dest.ID.Partition, + Namespace: dest.ID.Namespace, + }, + }, + DestinationPort: dest.PortName, + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{ + Ip: dest.LocalAddress, + Port: uint32(dest.LocalPort), + }, + }, + } + destinationsRes.Data.Destinations = append(destinationsRes.Data.Destinations, meshDest) + } + + if wrk.EnableTransparentProxy { + proxyConfigRes = &Resource[*pbmesh.ProxyConfiguration]{ + Resource: &pbresource.Resource{ + Id: &pbresource.ID{ + Type: pbmesh.ProxyConfigurationType, + Name: wrk.Workload, + Tenancy: tenancy, + }, + }, + Data: &pbmesh.ProxyConfiguration{ + Workloads: selector, + DynamicConfig: &pbmesh.DynamicConfig{ + Mode: pbmesh.ProxyMode_PROXY_MODE_TRANSPARENT, + }, + }, + } + } + } + + return &ServiceResources{ + Workload: workloadRes, + HealthStatuses: healthResList, + Destinations: destinationsRes, + WorkloadIdentity: workloadIdentityRes, + ProxyConfiguration: proxyConfigRes, + } +} + +func workloadToCatalogRegistration( cluster *topology.Cluster, node *topology.Node, - svc *topology.Service, + wrk *topology.Workload, ) *api.CatalogRegistration { + if node.IsV2() { + panic("don't call this") + } reg := &api.CatalogRegistration{ Node: node.PodName(), SkipNodeUpdate: true, Service: &api.AgentService{ Kind: api.ServiceKindTypical, - ID: svc.ID.Name, - Service: svc.ID.Name, - Meta: svc.Meta, - Port: svc.Port, + ID: wrk.ID.Name, + Service: wrk.ID.Name, + Meta: wrk.Meta, + Port: wrk.Port, Address: node.LocalAddress(), }, } - if svc.IsMeshGateway { + if wrk.IsMeshGateway { reg.Service.Kind = api.ServiceKindMeshGateway reg.Service.Proxy = &api.AgentServiceConnectProxyConfig{ Config: map[string]interface{}{ @@ -342,46 +880,46 @@ func serviceToCatalogRegistration( reg.Service.TaggedAddresses = map[string]api.ServiceAddress{ "lan": { Address: node.LocalAddress(), - Port: svc.Port, + Port: wrk.Port, }, "lan_ipv4": { Address: node.LocalAddress(), - Port: svc.Port, + Port: wrk.Port, }, "wan": { Address: node.PublicAddress(), - Port: svc.Port, + Port: wrk.Port, }, "wan_ipv4": { Address: node.PublicAddress(), - Port: svc.Port, + Port: wrk.Port, }, } } if cluster.Enterprise { - reg.Partition = svc.ID.Partition - reg.Service.Namespace = svc.ID.Namespace - reg.Service.Partition = svc.ID.Partition + reg.Partition = wrk.ID.Partition + reg.Service.Namespace = wrk.ID.Namespace + reg.Service.Partition = wrk.ID.Partition } - if svc.HasCheck() { + if wrk.HasCheck() { chk := &api.HealthCheck{ Name: "external sync", // Type: "external-sync", Status: "passing", // TODO - ServiceID: svc.ID.Name, - ServiceName: svc.ID.Name, + ServiceID: wrk.ID.Name, + ServiceName: wrk.ID.Name, Output: "", } if cluster.Enterprise { - chk.Namespace = svc.ID.Namespace - chk.Partition = svc.ID.Partition + chk.Namespace = wrk.ID.Namespace + chk.Partition = wrk.ID.Partition } switch { - case svc.CheckTCP != "": - chk.Definition.TCP = svc.CheckTCP - case svc.CheckHTTP != "": - chk.Definition.HTTP = svc.CheckHTTP + case wrk.CheckTCP != "": + chk.Definition.TCP = wrk.CheckTCP + case wrk.CheckHTTP != "": + chk.Definition.HTTP = wrk.CheckHTTP chk.Definition.Method = "GET" } reg.Checks = append(reg.Checks, chk) @@ -389,12 +927,15 @@ func serviceToCatalogRegistration( return reg } -func serviceToSidecarCatalogRegistration( +func workloadToSidecarCatalogRegistration( cluster *topology.Cluster, node *topology.Node, - svc *topology.Service, -) (topology.ServiceID, *api.CatalogRegistration) { - pid := svc.ID + wrk *topology.Workload, +) (topology.ID, *api.CatalogRegistration) { + if node.IsV2() { + panic("don't call this") + } + pid := wrk.ID pid.Name += "-sidecar-proxy" reg := &api.CatalogRegistration{ Node: node.PodName(), @@ -403,13 +944,13 @@ func serviceToSidecarCatalogRegistration( Kind: api.ServiceKindConnectProxy, ID: pid.Name, Service: pid.Name, - Meta: svc.Meta, - Port: svc.EnvoyPublicListenerPort, + Meta: wrk.Meta, + Port: wrk.EnvoyPublicListenerPort, Address: node.LocalAddress(), Proxy: &api.AgentServiceConnectProxyConfig{ - DestinationServiceName: svc.ID.Name, - DestinationServiceID: svc.ID.Name, - LocalServicePort: svc.Port, + DestinationServiceName: wrk.ID.Name, + DestinationServiceID: wrk.ID.Name, + LocalServicePort: wrk.Port, }, }, Checks: []*api.HealthCheck{{ @@ -419,7 +960,7 @@ func serviceToSidecarCatalogRegistration( ServiceID: pid.Name, ServiceName: pid.Name, Definition: api.HealthCheckDefinition{ - TCP: fmt.Sprintf("%s:%d", node.LocalAddress(), svc.EnvoyPublicListenerPort), + TCP: fmt.Sprintf("%s:%d", node.LocalAddress(), wrk.EnvoyPublicListenerPort), }, Output: "", }}, @@ -440,17 +981,17 @@ func serviceToSidecarCatalogRegistration( reg.Checks[0].Partition = pid.Partition } - for _, u := range svc.Upstreams { + for _, dest := range wrk.Destinations { pu := api.Upstream{ - DestinationName: u.ID.Name, - DestinationPeer: u.Peer, - LocalBindAddress: u.LocalAddress, - LocalBindPort: u.LocalPort, + DestinationName: dest.ID.Name, + DestinationPeer: dest.Peer, + LocalBindAddress: dest.LocalAddress, + LocalBindPort: dest.LocalPort, } if cluster.Enterprise { - pu.DestinationNamespace = u.ID.Namespace - if u.Peer == "" { - pu.DestinationPartition = u.ID.Partition + pu.DestinationNamespace = dest.ID.Namespace + if dest.Peer == "" { + pu.DestinationPartition = dest.ID.Partition } } reg.Service.Proxy.Upstreams = append(reg.Service.Proxy.Upstreams, pu) diff --git a/testing/deployer/sprawl/consul.go b/testing/deployer/sprawl/consul.go index 269313578415..205fb0235f0e 100644 --- a/testing/deployer/sprawl/consul.go +++ b/testing/deployer/sprawl/consul.go @@ -4,17 +4,29 @@ package sprawl import ( + "context" "errors" "fmt" "time" "github.com/hashicorp/consul/api" + "github.com/hashicorp/consul/proto-public/pbresource" "github.com/hashicorp/consul/testing/deployer/sprawl/internal/secrets" "github.com/hashicorp/consul/testing/deployer/topology" "github.com/hashicorp/consul/testing/deployer/util" ) +func (s *Sprawl) getResourceClient(clusterName string) pbresource.ResourceServiceClient { + return pbresource.NewResourceServiceClient(s.grpcConns[clusterName]) +} + +func (s *Sprawl) getManagementTokenContext(ctx context.Context, clusterName string) context.Context { + mgmtToken := s.secrets.ReadGeneric(clusterName, secrets.BootstrapToken) + //nolint:staticcheck + return context.WithValue(ctx, "x-consul-token", mgmtToken) +} + func getLeader(client *api.Client) (string, error) { leaderAdd, err := client.Status().Leader() if err != nil { diff --git a/testing/deployer/sprawl/details.go b/testing/deployer/sprawl/details.go index c463d310d873..d4e6dea45b32 100644 --- a/testing/deployer/sprawl/details.go +++ b/testing/deployer/sprawl/details.go @@ -59,24 +59,29 @@ func (s *Sprawl) PrintDetails() error { }) } - for _, svc := range node.Services { - if svc.IsMeshGateway { + for _, wrk := range node.Workloads { + if wrk.IsMeshGateway { cd.Apps = append(cd.Apps, appDetail{ Type: "mesh-gateway", Container: node.DockerName(), - ExposedPort: node.ExposedPort(svc.Port), - ExposedEnvoyAdminPort: node.ExposedPort(svc.EnvoyAdminPort), + ExposedPort: node.ExposedPort(wrk.Port), + ExposedEnvoyAdminPort: node.ExposedPort(wrk.EnvoyAdminPort), Addresses: addrs, - Service: svc.ID.String(), + Service: wrk.ID.String(), }) } else { + ports := make(map[string]int) + for name, port := range wrk.Ports { + ports[name] = node.ExposedPort(port.Number) + } cd.Apps = append(cd.Apps, appDetail{ Type: "app", Container: node.DockerName(), - ExposedPort: node.ExposedPort(svc.Port), - ExposedEnvoyAdminPort: node.ExposedPort(svc.EnvoyAdminPort), + ExposedPort: node.ExposedPort(wrk.Port), + ExposedPorts: ports, + ExposedEnvoyAdminPort: node.ExposedPort(wrk.EnvoyAdminPort), Addresses: addrs, - Service: svc.ID.String(), + Service: wrk.ID.String(), }) } } @@ -115,19 +120,23 @@ func (s *Sprawl) PrintDetails() error { return false } - if a.Service < b.Service { - return true - } else if a.Service > b.Service { - return false - } - - return a.ExposedPort < b.ExposedPort + return a.Service < b.Service }) for _, d := range cluster.Apps { if d.Type == "server" && d.Container == cluster.Leader { d.Type = "leader" } - portStr := "app=" + strconv.Itoa(d.ExposedPort) + var portStr string + if len(d.ExposedPorts) > 0 { + var out []string + for name, exposed := range d.ExposedPorts { + out = append(out, fmt.Sprintf("app:%s=%d", name, exposed)) + } + sort.Strings(out) + portStr = strings.Join(out, " ") + } else { + portStr = "app=" + strconv.Itoa(d.ExposedPort) + } if d.ExposedEnvoyAdminPort > 0 { portStr += " envoy=" + strconv.Itoa(d.ExposedEnvoyAdminPort) } @@ -166,8 +175,9 @@ type appDetail struct { Type string // server|mesh-gateway|app Container string Addresses []string - ExposedPort int `json:",omitempty"` - ExposedEnvoyAdminPort int `json:",omitempty"` + ExposedPort int `json:",omitempty"` + ExposedPorts map[string]int `json:",omitempty"` + ExposedEnvoyAdminPort int `json:",omitempty"` // just services Service string `json:",omitempty"` } diff --git a/testing/deployer/sprawl/grpc.go b/testing/deployer/sprawl/grpc.go new file mode 100644 index 000000000000..fc4927bb32c8 --- /dev/null +++ b/testing/deployer/sprawl/grpc.go @@ -0,0 +1,42 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package sprawl + +import ( + "context" + "crypto/tls" + "fmt" + + "github.com/hashicorp/go-rootcerts" + "google.golang.org/grpc" + + "github.com/hashicorp/consul/testing/deployer/sprawl/internal/secrets" + "github.com/hashicorp/consul/testing/deployer/topology" + "github.com/hashicorp/consul/testing/deployer/util" +) + +func (s *Sprawl) dialServerGRPC(cluster *topology.Cluster, node *topology.Node, token string) (*grpc.ClientConn, func(), error) { + var ( + logger = s.logger.With("cluster", cluster.Name) + ) + + tls := &tls.Config{ + ServerName: fmt.Sprintf("server.%s.consul", cluster.Datacenter), + } + + rootConfig := &rootcerts.Config{ + CACertificate: []byte(s.secrets.ReadGeneric(cluster.Name, secrets.CAPEM)), + } + if err := rootcerts.ConfigureTLS(tls, rootConfig); err != nil { + return nil, nil, err + } + + return util.DialExposedGRPCConn( + context.Background(), + logger, + node.ExposedPort(8503), + token, + tls, + ) +} diff --git a/testing/deployer/sprawl/internal/build/docker.go b/testing/deployer/sprawl/internal/build/docker.go index ac1976dad4ee..53baa07ae784 100644 --- a/testing/deployer/sprawl/internal/build/docker.go +++ b/testing/deployer/sprawl/internal/build/docker.go @@ -35,28 +35,91 @@ USER 100:0 ENTRYPOINT [] ` +const dockerfileDataplaneForTProxy = ` +ARG DATAPLANE_IMAGE +ARG CONSUL_IMAGE +FROM ${CONSUL_IMAGE} AS consul +FROM ${DATAPLANE_IMAGE} AS distroless +FROM debian:bullseye-slim + +# undo the distroless aspect +COPY --from=distroless /usr/local/bin/discover /usr/local/bin/ +COPY --from=distroless /usr/local/bin/envoy /usr/local/bin/ +COPY --from=distroless /usr/local/bin/consul-dataplane /usr/local/bin/ +COPY --from=distroless /licenses/copyright.txt /licenses/ + +COPY --from=consul /bin/consul /bin/ + +# Install iptables and sudo, needed for tproxy. +RUN apt update -y \ + && apt install -y iptables sudo curl dnsutils + +RUN sed '/_apt/d' /etc/passwd > /etc/passwd.new \ + && mv -f /etc/passwd.new /etc/passwd \ + && adduser --uid=100 consul --no-create-home --disabled-password --system \ + && adduser consul sudo \ + && echo 'consul ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers + +COPY <<'EOF' /bin/tproxy-startup.sh +#!/bin/sh + +set -ex + +# HACK: UID of consul in the consul-client container +# This is conveniently also the UID of apt in the envoy container +CONSUL_UID=100 +ENVOY_UID=$(id -u) + +# - We allow 19000 so that the test can directly visit the envoy admin page. +# - We allow 20000 so that envoy can receive mTLS traffic from other nodes. +# - We (reluctantly) allow 8080 so that we can bypass envoy and talk to fortio +# to do test assertions. +sudo consul connect redirect-traffic \ + -proxy-uid $ENVOY_UID \ + -exclude-uid $CONSUL_UID \ + -proxy-inbound-port=15001 \ + -exclude-inbound-port=19000 \ + -exclude-inbound-port=20000 \ + -exclude-inbound-port=8080 +exec "$@" +EOF + +RUN chmod +x /bin/tproxy-startup.sh \ + && chown 100:0 /bin/tproxy-startup.sh + +RUN echo 'consul ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers + +USER 100:0 +ENTRYPOINT [] +` + func DockerImages( logger hclog.Logger, run *runner.Runner, t *topology.Topology, ) error { - logw := logger.Named("docker").StandardWriter(&hclog.StandardLoggerOptions{ForceLevel: hclog.Debug}) built := make(map[string]struct{}) for _, c := range t.Clusters { for _, n := range c.Nodes { + needsTproxy := n.NeedsTransparentProxy() + joint := n.Images.EnvoyConsulImage() if _, ok := built[joint]; joint != "" && !ok { - logger.Info("building image", "image", joint) - err := run.DockerExec(context.TODO(), []string{ + logger.Info("building envoy+consul image", "image", joint) + logw := logger.Named("docker_envoy_consul").StandardWriter(&hclog.StandardLoggerOptions{ForceLevel: hclog.Debug}) + + err := run.DockerExecWithStderr(context.TODO(), []string{ "build", + // provenance causes non-idempotent builds, which leads to spurious terraform replacements + "--provenance=false", "--build-arg", "CONSUL_IMAGE=" + n.Images.Consul, "--build-arg", "ENVOY_IMAGE=" + n.Images.Envoy, "-t", joint, "-", - }, logw, strings.NewReader(dockerfileEnvoy)) + }, logw, logw, strings.NewReader(dockerfileEnvoy)) if err != nil { return err } @@ -66,20 +129,42 @@ func DockerImages( cdp := n.Images.LocalDataplaneImage() if _, ok := built[cdp]; cdp != "" && !ok { - logger.Info("building image", "image", cdp) - err := run.DockerExec(context.TODO(), []string{ + logger.Info("building dataplane image", "image", cdp) + logw := logger.Named("docker_dataplane").StandardWriter(&hclog.StandardLoggerOptions{ForceLevel: hclog.Debug}) + err := run.DockerExecWithStderr(context.TODO(), []string{ "build", + "--provenance=false", "--build-arg", "DATAPLANE_IMAGE=" + n.Images.Dataplane, "-t", cdp, "-", - }, logw, strings.NewReader(dockerfileDataplane)) + }, logw, logw, strings.NewReader(dockerfileDataplane)) if err != nil { return err } built[cdp] = struct{}{} } + + cdpTproxy := n.Images.LocalDataplaneTProxyImage() + if _, ok := built[cdpTproxy]; cdpTproxy != "" && !ok && needsTproxy { + logger.Info("building image", "image", cdpTproxy) + logw := logger.Named("docker_dataplane_tproxy").StandardWriter(&hclog.StandardLoggerOptions{ForceLevel: hclog.Debug}) + err := run.DockerExecWithStderr(context.TODO(), []string{ + "build", + "--build-arg", + "DATAPLANE_IMAGE=" + n.Images.Dataplane, + "--build-arg", + "CONSUL_IMAGE=" + n.Images.Consul, + "-t", cdpTproxy, + "-", + }, logw, logw, strings.NewReader(dockerfileDataplaneForTProxy)) + if err != nil { + return err + } + + built[cdpTproxy] = struct{}{} + } } } diff --git a/testing/deployer/sprawl/internal/secrets/store.go b/testing/deployer/sprawl/internal/secrets/store.go index 0cacf88b256e..6d3144f3f8d2 100644 --- a/testing/deployer/sprawl/internal/secrets/store.go +++ b/testing/deployer/sprawl/internal/secrets/store.go @@ -18,6 +18,7 @@ const ( GossipKey = "gossip" BootstrapToken = "bootstrap-token" AgentRecovery = "agent-recovery" + CAPEM = "ca-pem" ) func (s *Store) SaveGeneric(cluster, name, value string) { @@ -36,12 +37,22 @@ func (s *Store) ReadAgentToken(cluster string, nid topology.NodeID) string { return s.read(encode(cluster, "agent", nid.String())) } -func (s *Store) SaveServiceToken(cluster string, sid topology.ServiceID, value string) { - s.save(encode(cluster, "service", sid.String()), value) +// Deprecated: SaveWorkloadToken +func (s *Store) SaveServiceToken(cluster string, wid topology.ID, value string) { + s.SaveWorkloadToken(cluster, wid, value) } -func (s *Store) ReadServiceToken(cluster string, sid topology.ServiceID) string { - return s.read(encode(cluster, "service", sid.String())) +func (s *Store) SaveWorkloadToken(cluster string, wid topology.ID, value string) { + s.save(encode(cluster, "workload", wid.String()), value) +} + +// Deprecated: ReadWorkloadToken +func (s *Store) ReadServiceToken(cluster string, wid topology.ID) string { + return s.ReadWorkloadToken(cluster, wid) +} + +func (s *Store) ReadWorkloadToken(cluster string, wid topology.ID) string { + return s.read(encode(cluster, "workload", wid.String())) } func (s *Store) save(key, value string) { diff --git a/testing/deployer/sprawl/internal/tfgen/agent.go b/testing/deployer/sprawl/internal/tfgen/agent.go index 00e727678353..ee77c09a58bc 100644 --- a/testing/deployer/sprawl/internal/tfgen/agent.go +++ b/testing/deployer/sprawl/internal/tfgen/agent.go @@ -13,7 +13,7 @@ import ( "github.com/hashicorp/consul/testing/deployer/topology" ) -func (g *Generator) generateAgentHCL(node *topology.Node) string { +func (g *Generator) generateAgentHCL(node *topology.Node, enableV2 bool) string { if !node.IsAgent() { panic("generateAgentHCL only applies to agents") } @@ -35,6 +35,10 @@ func (g *Generator) generateAgentHCL(node *topology.Node) string { b.add("enable_debug", true) b.add("use_streaming_backend", true) + if enableV2 { + b.addSlice("experiments", []string{"resource-apis"}) + } + // speed up leaves b.addBlock("performance", func() { b.add("leave_drain_time", "50ms") diff --git a/testing/deployer/sprawl/internal/tfgen/dns.go b/testing/deployer/sprawl/internal/tfgen/dns.go index 20dca878ebf3..9b03693c8311 100644 --- a/testing/deployer/sprawl/internal/tfgen/dns.go +++ b/testing/deployer/sprawl/internal/tfgen/dns.go @@ -8,8 +8,11 @@ import ( "fmt" "os" "path/filepath" + "sort" "strings" + "golang.org/x/exp/maps" + "github.com/hashicorp/consul/testing/deployer/topology" "github.com/hashicorp/consul/testing/deployer/util" ) @@ -63,17 +66,36 @@ func (g *Generator) writeCoreDNSFiles(net *topology.Network, dnsIPAddress string } } + // Until Consul DNS understands v2, simulate it. + // + // NOTE: this DNS is not quite what consul normally does. It's simpler + // to simulate this format here. + virtualNames := make(map[string][]string) + for id, svcData := range cluster.Services { + if len(svcData.VirtualIps) == 0 { + continue + } + vips := svcData.VirtualIps + + // ----.virtual. + name := fmt.Sprintf("%s--%s--%s", id.Name, id.Namespace, id.Partition) + virtualNames[name] = vips + } + var ( clusterDNSName = cluster.Name + "-consulcluster.lan" - ) + virtualDNSName = "virtual.consul" - corefilePath := filepath.Join(rootdir, "Corefile") - zonefilePath := filepath.Join(rootdir, "servers") + corefilePath = filepath.Join(rootdir, "Corefile") + zonefilePath = filepath.Join(rootdir, "servers") + virtualZonefilePath = filepath.Join(rootdir, "virtual") + ) _, err := UpdateFileIfDifferent( g.logger, generateCoreDNSConfigFile( clusterDNSName, + virtualDNSName, addrs, ), corefilePath, @@ -105,7 +127,25 @@ func (g *Generator) writeCoreDNSFiles(net *topology.Network, dnsIPAddress string return false, nil, fmt.Errorf("error hashing %q: %w", zonefilePath, err) } - return true, []string{corefileHash, zonefileHash}, nil + _, err = UpdateFileIfDifferent( + g.logger, + generateCoreDNSVirtualZoneFile( + dnsIPAddress, + virtualDNSName, + virtualNames, + ), + virtualZonefilePath, + 0644, + ) + if err != nil { + return false, nil, fmt.Errorf("error writing %q: %w", virtualZonefilePath, err) + } + virtualZonefileHash, err := util.HashFile(virtualZonefilePath) + if err != nil { + return false, nil, fmt.Errorf("error hashing %q: %w", virtualZonefilePath, err) + } + + return true, []string{corefileHash, zonefileHash, virtualZonefileHash}, nil } return false, nil, nil @@ -113,6 +153,7 @@ func (g *Generator) writeCoreDNSFiles(net *topology.Network, dnsIPAddress string func generateCoreDNSConfigFile( clusterDNSName string, + virtualDNSName string, addrs []string, ) []byte { serverPart := "" @@ -139,7 +180,14 @@ consul:53 { whoami } -%[2]s +%[2]s:53 { + file /config/virtual %[2]s + log + errors + whoami +} + +%[3]s .:53 { forward . 8.8.8.8:53 @@ -147,7 +195,7 @@ consul:53 { errors whoami } -`, clusterDNSName, serverPart)) +`, clusterDNSName, virtualDNSName, serverPart)) } func generateCoreDNSZoneFile( @@ -178,3 +226,38 @@ server IN A %s ; Consul server return buf.Bytes() } + +func generateCoreDNSVirtualZoneFile( + dnsIPAddress string, + virtualDNSName string, + nameToAddr map[string][]string, +) []byte { + var buf bytes.Buffer + buf.WriteString(fmt.Sprintf(` +$TTL 60 +$ORIGIN %[1]s. +@ IN SOA ns.%[1]s. webmaster.%[1]s. ( + 2017042745 ; serial + 7200 ; refresh (2 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 3600 ; minimum (1 hour) + ) +@ IN NS ns.%[1]s. ; Name server +ns IN A %[2]s ; self +`, virtualDNSName, dnsIPAddress)) + + names := maps.Keys(nameToAddr) + sort.Strings(names) + + for _, name := range names { + vips := nameToAddr[name] + for _, vip := range vips { + buf.WriteString(fmt.Sprintf(` +%s IN A %s ; Consul server +`, name, vip)) + } + } + + return buf.Bytes() +} diff --git a/testing/deployer/sprawl/internal/tfgen/docker_test.go b/testing/deployer/sprawl/internal/tfgen/docker_test.go index 942b87189fca..b657a4d01290 100644 --- a/testing/deployer/sprawl/internal/tfgen/docker_test.go +++ b/testing/deployer/sprawl/internal/tfgen/docker_test.go @@ -12,7 +12,6 @@ import ( func TestDockerImageResourceName(t *testing.T) { fn := DockerImageResourceName - assert.Equal(t, "", fn("")) assert.Equal(t, "abcdefghijklmnopqrstuvwxyz0123456789-", fn("abcdefghijklmnopqrstuvwxyz0123456789-")) assert.Equal(t, "hashicorp-consul-1-15-0", fn("hashicorp/consul:1.15.0")) } diff --git a/testing/deployer/sprawl/internal/tfgen/gen.go b/testing/deployer/sprawl/internal/tfgen/gen.go index f64d7b6a254b..d5f15158fec5 100644 --- a/testing/deployer/sprawl/internal/tfgen/gen.go +++ b/testing/deployer/sprawl/internal/tfgen/gen.go @@ -122,8 +122,10 @@ func (s Step) String() string { } } -func (s Step) StartServers() bool { return s >= StepServers } -func (s Step) StartAgents() bool { return s >= StepAgents } +func (s Step) StartServers() bool { return s >= StepServers } + +func (s Step) StartAgents() bool { return s >= StepAgents } + func (s Step) StartServices() bool { return s >= StepServices } // func (s Step) InitiatePeering() bool { return s >= StepPeering } @@ -260,13 +262,16 @@ func (g *Generator) Generate(step Step) error { addImage("", node.Images.Consul) addImage("", node.Images.EnvoyConsulImage()) addImage("", node.Images.LocalDataplaneImage()) + if node.NeedsTransparentProxy() { + addImage("", node.Images.LocalDataplaneTProxyImage()) + } if node.IsAgent() { addVolume(node.DockerName()) } - for _, svc := range node.Services { - addImage("", svc.Image) + for _, wrk := range node.Workloads { + addImage("", wrk.Image) } myContainers, err := g.generateNodeContainers(step, c, node) diff --git a/testing/deployer/sprawl/internal/tfgen/nodes.go b/testing/deployer/sprawl/internal/tfgen/nodes.go index 33a820a3e32e..59cca5f71135 100644 --- a/testing/deployer/sprawl/internal/tfgen/nodes.go +++ b/testing/deployer/sprawl/internal/tfgen/nodes.go @@ -67,57 +67,57 @@ func (g *Generator) generateNodeContainers( }{ terraformPod: pod, ImageResource: DockerImageResourceName(node.Images.Consul), - HCL: g.generateAgentHCL(node), + HCL: g.generateAgentHCL(node, cluster.EnableV2 && node.IsServer()), EnterpriseLicense: g.license, })) } } - svcContainers := []Resource{} - for _, svc := range node.SortedServices() { - token := g.sec.ReadServiceToken(node.Cluster, svc.ID) + wrkContainers := []Resource{} + for _, wrk := range node.SortedWorkloads() { + token := g.sec.ReadWorkloadToken(node.Cluster, wrk.ID) switch { - case svc.IsMeshGateway && !node.IsDataplane(): - svcContainers = append(svcContainers, Eval(tfMeshGatewayT, struct { + case wrk.IsMeshGateway && !node.IsDataplane(): + wrkContainers = append(wrkContainers, Eval(tfMeshGatewayT, struct { terraformPod ImageResource string Enterprise bool - Service *topology.Service + Workload *topology.Workload Token string }{ terraformPod: pod, ImageResource: DockerImageResourceName(node.Images.EnvoyConsulImage()), Enterprise: cluster.Enterprise, - Service: svc, + Workload: wrk, Token: token, })) - case svc.IsMeshGateway && node.IsDataplane(): - svcContainers = append(svcContainers, Eval(tfMeshGatewayDataplaneT, &struct { + case wrk.IsMeshGateway && node.IsDataplane(): + wrkContainers = append(wrkContainers, Eval(tfMeshGatewayDataplaneT, &struct { terraformPod ImageResource string Enterprise bool - Service *topology.Service + Workload *topology.Workload Token string }{ terraformPod: pod, ImageResource: DockerImageResourceName(node.Images.LocalDataplaneImage()), Enterprise: cluster.Enterprise, - Service: svc, + Workload: wrk, Token: token, })) - case !svc.IsMeshGateway: - svcContainers = append(svcContainers, Eval(tfAppT, struct { + case !wrk.IsMeshGateway: + wrkContainers = append(wrkContainers, Eval(tfAppT, struct { terraformPod ImageResource string - Service *topology.Service + Workload *topology.Workload }{ terraformPod: pod, - ImageResource: DockerImageResourceName(svc.Image), - Service: svc, + ImageResource: DockerImageResourceName(wrk.Image), + Workload: wrk, })) - if svc.DisableServiceMesh { + if wrk.DisableServiceMesh { break } @@ -125,27 +125,31 @@ func (g *Generator) generateNodeContainers( var img string if node.IsDataplane() { tmpl = tfAppDataplaneT - img = DockerImageResourceName(node.Images.LocalDataplaneImage()) + if wrk.EnableTransparentProxy { + img = DockerImageResourceName(node.Images.LocalDataplaneTProxyImage()) + } else { + img = DockerImageResourceName(node.Images.LocalDataplaneImage()) + } } else { img = DockerImageResourceName(node.Images.EnvoyConsulImage()) } - svcContainers = append(svcContainers, Eval(tmpl, struct { + wrkContainers = append(wrkContainers, Eval(tmpl, struct { terraformPod ImageResource string - Service *topology.Service + Workload *topology.Workload Token string Enterprise bool }{ terraformPod: pod, ImageResource: img, - Service: svc, + Workload: wrk, Token: token, Enterprise: cluster.Enterprise, })) } if step.StartServices() { - containers = append(containers, svcContainers...) + containers = append(containers, wrkContainers...) } } diff --git a/testing/deployer/sprawl/internal/tfgen/templates/container-app-dataplane.tf.tmpl b/testing/deployer/sprawl/internal/tfgen/templates/container-app-dataplane.tf.tmpl index 040cabbf1160..a72bd21bbfc2 100644 --- a/testing/deployer/sprawl/internal/tfgen/templates/container-app-dataplane.tf.tmpl +++ b/testing/deployer/sprawl/internal/tfgen/templates/container-app-dataplane.tf.tmpl @@ -1,7 +1,7 @@ -resource "docker_container" "{{.Node.DockerName}}-{{.Service.ID.TFString}}-sidecar" { - name = "{{.Node.DockerName}}-{{.Service.ID.TFString}}-sidecar" +resource "docker_container" "{{.Node.DockerName}}-{{.Workload.ID.TFString}}-sidecar" { + name = "{{.Node.DockerName}}-{{.Workload.ID.TFString}}-sidecar" network_mode = "container:${docker_container.{{.PodName}}.id}" - image = docker_image.{{.ImageResource}}.latest + image = docker_image.{{.ImageResource}}.image_id restart = "on-failure" {{- range $k, $v := .Labels }} @@ -17,25 +17,46 @@ resource "docker_container" "{{.Node.DockerName}}-{{.Service.ID.TFString}}-sidec read_only = true } +{{ if .Workload.EnableTransparentProxy }} + capabilities { + add = ["NET_ADMIN"] + } + entrypoint = [ "/bin/tproxy-startup.sh" ] +{{ end }} + env = [ - "DP_CONSUL_ADDRESSES=server.{{.Node.Cluster}}-consulcluster.lan", - "DP_SERVICE_NODE_NAME={{.Node.PodName}}", - "DP_PROXY_SERVICE_ID={{.Service.ID.Name}}-sidecar-proxy", - {{ if .Enterprise }} - "DP_SERVICE_NAMESPACE={{.Service.ID.Namespace}}", - "DP_SERVICE_PARTITION={{.Service.ID.Partition}}", - {{ end }} - {{ if .Token }} - "DP_CREDENTIAL_TYPE=static", - "DP_CREDENTIAL_STATIC_TOKEN={{.Token}}", - {{ end }} - // for demo purposes - "DP_ENVOY_ADMIN_BIND_ADDRESS=0.0.0.0", - "DP_ENVOY_ADMIN_BIND_PORT=19000", - "DP_LOG_LEVEL=trace", - "DP_CA_CERTS=/consul/config/certs/consul-agent-ca.pem", - "DP_CONSUL_GRPC_PORT=8503", - "DP_TLS_SERVER_NAME=server.{{.Node.Datacenter}}.consul", + "DP_CONSUL_ADDRESSES=server.{{.Node.Cluster}}-consulcluster.lan", +{{ if .Node.IsV2 }} + "DP_PROXY_ID={{.Workload.Workload}}", +{{ if .Enterprise }} + "DP_PROXY_NAMESPACE={{.Workload.ID.Namespace}}", + "DP_PROXY_PARTITION={{.Workload.ID.Partition}}", +{{ end }} +{{ else }} + "DP_SERVICE_NODE_NAME={{.Node.PodName}}", + "DP_PROXY_SERVICE_ID={{.Workload.ID.Name}}-sidecar-proxy", +{{ if .Enterprise }} + "DP_SERVICE_NAMESPACE={{.Workload.ID.Namespace}}", + "DP_SERVICE_PARTITION={{.Workload.ID.Partition}}", +{{ end }} +{{ end }} + +{{ if .Token }} + "DP_CREDENTIAL_TYPE=static", + "DP_CREDENTIAL_STATIC_TOKEN={{.Token}}", +{{ end }} + +{{ if .Workload.EnableTransparentProxy }} + "REDIRECT_TRAFFIC_ARGS=-exclude-inbound-port=19000", +{{ end }} + + // for demo purposes + "DP_ENVOY_ADMIN_BIND_ADDRESS=0.0.0.0", + "DP_ENVOY_ADMIN_BIND_PORT=19000", + "DP_LOG_LEVEL=trace", + "DP_CA_CERTS=/consul/config/certs/consul-agent-ca.pem", + "DP_CONSUL_GRPC_PORT=8503", + "DP_TLS_SERVER_NAME=server.{{.Node.Datacenter}}.consul", ] command = [ diff --git a/testing/deployer/sprawl/internal/tfgen/templates/container-app-sidecar.tf.tmpl b/testing/deployer/sprawl/internal/tfgen/templates/container-app-sidecar.tf.tmpl index 15a5f6922691..6c9ef47c2813 100644 --- a/testing/deployer/sprawl/internal/tfgen/templates/container-app-sidecar.tf.tmpl +++ b/testing/deployer/sprawl/internal/tfgen/templates/container-app-sidecar.tf.tmpl @@ -1,7 +1,7 @@ -resource "docker_container" "{{.Node.DockerName}}-{{.Service.ID.TFString}}-sidecar" { - name = "{{.Node.DockerName}}-{{.Service.ID.TFString}}-sidecar" +resource "docker_container" "{{.Node.DockerName}}-{{.Workload.ID.TFString}}-sidecar" { + name = "{{.Node.DockerName}}-{{.Workload.ID.TFString}}-sidecar" network_mode = "container:${docker_container.{{.PodName}}.id}" - image = docker_image.{{.ImageResource}}.latest + image = docker_image.{{.ImageResource}}.image_id restart = "on-failure" {{- range $k, $v := .Labels }} @@ -19,13 +19,13 @@ resource "docker_container" "{{.Node.DockerName}}-{{.Service.ID.TFString}}-sidec command = [ "consul", "connect", "envoy", - "-sidecar-for={{.Service.ID.Name}}", + "-sidecar-for={{.Workload.ID.Name}}", "-grpc-addr=http://127.0.0.1:8502", // for demo purposes (TODO: huh?) - "-admin-bind=0.0.0.0:{{.Service.EnvoyAdminPort}}", + "-admin-bind=0.0.0.0:{{.Workload.EnvoyAdminPort}}", {{if .Enterprise}} - "-partition={{.Service.ID.Partition}}", - "-namespace={{.Service.ID.Namespace}}", + "-partition={{.Workload.ID.Partition}}", + "-namespace={{.Workload.ID.Namespace}}", {{end}} {{if .Token }} "-token={{.Token}}", diff --git a/testing/deployer/sprawl/internal/tfgen/templates/container-app.tf.tmpl b/testing/deployer/sprawl/internal/tfgen/templates/container-app.tf.tmpl index d6033587b1ea..51df4fa00597 100644 --- a/testing/deployer/sprawl/internal/tfgen/templates/container-app.tf.tmpl +++ b/testing/deployer/sprawl/internal/tfgen/templates/container-app.tf.tmpl @@ -1,7 +1,7 @@ -resource "docker_container" "{{.Node.DockerName}}-{{.Service.ID.TFString}}" { - name = "{{.Node.DockerName}}-{{.Service.ID.TFString}}" +resource "docker_container" "{{.Node.DockerName}}-{{.Workload.ID.TFString}}" { + name = "{{.Node.DockerName}}-{{.Workload.ID.TFString}}" network_mode = "container:${docker_container.{{.PodName}}.id}" - image = docker_image.{{.ImageResource}}.latest + image = docker_image.{{.ImageResource}}.image_id restart = "on-failure" {{- range $k, $v := .Labels }} @@ -12,13 +12,13 @@ resource "docker_container" "{{.Node.DockerName}}-{{.Service.ID.TFString}}" { {{- end }} env = [ -{{- range .Service.Env }} +{{- range .Workload.Env }} "{{.}}", {{- end}} ] command = [ -{{- range .Service.Command }} +{{- range .Workload.Command }} "{{.}}", {{- end }} ] diff --git a/testing/deployer/sprawl/internal/tfgen/templates/container-consul.tf.tmpl b/testing/deployer/sprawl/internal/tfgen/templates/container-consul.tf.tmpl index fac148f29c2b..7b76e0569bc6 100644 --- a/testing/deployer/sprawl/internal/tfgen/templates/container-consul.tf.tmpl +++ b/testing/deployer/sprawl/internal/tfgen/templates/container-consul.tf.tmpl @@ -1,7 +1,7 @@ resource "docker_container" "{{.Node.DockerName}}" { name = "{{.Node.DockerName}}" network_mode = "container:${docker_container.{{.PodName}}.id}" - image = docker_image.{{.ImageResource}}.latest + image = docker_image.{{.ImageResource}}.image_id restart = "always" env = [ diff --git a/testing/deployer/sprawl/internal/tfgen/templates/container-coredns.tf.tmpl b/testing/deployer/sprawl/internal/tfgen/templates/container-coredns.tf.tmpl index 7789376a98f1..97c0d7011d3d 100644 --- a/testing/deployer/sprawl/internal/tfgen/templates/container-coredns.tf.tmpl +++ b/testing/deployer/sprawl/internal/tfgen/templates/container-coredns.tf.tmpl @@ -1,6 +1,6 @@ resource "docker_container" "{{.DockerNetworkName}}-coredns" { name = "{{.DockerNetworkName}}-coredns" - image = docker_image.coredns.latest + image = docker_image.coredns.image_id restart = "always" dns = ["8.8.8.8"] diff --git a/testing/deployer/sprawl/internal/tfgen/templates/container-mgw-dataplane.tf.tmpl b/testing/deployer/sprawl/internal/tfgen/templates/container-mgw-dataplane.tf.tmpl index 18152e68eb6d..6dac0fd3ec9c 100644 --- a/testing/deployer/sprawl/internal/tfgen/templates/container-mgw-dataplane.tf.tmpl +++ b/testing/deployer/sprawl/internal/tfgen/templates/container-mgw-dataplane.tf.tmpl @@ -1,7 +1,7 @@ -resource "docker_container" "{{.Node.DockerName}}-{{.Service.ID.TFString}}" { - name = "{{.Node.DockerName}}-{{.Service.ID.TFString}}" +resource "docker_container" "{{.Node.DockerName}}-{{.Workload.ID.TFString}}" { + name = "{{.Node.DockerName}}-{{.Workload.ID.TFString}}" network_mode = "container:${docker_container.{{.PodName}}.id}" - image = docker_image.{{.ImageResource}}.latest + image = docker_image.{{.ImageResource}}.image_id restart = "on-failure" {{- range $k, $v := .Labels }} @@ -20,10 +20,10 @@ resource "docker_container" "{{.Node.DockerName}}-{{.Service.ID.TFString}}" { env = [ "DP_CONSUL_ADDRESSES=server.{{.Node.Cluster}}-consulcluster.lan", "DP_SERVICE_NODE_NAME={{.Node.PodName}}", - "DP_PROXY_SERVICE_ID={{.Service.ID.Name}}", + "DP_PROXY_SERVICE_ID={{.Workload.ID.Name}}", {{ if .Enterprise }} - "DP_SERVICE_NAMESPACE={{.Service.ID.Namespace}}", - "DP_SERVICE_PARTITION={{.Service.ID.Partition}}", + "DP_SERVICE_NAMESPACE={{.Workload.ID.Namespace}}", + "DP_SERVICE_PARTITION={{.Workload.ID.Partition}}", {{ end }} {{ if .Token }} "DP_CREDENTIAL_TYPE=static", diff --git a/testing/deployer/sprawl/internal/tfgen/templates/container-mgw.tf.tmpl b/testing/deployer/sprawl/internal/tfgen/templates/container-mgw.tf.tmpl index 78c4abe8dfa4..1892dfa047f0 100644 --- a/testing/deployer/sprawl/internal/tfgen/templates/container-mgw.tf.tmpl +++ b/testing/deployer/sprawl/internal/tfgen/templates/container-mgw.tf.tmpl @@ -1,7 +1,7 @@ -resource "docker_container" "{{.Node.DockerName}}-{{.Service.ID.TFString}}" { - name = "{{.Node.DockerName}}-{{.Service.ID.TFString}}" +resource "docker_container" "{{.Node.DockerName}}-{{.Workload.ID.TFString}}" { + name = "{{.Node.DockerName}}-{{.Workload.ID.TFString}}" network_mode = "container:${docker_container.{{.PodName}}.id}" - image = docker_image.{{.ImageResource}}.latest + image = docker_image.{{.ImageResource}}.image_id restart = "on-failure" {{- range $k, $v := .Labels }} @@ -21,13 +21,13 @@ resource "docker_container" "{{.Node.DockerName}}-{{.Service.ID.TFString}}" { "consul", "connect", "envoy", "-register", "-mesh-gateway", - "-address={{`{{ GetInterfaceIP \"eth0\" }}`}}:{{.Service.Port}}", - "-wan-address={{`{{ GetInterfaceIP \"eth1\" }}`}}:{{.Service.Port}}", + "-address={{`{{ GetInterfaceIP \"eth0\" }}`}}:{{.Workload.Port}}", + "-wan-address={{`{{ GetInterfaceIP \"eth1\" }}`}}:{{.Workload.Port}}", "-grpc-addr=http://127.0.0.1:8502", // for demo purposes (TODO: huh?) - "-admin-bind=0.0.0.0:{{.Service.EnvoyAdminPort}}", + "-admin-bind=0.0.0.0:{{.Workload.EnvoyAdminPort}}", {{ if .Enterprise }} - "-partition={{.Service.ID.Partition}}", + "-partition={{.Workload.ID.Partition}}", {{end}} {{ if .Token }} "-token={{.Token}}", diff --git a/testing/deployer/sprawl/internal/tfgen/templates/container-pause.tf.tmpl b/testing/deployer/sprawl/internal/tfgen/templates/container-pause.tf.tmpl index 1f1627b0719b..ef537f03522a 100644 --- a/testing/deployer/sprawl/internal/tfgen/templates/container-pause.tf.tmpl +++ b/testing/deployer/sprawl/internal/tfgen/templates/container-pause.tf.tmpl @@ -1,6 +1,6 @@ resource "docker_container" "{{.PodName}}" { name = "{{.PodName}}" - image = docker_image.pause.latest + image = docker_image.pause.image_id hostname = "{{.PodName}}" restart = "always" dns = ["{{.DNSAddress}}"] diff --git a/testing/deployer/sprawl/internal/tfgen/templates/container-proxy.tf.tmpl b/testing/deployer/sprawl/internal/tfgen/templates/container-proxy.tf.tmpl index ed44d8343fe8..f4d7fe1d9439 100644 --- a/testing/deployer/sprawl/internal/tfgen/templates/container-proxy.tf.tmpl +++ b/testing/deployer/sprawl/internal/tfgen/templates/container-proxy.tf.tmpl @@ -1,6 +1,6 @@ resource "docker_container" "{{.DockerNetworkName}}-forwardproxy" { name = "{{.DockerNetworkName}}-forwardproxy" - image = docker_image.nginx.latest + image = docker_image.nginx.image_id restart = "always" dns = ["8.8.8.8"] diff --git a/testing/deployer/sprawl/peering.go b/testing/deployer/sprawl/peering.go index dd280cc49a29..375d424197b7 100644 --- a/testing/deployer/sprawl/peering.go +++ b/testing/deployer/sprawl/peering.go @@ -7,6 +7,7 @@ import ( "context" "errors" "fmt" + "log" "net/http" "strings" "time" @@ -62,6 +63,8 @@ func (s *Sprawl) initPeerings() error { req1.Partition = peering.Accepting.Partition } + s.awaitMeshGateways() + GENTOKEN: resp, _, err := acceptingClient.Peerings().GenerateToken(context.Background(), req1, nil) if err != nil { @@ -108,6 +111,7 @@ func (s *Sprawl) initPeerings() error { } func (s *Sprawl) waitForPeeringEstablishment() error { + s.awaitMeshGateways() var ( logger = s.logger.Named("peering") ) @@ -181,3 +185,58 @@ func (s *Sprawl) checkPeeringDirection(logger hclog.Logger, client *api.Client, } logger.Debug("peering is active", "dur", time.Since(startTime).Round(time.Second)) } + +func (s *Sprawl) awaitMeshGateways() { + startTime := time.Now() + s.logger.Info("awaiting mesh gateways") + // TODO: maybe a better way to do this + mgws := []*topology.Workload{} + for _, clu := range s.topology.Clusters { + for _, node := range clu.Nodes { + for _, wrk := range node.Workloads { + if wrk.IsMeshGateway { + mgws = append(mgws, wrk) + } + } + } + } + + // TODO: parallel + for _, mgw := range mgws { + cl := s.clients[mgw.Node.Cluster] + logger := s.logger.With("cluster", mgw.Node.Cluster, "sid", mgw.ID, "nid", mgw.Node.ID()) + logger.Info("awaiting MGW readiness") + RETRY: + // TODO: not sure if there's a better way to check if the MGW is ready + svcs, _, err := cl.Catalog().Service(mgw.ID.Name, "", mgw.ID.QueryOptions()) + if err != nil { + logger.Debug("fetching MGW service", "err", err) + time.Sleep(time.Second) + goto RETRY + } + if len(svcs) < 1 { + logger.Debug("no MGW service in catalog yet") + time.Sleep(time.Second) + goto RETRY + } + if len(svcs) > 1 { + // not sure when this would happen + log.Fatalf("expected 1 MGW service, actually: %#v", svcs) + } + + entries, _, err := cl.Health().Service(mgw.ID.Name, "", true, mgw.ID.QueryOptions()) + if err != nil { + logger.Debug("fetching MGW checks", "err", err) + time.Sleep(time.Second) + goto RETRY + } + if len(entries) != 1 { + logger.Debug("expected 1 MGW entry", "entries", entries) + time.Sleep(time.Second) + goto RETRY + } + + logger.Debug("MGW ready", "entry", *(entries[0]), "dur", time.Since(startTime).Round(time.Second)) + } + s.logger.Info("mesh gateways ready", "dur", time.Since(startTime).Round(time.Second)) +} diff --git a/testing/deployer/sprawl/resources.go b/testing/deployer/sprawl/resources.go new file mode 100644 index 000000000000..da0ea260ddad --- /dev/null +++ b/testing/deployer/sprawl/resources.go @@ -0,0 +1,22 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package sprawl + +import ( + "github.com/hashicorp/consul/testing/deployer/topology" +) + +func (s *Sprawl) populateInitialResources(cluster *topology.Cluster) error { + if len(cluster.InitialResources) == 0 { + return nil + } + + for _, res := range cluster.InitialResources { + if _, err := s.writeResource(cluster, res); err != nil { + return err + } + } + + return nil +} diff --git a/testing/deployer/sprawl/sprawl.go b/testing/deployer/sprawl/sprawl.go index 3433e1b3dc0a..f8e1d074160f 100644 --- a/testing/deployer/sprawl/sprawl.go +++ b/testing/deployer/sprawl/sprawl.go @@ -16,9 +16,11 @@ import ( "time" "github.com/hashicorp/consul/api" + "github.com/hashicorp/consul/proto-public/pbresource" "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-multierror" "github.com/mitchellh/copystructure" + "google.golang.org/grpc" "github.com/hashicorp/consul/testing/deployer/sprawl/internal/runner" "github.com/hashicorp/consul/testing/deployer/sprawl/internal/secrets" @@ -31,10 +33,12 @@ import ( // Sprawl is the definition of a complete running Consul deployment topology. type Sprawl struct { - logger hclog.Logger - runner *runner.Runner - license string - secrets secrets.Store + logger hclog.Logger + // set after initial Launch is complete + launchLogger hclog.Logger + runner *runner.Runner + license string + secrets secrets.Store workdir string @@ -43,7 +47,9 @@ type Sprawl struct { topology *topology.Topology generator *tfgen.Generator - clients map[string]*api.Client // one per cluster + clients map[string]*api.Client // one per cluster + grpcConns map[string]*grpc.ClientConn // one per cluster (when v2 enabled) + grpcConnCancel map[string]func() // one per cluster (when v2 enabled) } // Topology allows access to the topology that defines the resources. Do not @@ -60,6 +66,12 @@ func (s *Sprawl) Config() *topology.Config { return c2 } +// ResourceServiceClientForCluster returns a shared common client that defaults +// to using the management token for this cluster. +func (s *Sprawl) ResourceServiceClientForCluster(clusterName string) pbresource.ResourceServiceClient { + return pbresource.NewResourceServiceClient(s.grpcConns[clusterName]) +} + func (s *Sprawl) HTTPClientForCluster(clusterName string) (*http.Client, error) { cluster, ok := s.topology.Clusters[clusterName] if !ok { @@ -167,10 +179,12 @@ func Launch( } s := &Sprawl{ - logger: logger, - runner: runner, - workdir: workdir, - clients: make(map[string]*api.Client), + logger: logger, + runner: runner, + workdir: workdir, + clients: make(map[string]*api.Client), + grpcConns: make(map[string]*grpc.ClientConn), + grpcConnCancel: make(map[string]func()), } if err := s.ensureLicense(); err != nil { @@ -200,11 +214,20 @@ func Launch( return nil, fmt.Errorf("error gathering diagnostic details: %w", err) } + s.launchLogger = s.logger + return s, nil } func (s *Sprawl) Relaunch( cfg *topology.Config, +) error { + return s.RelaunchWithPhase(cfg, "") +} + +func (s *Sprawl) RelaunchWithPhase( + cfg *topology.Config, + phase string, ) error { // Copy this BEFORE compiling so we capture the original definition, without denorms. var err error @@ -213,6 +236,10 @@ func (s *Sprawl) Relaunch( return err } + if phase != "" { + s.logger = s.launchLogger.Named(phase) + } + newTopology, err := topology.Recompile(s.logger.Named("recompile"), cfg, s.topology) if err != nil { return fmt.Errorf("topology.Compile: %w", err) @@ -235,6 +262,32 @@ func (s *Sprawl) Relaunch( return nil } +// SnapshotSave saves a snapshot of a cluster and restore with the snapshot +func (s *Sprawl) SnapshotSave(clusterName string) error { + cluster, ok := s.topology.Clusters[clusterName] + if !ok { + return fmt.Errorf("no such cluster: %s", clusterName) + } + var ( + client = s.clients[cluster.Name] + ) + snapshot := client.Snapshot() + snap, _, err := snapshot.Save(nil) + if err != nil { + return fmt.Errorf("error saving snapshot: %w", err) + } + s.logger.Info("snapshot saved") + time.Sleep(3 * time.Second) + defer snap.Close() + + // Restore the snapshot. + if err := snapshot.Restore(nil, snap); err != nil { + return fmt.Errorf("error restoring snapshot: %w", err) + } + s.logger.Info("snapshot restored") + return nil +} + // Leader returns the cluster leader agent, or an error if no leader is // available. func (s *Sprawl) Leader(clusterName string) (*topology.Node, error) { @@ -337,11 +390,11 @@ func (s *Sprawl) SnapshotEnvoy(ctx context.Context) error { if n.Disabled { continue } - for _, s := range n.Services { - if s.Disabled || s.EnvoyAdminPort <= 0 { + for _, wrk := range n.Workloads { + if wrk.Disabled || wrk.EnvoyAdminPort <= 0 { continue } - prefix := fmt.Sprintf("http://%s:%d", n.LocalAddress(), s.EnvoyAdminPort) + prefix := fmt.Sprintf("http://%s:%d", n.LocalAddress(), wrk.EnvoyAdminPort) for fn, target := range targets { u := prefix + "/" + target @@ -349,23 +402,23 @@ func (s *Sprawl) SnapshotEnvoy(ctx context.Context) error { body, err := scrapeURL(client, u) if err != nil { merr = multierror.Append(merr, fmt.Errorf("could not scrape %q for %s on %s: %w", - target, s.ID.String(), n.ID().String(), err, + target, wrk.ID.String(), n.ID().String(), err, )) continue } - outFn := filepath.Join(snapDir, n.DockerName()+"--"+s.ID.TFString()+"."+fn) + outFn := filepath.Join(snapDir, n.DockerName()+"--"+wrk.ID.TFString()+"."+fn) if err := os.WriteFile(outFn+".tmp", body, 0644); err != nil { merr = multierror.Append(merr, fmt.Errorf("could not write output %q for %s on %s: %w", - target, s.ID.String(), n.ID().String(), err, + target, wrk.ID.String(), n.ID().String(), err, )) continue } if err := os.Rename(outFn+".tmp", outFn); err != nil { merr = multierror.Append(merr, fmt.Errorf("could not write output %q for %s on %s: %w", - target, s.ID.String(), n.ID().String(), err, + target, wrk.ID.String(), n.ID().String(), err, )) continue } diff --git a/testing/deployer/sprawl/sprawltest/sprawltest.go b/testing/deployer/sprawl/sprawltest/sprawltest.go index 7b1e0493d751..d69561286094 100644 --- a/testing/deployer/sprawl/sprawltest/sprawltest.go +++ b/testing/deployer/sprawl/sprawltest/sprawltest.go @@ -13,10 +13,13 @@ import ( "sync" "testing" + "github.com/hashicorp/consul/proto-public/pbresource" "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-multierror" "github.com/stretchr/testify/require" + "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/types/known/anypb" "github.com/hashicorp/consul/testing/deployer/sprawl" "github.com/hashicorp/consul/testing/deployer/sprawl/internal/runner" @@ -206,3 +209,10 @@ func SkipIfTerraformNotPresent(t *testing.T) { t.Skipf("%q not found on $PATH - download and install to run this test", terraformBinaryName) } } + +func MustSetResourceData(t *testing.T, res *pbresource.Resource, data proto.Message) *pbresource.Resource { + anyData, err := anypb.New(data) + require.NoError(t, err) + res.Data = anyData + return res +} diff --git a/testing/deployer/sprawl/sprawltest/test_test.go b/testing/deployer/sprawl/sprawltest/test_test.go index 1bb69ea77efe..23032cadd178 100644 --- a/testing/deployer/sprawl/sprawltest/test_test.go +++ b/testing/deployer/sprawl/sprawltest/test_test.go @@ -8,17 +8,160 @@ import ( "testing" "github.com/hashicorp/consul/api" + pbauth "github.com/hashicorp/consul/proto-public/pbauth/v2beta1" + pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" + pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" + "github.com/hashicorp/consul/proto-public/pbresource" "github.com/stretchr/testify/require" "github.com/hashicorp/consul/testing/deployer/sprawl/sprawltest" "github.com/hashicorp/consul/testing/deployer/topology" ) +func TestSprawl_CatalogV2(t *testing.T) { + serversDC1 := newTopologyServerSet("dc1-server", 3, []string{"dc1", "wan"}, nil) + + cfg := &topology.Config{ + Images: topology.Images{ + ConsulCE: "hashicorppreview/consul:1.17-dev", + ConsulEnterprise: "hashicorppreview/consul-enterprise:1.17-dev", + Dataplane: "hashicorppreview/consul-dataplane:1.3-dev", + }, + Networks: []*topology.Network{ + {Name: "dc1"}, + {Name: "wan", Type: "wan"}, + }, + Clusters: []*topology.Cluster{ + { + Enterprise: true, + Name: "dc1", + Nodes: topology.MergeSlices(serversDC1, []*topology.Node{ + { + Kind: topology.NodeKindDataplane, + Version: topology.NodeVersionV2, + Name: "dc1-client1", + Workloads: []*topology.Workload{ + { + ID: topology.ID{Name: "ping"}, + Image: "rboyer/pingpong:latest", + Port: 8080, + EnvoyAdminPort: 19000, + Command: []string{ + "-bind", "0.0.0.0:8080", + "-dial", "127.0.0.1:9090", + "-pong-chaos", + "-dialfreq", "250ms", + "-name", "ping", + }, + Destinations: []*topology.Destination{{ + ID: topology.ID{Name: "pong"}, + LocalPort: 9090, + }}, + }, + }, + }, + { + Kind: topology.NodeKindDataplane, + Version: topology.NodeVersionV2, + Name: "dc1-client2", + Workloads: []*topology.Workload{ + { + ID: topology.ID{Name: "pong"}, + Image: "rboyer/pingpong:latest", + Port: 8080, + EnvoyAdminPort: 19000, + Command: []string{ + "-bind", "0.0.0.0:8080", + "-dial", "127.0.0.1:9090", + "-pong-chaos", + "-dialfreq", "250ms", + "-name", "pong", + }, + Destinations: []*topology.Destination{{ + ID: topology.ID{Name: "ping"}, + LocalPort: 9090, + }}, + }, + }, + }, + }), + InitialResources: []*pbresource.Resource{ + sprawltest.MustSetResourceData(t, &pbresource.Resource{ + Id: &pbresource.ID{ + Type: pbmesh.HTTPRouteType, + Name: "test-http-route", + }, + }, &pbmesh.HTTPRoute{ + ParentRefs: []*pbmesh.ParentReference{{ + Ref: &pbresource.Reference{ + Type: pbcatalog.ServiceType, + Name: "test", + }, + }}, + }), + sprawltest.MustSetResourceData(t, &pbresource.Resource{ + Id: &pbresource.ID{ + Type: pbauth.TrafficPermissionsType, + Name: "ping-perms", + }, + }, &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "ping", + }, + Action: pbauth.Action_ACTION_ALLOW, + Permissions: []*pbauth.Permission{{ + Sources: []*pbauth.Source{{ + IdentityName: "pong", + }}, + }}, + }), + sprawltest.MustSetResourceData(t, &pbresource.Resource{ + Id: &pbresource.ID{ + Type: pbauth.TrafficPermissionsType, + Name: "pong-perms", + }, + }, &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "pong", + }, + Action: pbauth.Action_ACTION_ALLOW, + Permissions: []*pbauth.Permission{{ + Sources: []*pbauth.Source{{ + IdentityName: "ping", + }}, + }}, + }), + }, + }, + }, + } + + sp := sprawltest.Launch(t, cfg) + + for _, cluster := range sp.Topology().Clusters { + leader, err := sp.Leader(cluster.Name) + require.NoError(t, err) + t.Logf("%s: leader = %s", cluster.Name, leader.ID()) + + followers, err := sp.Followers(cluster.Name) + require.NoError(t, err) + for _, f := range followers { + t.Logf("%s: follower = %s", cluster.Name, f.ID()) + } + } +} + func TestSprawl(t *testing.T) { serversDC1 := newTopologyServerSet("dc1-server", 3, []string{"dc1", "wan"}, nil) serversDC2 := newTopologyServerSet("dc2-server", 3, []string{"dc2", "wan"}, nil) cfg := &topology.Config{ + Images: topology.Images{ + // ConsulEnterprise: "consul-dev:latest", + ConsulCE: "hashicorppreview/consul:1.17-dev", + ConsulEnterprise: "hashicorppreview/consul-enterprise:1.17-dev", + Dataplane: "hashicorppreview/consul-dataplane:1.3-dev", + }, Networks: []*topology.Network{ {Name: "dc1"}, {Name: "dc2"}, @@ -31,9 +174,9 @@ func TestSprawl(t *testing.T) { { Kind: topology.NodeKindClient, Name: "dc1-client1", - Services: []*topology.Service{ + Workloads: []*topology.Workload{ { - ID: topology.ServiceID{Name: "mesh-gateway"}, + ID: topology.ID{Name: "mesh-gateway"}, Port: 8443, EnvoyAdminPort: 19000, IsMeshGateway: true, @@ -43,9 +186,9 @@ func TestSprawl(t *testing.T) { { Kind: topology.NodeKindClient, Name: "dc1-client2", - Services: []*topology.Service{ + Workloads: []*topology.Workload{ { - ID: topology.ServiceID{Name: "ping"}, + ID: topology.ID{Name: "ping"}, Image: "rboyer/pingpong:latest", Port: 8080, EnvoyAdminPort: 19000, @@ -56,8 +199,8 @@ func TestSprawl(t *testing.T) { "-dialfreq", "250ms", "-name", "ping", }, - Upstreams: []*topology.Upstream{{ - ID: topology.ServiceID{Name: "pong"}, + Destinations: []*topology.Destination{{ + ID: topology.ID{Name: "pong"}, LocalPort: 9090, Peer: "peer-dc2-default", }}, @@ -83,9 +226,9 @@ func TestSprawl(t *testing.T) { { Kind: topology.NodeKindClient, Name: "dc2-client1", - Services: []*topology.Service{ + Workloads: []*topology.Workload{ { - ID: topology.ServiceID{Name: "mesh-gateway"}, + ID: topology.ID{Name: "mesh-gateway"}, Port: 8443, EnvoyAdminPort: 19000, IsMeshGateway: true, @@ -95,9 +238,34 @@ func TestSprawl(t *testing.T) { { Kind: topology.NodeKindDataplane, Name: "dc2-client2", - Services: []*topology.Service{ + Workloads: []*topology.Workload{ + { + ID: topology.ID{Name: "pong"}, + Image: "rboyer/pingpong:latest", + Port: 8080, + EnvoyAdminPort: 19000, + Command: []string{ + "-bind", "0.0.0.0:8080", + "-dial", "127.0.0.1:9090", + "-pong-chaos", + "-dialfreq", "250ms", + "-name", "pong", + }, + Destinations: []*topology.Destination{{ + ID: topology.ID{Name: "ping"}, + LocalPort: 9090, + Peer: "peer-dc1-default", + }}, + }, + }, + }, + { + Kind: topology.NodeKindDataplane, + Version: topology.NodeVersionV2, + Name: "dc2-client3", + Workloads: []*topology.Workload{ { - ID: topology.ServiceID{Name: "pong"}, + ID: topology.ID{Name: "pong"}, Image: "rboyer/pingpong:latest", Port: 8080, EnvoyAdminPort: 19000, @@ -108,8 +276,8 @@ func TestSprawl(t *testing.T) { "-dialfreq", "250ms", "-name", "pong", }, - Upstreams: []*topology.Upstream{{ - ID: topology.ServiceID{Name: "ping"}, + Destinations: []*topology.Destination{{ + ID: topology.ID{Name: "ping"}, LocalPort: 9090, Peer: "peer-dc1-default", }}, diff --git a/testing/deployer/sprawl/tls.go b/testing/deployer/sprawl/tls.go index bc5489206c7b..d1e3fd683688 100644 --- a/testing/deployer/sprawl/tls.go +++ b/testing/deployer/sprawl/tls.go @@ -9,6 +9,7 @@ import ( "fmt" "io" + "github.com/hashicorp/consul/testing/deployer/sprawl/internal/secrets" "github.com/hashicorp/consul/testing/deployer/topology" ) @@ -113,6 +114,29 @@ fi if err != nil { return fmt.Errorf("could not create all necessary TLS certificates in docker volume: %v", err) } + + var capture bytes.Buffer + err = s.runner.DockerExec(ctx, []string{"run", + "--rm", + "-i", + "--net=none", + "-u", consulUserArg, + "-v", cluster.TLSVolumeName + ":/data", + "-w", "/data", + "busybox:1.34", + "cat", + "/data/consul-agent-ca.pem", + }, &capture, nil) + if err != nil { + return fmt.Errorf("could not read CA PEM from docker volume: %v", err) + } + + caPEM := capture.String() + if caPEM == "" { + return fmt.Errorf("found empty CA PEM") + } + + s.secrets.SaveGeneric(cluster.Name, secrets.CAPEM, caPEM) } return nil diff --git a/testing/deployer/topology/compile.go b/testing/deployer/topology/compile.go index 98f1c1e917e8..7698de7465c2 100644 --- a/testing/deployer/topology/compile.go +++ b/testing/deployer/topology/compile.go @@ -13,10 +13,17 @@ import ( "sort" "github.com/google/go-cmp/cmp" + pbauth "github.com/hashicorp/consul/proto-public/pbauth/v2beta1" + pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" + pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" + "github.com/hashicorp/consul/proto-public/pbresource" "github.com/hashicorp/go-hclog" + "golang.org/x/exp/maps" + + "github.com/hashicorp/consul/testing/deployer/util" ) -const DockerPrefix = "consulcluster" +const DockerPrefix = "cslc" // ConSuLCluster func Compile(logger hclog.Logger, raw *Config) (*Topology, error) { return compile(logger, raw, nil) @@ -122,6 +129,22 @@ func compile(logger hclog.Logger, raw *Config, prev *Topology) (*Topology, error return nil, fmt.Errorf("cluster %q has no nodes", c.Name) } + if len(c.Services) == 0 { // always initialize this regardless of v2-ness, because we might late-enable it below + c.Services = make(map[ID]*pbcatalog.Service) + } + + var implicitV2Services bool + if len(c.Services) > 0 { + c.EnableV2 = true + for name, svc := range c.Services { + if svc.Workloads != nil { + return nil, fmt.Errorf("the workloads field for v2 service %q is not user settable", name) + } + } + } else { + implicitV2Services = true + } + if c.TLSVolumeName != "" { return nil, fmt.Errorf("user cannot specify the TLSVolumeName field") } @@ -149,6 +172,39 @@ func compile(logger hclog.Logger, raw *Config, prev *Topology) (*Topology, error addTenancy(ce.GetPartition(), ce.GetNamespace()) } + if len(c.InitialResources) > 0 { + c.EnableV2 = true + } + for _, res := range c.InitialResources { + if res.Id.Tenancy == nil { + res.Id.Tenancy = &pbresource.Tenancy{} + } + switch res.Id.Tenancy.PeerName { + case "", "local": + default: + return nil, fmt.Errorf("resources cannot target non-local peers") + } + res.Id.Tenancy.Partition = PartitionOrDefault(res.Id.Tenancy.Partition) + res.Id.Tenancy.Namespace = NamespaceOrDefault(res.Id.Tenancy.Namespace) + + switch { + case util.EqualType(pbauth.ComputedTrafficPermissionsType, res.Id.GetType()), + util.EqualType(pbauth.WorkloadIdentityType, res.Id.GetType()): + fallthrough + case util.EqualType(pbmesh.ComputedRoutesType, res.Id.GetType()), + util.EqualType(pbmesh.ProxyStateTemplateType, res.Id.GetType()): + fallthrough + case util.EqualType(pbcatalog.HealthChecksType, res.Id.GetType()), + util.EqualType(pbcatalog.HealthStatusType, res.Id.GetType()), + util.EqualType(pbcatalog.NodeType, res.Id.GetType()), + util.EqualType(pbcatalog.ServiceEndpointsType, res.Id.GetType()), + util.EqualType(pbcatalog.WorkloadType, res.Id.GetType()): + return nil, fmt.Errorf("you should not create a resource of type %q this way", util.TypeToString(res.Id.Type)) + } + + addTenancy(res.Id.Tenancy.Partition, res.Id.Tenancy.Namespace) + } + seenNodes := make(map[NodeID]struct{}) for _, n := range c.Nodes { if n.Name == "" { @@ -164,6 +220,20 @@ func compile(logger hclog.Logger, raw *Config, prev *Topology) (*Topology, error return nil, fmt.Errorf("cluster %q node %q has invalid kind: %s", c.Name, n.Name, n.Kind) } + if n.Version == NodeVersionUnknown { + n.Version = NodeVersionV1 + } + switch n.Version { + case NodeVersionV1: + case NodeVersionV2: + if n.Kind == NodeKindClient { + return nil, fmt.Errorf("v2 does not support client agents at this time") + } + c.EnableV2 = true + default: + return nil, fmt.Errorf("cluster %q node %q has invalid version: %s", c.Name, n.Name, n.Version) + } + n.Partition = PartitionOrDefault(n.Partition) if !IsValidLabel(n.Partition) { return nil, fmt.Errorf("node partition is not valid: %s", n.Partition) @@ -247,42 +317,59 @@ func compile(logger hclog.Logger, raw *Config, prev *Topology) (*Topology, error return nil, fmt.Errorf("cluster %q node %q has more than one public address", c.Name, n.Name) } - seenServices := make(map[ServiceID]struct{}) - for _, svc := range n.Services { + if len(n.Services) > 0 { + logger.Warn("please use Node.Workloads instead of Node.Services") + n.Workloads = append(n.Workloads, n.Services...) + n.Services = nil + } + + if n.IsDataplane() && len(n.Workloads) > 1 { + // Our use of consul-dataplane here is supposed to mimic that + // of consul-k8s, which ultimately has one IP per Service, so + // we introduce the same limitation here. + return nil, fmt.Errorf("cluster %q node %q uses dataplane, but has more than one service", c.Name, n.Name) + } + + seenServices := make(map[ID]struct{}) + for _, wrk := range n.Workloads { if n.IsAgent() { // Default to that of the enclosing node. - svc.ID.Partition = n.Partition + wrk.ID.Partition = n.Partition } - svc.ID.Normalize() + wrk.ID.Normalize() // Denormalize - svc.Node = n + wrk.Node = n + wrk.NodeVersion = n.Version + if n.IsV2() { + wrk.Workload = wrk.ID.Name + "-" + n.Name + } - if !IsValidLabel(svc.ID.Partition) { - return nil, fmt.Errorf("service partition is not valid: %s", svc.ID.Partition) + if !IsValidLabel(wrk.ID.Partition) { + return nil, fmt.Errorf("service partition is not valid: %s", wrk.ID.Partition) } - if !IsValidLabel(svc.ID.Namespace) { - return nil, fmt.Errorf("service namespace is not valid: %s", svc.ID.Namespace) + if !IsValidLabel(wrk.ID.Namespace) { + return nil, fmt.Errorf("service namespace is not valid: %s", wrk.ID.Namespace) } - if !IsValidLabel(svc.ID.Name) { - return nil, fmt.Errorf("service name is not valid: %s", svc.ID.Name) + if !IsValidLabel(wrk.ID.Name) { + return nil, fmt.Errorf("service name is not valid: %s", wrk.ID.Name) } - if svc.ID.Partition != n.Partition { + if wrk.ID.Partition != n.Partition { return nil, fmt.Errorf("service %s on node %s has mismatched partitions: %s != %s", - svc.ID.Name, n.Name, svc.ID.Partition, n.Partition) + wrk.ID.Name, n.Name, wrk.ID.Partition, n.Partition) } - addTenancy(svc.ID.Partition, svc.ID.Namespace) + addTenancy(wrk.ID.Partition, wrk.ID.Namespace) - if _, exists := seenServices[svc.ID]; exists { - return nil, fmt.Errorf("cannot have two services on the same node %q in the same cluster %q with the same name %q", n.ID(), c.Name, svc.ID) + if _, exists := seenServices[wrk.ID]; exists { + return nil, fmt.Errorf("cannot have two services on the same node %q in the same cluster %q with the same name %q", n.ID(), c.Name, wrk.ID) } - seenServices[svc.ID] = struct{}{} + seenServices[wrk.ID] = struct{}{} - if !svc.DisableServiceMesh && n.IsDataplane() { - if svc.EnvoyPublicListenerPort <= 0 { + if !wrk.DisableServiceMesh && n.IsDataplane() { + if wrk.EnvoyPublicListenerPort <= 0 { if _, ok := n.usedPorts[20000]; !ok { // For convenience the FIRST service on a node can get 20000 for free. - svc.EnvoyPublicListenerPort = 20000 + wrk.EnvoyPublicListenerPort = 20000 } else { return nil, fmt.Errorf("envoy public listener port is required") } @@ -290,54 +377,174 @@ func compile(logger hclog.Logger, raw *Config, prev *Topology) (*Topology, error } // add all of the service ports - for _, port := range svc.ports() { + for _, port := range wrk.ports() { if ok := exposePort(port); !ok { return nil, fmt.Errorf("port used more than once on cluster %q node %q: %d", c.Name, n.ID(), port) } } // TODO(rb): re-expose? - // switch svc.Protocol { + // switch wrk.Protocol { // case "": - // svc.Protocol = "tcp" + // wrk.Protocol = "tcp" // fallthrough // case "tcp": - // if svc.CheckHTTP != "" { + // if wrk.CheckHTTP != "" { // return nil, fmt.Errorf("cannot set CheckHTTP for tcp service") // } // case "http": - // if svc.CheckTCP != "" { + // if wrk.CheckTCP != "" { // return nil, fmt.Errorf("cannot set CheckTCP for tcp service") // } // default: - // return nil, fmt.Errorf("service has invalid protocol: %s", svc.Protocol) + // return nil, fmt.Errorf("service has invalid protocol: %s", wrk.Protocol) // } - for _, u := range svc.Upstreams { + defaultDestination := func(dest *Destination) error { // Default to that of the enclosing service. - if u.Peer == "" { - if u.ID.Partition == "" { - u.ID.Partition = svc.ID.Partition + if dest.Peer == "" { + if dest.ID.Partition == "" { + dest.ID.Partition = wrk.ID.Partition + } + if dest.ID.Namespace == "" { + dest.ID.Namespace = wrk.ID.Namespace + } + } else { + if dest.ID.Partition != "" { + dest.ID.Partition = "" // irrelevant here; we'll set it to the value of the OTHER side for plumbing purposes in tests + } + dest.ID.Namespace = NamespaceOrDefault(dest.ID.Namespace) + foundPeerNames[c.Name][dest.Peer] = struct{}{} + } + + addTenancy(dest.ID.Partition, dest.ID.Namespace) + + if dest.Implied { + if dest.PortName == "" { + return fmt.Errorf("implicit destinations must use port names in v2") + } + } else { + if dest.LocalAddress == "" { + // v1 defaults to 127.0.0.1 but v2 does not. Safe to do this generally though. + dest.LocalAddress = "127.0.0.1" + } + if dest.PortName != "" && n.IsV1() { + return fmt.Errorf("explicit destinations cannot use port names in v1") + } + if dest.PortName == "" && n.IsV2() { + // Assume this is a v1->v2 conversion and name it. + dest.PortName = "legacy" + } + } + + return nil + } + + for _, dest := range wrk.Destinations { + if err := defaultDestination(dest); err != nil { + return nil, err + } + } + + if n.IsV2() { + for _, dest := range wrk.ImpliedDestinations { + dest.Implied = true + if err := defaultDestination(dest); err != nil { + return nil, err + } + } + } else { + if len(wrk.ImpliedDestinations) > 0 { + return nil, fmt.Errorf("v1 does not support implied destinations yet") + } + } + + if err := wrk.Validate(); err != nil { + return nil, fmt.Errorf("cluster %q node %q service %q is not valid: %w", c.Name, n.Name, wrk.ID.String(), err) + } + + if wrk.EnableTransparentProxy && !n.IsDataplane() { + return nil, fmt.Errorf("cannot enable tproxy on a non-dataplane node") + } + + if n.IsV2() { + if implicitV2Services { + wrk.V2Services = []string{wrk.ID.Name} + + var svcPorts []*pbcatalog.ServicePort + for name, cfg := range wrk.Ports { + svcPorts = append(svcPorts, &pbcatalog.ServicePort{ + TargetPort: name, + Protocol: cfg.ActualProtocol, + }) + } + + v2svc := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{}, + Ports: svcPorts, } - if u.ID.Namespace == "" { - u.ID.Namespace = svc.ID.Namespace + + prev, ok := c.Services[wrk.ID] + if !ok { + c.Services[wrk.ID] = v2svc + prev = v2svc + } + if prev.Workloads == nil { + prev.Workloads = &pbcatalog.WorkloadSelector{} } + prev.Workloads.Names = append(prev.Workloads.Names, wrk.Workload) + } else { - if u.ID.Partition != "" { - u.ID.Partition = "" // irrelevant here; we'll set it to the value of the OTHER side for plumbing purposes in tests + for _, name := range wrk.V2Services { + v2ID := NewServiceID(name, wrk.ID.Namespace, wrk.ID.Partition) + + v2svc, ok := c.Services[v2ID] + if !ok { + return nil, fmt.Errorf("cluster %q node %q service %q has a v2 service reference that does not exist %q", + c.Name, n.Name, wrk.ID.String(), name) + } + if v2svc.Workloads == nil { + v2svc.Workloads = &pbcatalog.WorkloadSelector{} + } + v2svc.Workloads.Names = append(v2svc.Workloads.Names, wrk.Workload) } - u.ID.Namespace = NamespaceOrDefault(u.ID.Namespace) - foundPeerNames[c.Name][u.Peer] = struct{}{} } - if u.ID.Name == "" { - return nil, fmt.Errorf("upstream service name is required") + if wrk.WorkloadIdentity == "" { + wrk.WorkloadIdentity = wrk.ID.Name + } + } else { + if len(wrk.V2Services) > 0 { + return nil, fmt.Errorf("cannot specify v2 services for v1") + } + if wrk.WorkloadIdentity != "" { + return nil, fmt.Errorf("cannot specify workload identities for v1") } - addTenancy(u.ID.Partition, u.ID.Namespace) } + } + } + + if err := assignVirtualIPs(c); err != nil { + return nil, err + } - if err := svc.Validate(); err != nil { - return nil, fmt.Errorf("cluster %q node %q service %q is not valid: %w", c.Name, n.Name, svc.ID.String(), err) + if c.EnableV2 { + // Populate the VirtualPort field on all implied destinations. + for _, n := range c.Nodes { + for _, wrk := range n.Workloads { + for _, dest := range wrk.ImpliedDestinations { + res, ok := c.Services[dest.ID] + if ok { + for _, sp := range res.Ports { + if sp.Protocol == pbcatalog.Protocol_PROTOCOL_MESH { + continue + } + if sp.TargetPort == dest.PortName { + dest.VirtualPort = sp.VirtualPort + } + } + } + } } } } @@ -447,25 +654,40 @@ func compile(logger hclog.Logger, raw *Config, prev *Topology) (*Topology, error } } - // after we decoded the peering stuff, we can fill in some computed data in the upstreams + // after we decoded the peering stuff, we can fill in some computed data in the destinations for _, c := range clusters { c.Peerings = clusteredPeerings[c.Name] for _, n := range c.Nodes { - for _, svc := range n.Services { - for _, u := range svc.Upstreams { - if u.Peer == "" { - u.Cluster = c.Name - u.Peering = nil + for _, wrk := range n.Workloads { + for _, dest := range wrk.Destinations { + if dest.Peer == "" { + dest.Cluster = c.Name + dest.Peering = nil + continue + } + remotePeer, ok := c.Peerings[dest.Peer] + if !ok { + return nil, fmt.Errorf("not possible") + } + dest.Cluster = remotePeer.Link.Name + dest.Peering = remotePeer.Link + // this helps in generating fortio assertions; otherwise field is ignored + dest.ID.Partition = remotePeer.Link.Partition + } + for _, dest := range wrk.ImpliedDestinations { + if dest.Peer == "" { + dest.Cluster = c.Name + dest.Peering = nil continue } - remotePeer, ok := c.Peerings[u.Peer] + remotePeer, ok := c.Peerings[dest.Peer] if !ok { return nil, fmt.Errorf("not possible") } - u.Cluster = remotePeer.Link.Name - u.Peering = remotePeer.Link + dest.Cluster = remotePeer.Link.Name + dest.Peering = remotePeer.Link // this helps in generating fortio assertions; otherwise field is ignored - u.ID.Partition = remotePeer.Link.Partition + dest.ID.Partition = remotePeer.Link.Partition } } } @@ -519,6 +741,9 @@ func compile(logger hclog.Logger, raw *Config, prev *Topology) (*Topology, error if len(newCluster.InitialConfigEntries) > 0 { logger.Warn("initial config entries were provided, but are skipped on recompile") } + if len(newCluster.InitialResources) > 0 { + logger.Warn("initial resources were provided, but are skipped on recompile") + } // Check NODES if err := inheritAndValidateNodes(oldCluster.Nodes, newCluster.Nodes); err != nil { @@ -530,6 +755,51 @@ func compile(logger hclog.Logger, raw *Config, prev *Topology) (*Topology, error return t, nil } +func assignVirtualIPs(c *Cluster) error { + lastVIPIndex := 1 + for _, svcData := range c.Services { + lastVIPIndex++ + if lastVIPIndex > 250 { + return fmt.Errorf("too many ips using this approach to VIPs") + } + svcData.VirtualIps = []string{ + fmt.Sprintf("10.244.0.%d", lastVIPIndex), + } + + // populate virtual ports where we forgot them + var ( + usedPorts = make(map[uint32]struct{}) + next = uint32(8080) + ) + for _, sp := range svcData.Ports { + if sp.Protocol == pbcatalog.Protocol_PROTOCOL_MESH { + continue + } + if sp.VirtualPort > 0 { + usedPorts[sp.VirtualPort] = struct{}{} + } + } + for _, sp := range svcData.Ports { + if sp.Protocol == pbcatalog.Protocol_PROTOCOL_MESH { + continue + } + if sp.VirtualPort > 0 { + continue + } + RETRY: + attempt := next + next++ + _, used := usedPorts[attempt] + if used { + goto RETRY + } + usedPorts[attempt] = struct{}{} + sp.VirtualPort = attempt + } + } + return nil +} + const permutedWarning = "use the disabled node kind if you want to ignore a node" func inheritAndValidateNodes( @@ -553,6 +823,7 @@ func inheritAndValidateNodes( } if currNode.Node.Kind != node.Kind || + currNode.Node.Version != node.Version || currNode.Node.Partition != node.Partition || currNode.Node.Name != node.Name || currNode.Node.Index != node.Index || @@ -578,25 +849,26 @@ func inheritAndValidateNodes( currAddr.inheritFromExisting(prevAddr) } - svcMap := mapifyServices(currNode.Node.Services) + wrkMap := mapifyWorkloads(currNode.Node.Workloads) - for _, svc := range node.Services { - currSvc, ok := svcMap[svc.ID] + for _, wrk := range node.Workloads { + currWrk, ok := wrkMap[wrk.ID] if !ok { continue // service has vanished, this is ok } // don't care about index permutation - if currSvc.ID != svc.ID || - currSvc.Port != svc.Port || - currSvc.EnvoyAdminPort != svc.EnvoyAdminPort || - currSvc.EnvoyPublicListenerPort != svc.EnvoyPublicListenerPort || - isSame(currSvc.Command, svc.Command) != nil || - isSame(currSvc.Env, svc.Env) != nil { - return fmt.Errorf("cannot edit some address fields for %q", svc.ID) + if currWrk.ID != wrk.ID || + currWrk.Port != wrk.Port || + !maps.Equal(currWrk.Ports, wrk.Ports) || + currWrk.EnvoyAdminPort != wrk.EnvoyAdminPort || + currWrk.EnvoyPublicListenerPort != wrk.EnvoyPublicListenerPort || + isSame(currWrk.Command, wrk.Command) != nil || + isSame(currWrk.Env, wrk.Env) != nil { + return fmt.Errorf("cannot edit some address fields for %q", wrk.ID) } - currSvc.inheritFromExisting(svc) + currWrk.inheritFromExisting(wrk) } } return nil @@ -669,10 +941,10 @@ type nodeWithPosition struct { Node *Node } -func mapifyServices(services []*Service) map[ServiceID]*Service { - m := make(map[ServiceID]*Service) - for _, svc := range services { - m[svc.ID] = svc +func mapifyWorkloads(workloads []*Service) map[ID]*Service { + m := make(map[ID]*Service) + for _, wrk := range workloads { + m[wrk.ID] = wrk } return m } diff --git a/testing/deployer/topology/default_cdp.go b/testing/deployer/topology/default_cdp.go deleted file mode 100644 index f20df3d1a9cc..000000000000 --- a/testing/deployer/topology/default_cdp.go +++ /dev/null @@ -1,6 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package topology - -const DefaultDataplaneImage = "hashicorp/consul-dataplane:1.2.1" diff --git a/testing/deployer/topology/default_consul.go b/testing/deployer/topology/default_consul.go deleted file mode 100644 index f9542f16643d..000000000000 --- a/testing/deployer/topology/default_consul.go +++ /dev/null @@ -1,7 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package topology - -const DefaultConsulImage = "hashicorp/consul:1.15.2" -const DefaultConsulEnterpriseImage = "hashicorp/consul-enterprise:1.15.2-ent" diff --git a/testing/deployer/topology/default_versions.go b/testing/deployer/topology/default_versions.go new file mode 100644 index 000000000000..d4743b862604 --- /dev/null +++ b/testing/deployer/topology/default_versions.go @@ -0,0 +1,13 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +// Code generated by update-latest-versions.sh. DO NOT EDIT. + +package topology + +const ( + DefaultConsulImage = "hashicorp/consul:1.17.0" + DefaultConsulEnterpriseImage = "hashicorp/consul-enterprise:1.17.0-ent" + DefaultEnvoyImage = "envoyproxy/envoy:v1.27.2" + DefaultDataplaneImage = "hashicorp/consul-dataplane:1.3.0" +) diff --git a/testing/deployer/topology/default_envoy.go b/testing/deployer/topology/generate.go similarity index 62% rename from testing/deployer/topology/default_envoy.go rename to testing/deployer/topology/generate.go index c557a318a17f..f9d6e26c3acb 100644 --- a/testing/deployer/topology/default_envoy.go +++ b/testing/deployer/topology/generate.go @@ -3,4 +3,4 @@ package topology -const DefaultEnvoyImage = "envoyproxy/envoy:v1.25.1" +//go:generate ../update-latest-versions.sh diff --git a/testing/deployer/topology/ids.go b/testing/deployer/topology/ids.go index 3f964b12548e..b120a85856c2 100644 --- a/testing/deployer/topology/ids.go +++ b/testing/deployer/topology/ids.go @@ -9,41 +9,6 @@ import ( "github.com/hashicorp/consul/api" ) -type NodeServiceID struct { - Node string - Service string `json:",omitempty"` - Namespace string `json:",omitempty"` - Partition string `json:",omitempty"` -} - -func NewNodeServiceID(node, service, namespace, partition string) NodeServiceID { - id := NodeServiceID{ - Node: node, - Service: service, - Namespace: namespace, - Partition: partition, - } - id.Normalize() - return id -} - -func (id NodeServiceID) NodeID() NodeID { - return NewNodeID(id.Node, id.Partition) -} - -func (id NodeServiceID) ServiceID() ServiceID { - return NewServiceID(id.Service, id.Namespace, id.Partition) -} - -func (id *NodeServiceID) Normalize() { - id.Namespace = NamespaceOrDefault(id.Namespace) - id.Partition = PartitionOrDefault(id.Partition) -} - -func (id NodeServiceID) String() string { - return fmt.Sprintf("%s/%s/%s/%s", id.Partition, id.Node, id.Namespace, id.Service) -} - type NodeID struct { Name string `json:",omitempty"` Partition string `json:",omitempty"` @@ -69,18 +34,19 @@ func (id NodeID) String() string { func (id NodeID) ACLString() string { return fmt.Sprintf("%s--%s", id.Partition, id.Name) } + func (id NodeID) TFString() string { return id.ACLString() } -type ServiceID struct { +type ID struct { Name string `json:",omitempty"` Namespace string `json:",omitempty"` Partition string `json:",omitempty"` } -func NewServiceID(name, namespace, partition string) ServiceID { - id := ServiceID{ +func NewID(name, namespace, partition string) ID { + id := ID{ Name: name, Namespace: namespace, Partition: partition, @@ -89,7 +55,7 @@ func NewServiceID(name, namespace, partition string) ServiceID { return id } -func (id ServiceID) Less(other ServiceID) bool { +func (id ID) Less(other ID) bool { if id.Partition != other.Partition { return id.Partition < other.Partition } @@ -99,28 +65,45 @@ func (id ServiceID) Less(other ServiceID) bool { return id.Name < other.Name } -func (id *ServiceID) Normalize() { +func (id *ID) Normalize() { id.Namespace = NamespaceOrDefault(id.Namespace) id.Partition = PartitionOrDefault(id.Partition) } -func (id ServiceID) String() string { +func (id ID) String() string { return fmt.Sprintf("%s/%s/%s", id.Partition, id.Namespace, id.Name) } -func (id ServiceID) ACLString() string { +func (id ID) ACLString() string { return fmt.Sprintf("%s--%s--%s", id.Partition, id.Namespace, id.Name) } -func (id ServiceID) TFString() string { + +func (id ID) TFString() string { return id.ACLString() } +func (id ID) PartitionOrDefault() string { + return PartitionOrDefault(id.Partition) +} + +func (id ID) NamespaceOrDefault() string { + return NamespaceOrDefault(id.Namespace) +} + +func (id ID) QueryOptions() *api.QueryOptions { + return &api.QueryOptions{ + Partition: DefaultToEmpty(id.Partition), + Namespace: DefaultToEmpty(id.Namespace), + } +} + func PartitionOrDefault(name string) string { if name == "" { return "default" } return name } + func NamespaceOrDefault(name string) string { if name == "" { return "default" diff --git a/testing/deployer/topology/images.go b/testing/deployer/topology/images.go index 836ddb091c91..b8e1ebce6ade 100644 --- a/testing/deployer/topology/images.go +++ b/testing/deployer/topology/images.go @@ -25,22 +25,27 @@ func (i Images) LocalDataplaneImage() string { tag = "latest" } - repo, name, ok := strings.Cut(img, "/") - if ok { - name = repo + "-" + name - } + name := strings.ReplaceAll(img, "/", "-") // ex: local/hashicorp-consul-dataplane:1.1.0 return "local/" + name + ":" + tag } +func (i Images) LocalDataplaneTProxyImage() string { + return spliceImageNamesAndTags(i.Dataplane, i.Consul, "tproxy") +} + func (i Images) EnvoyConsulImage() string { - if i.Consul == "" || i.Envoy == "" { + return spliceImageNamesAndTags(i.Consul, i.Envoy, "") +} + +func spliceImageNamesAndTags(base1, base2, nameSuffix string) string { + if base1 == "" || base2 == "" { return "" } - img1, tag1, ok1 := strings.Cut(i.Consul, ":") - img2, tag2, ok2 := strings.Cut(i.Envoy, ":") + img1, tag1, ok1 := strings.Cut(base1, ":") + img2, tag2, ok2 := strings.Cut(base2, ":") if !ok1 { tag1 = "latest" } @@ -48,22 +53,15 @@ func (i Images) EnvoyConsulImage() string { tag2 = "latest" } - repo1, name1, ok1 := strings.Cut(img1, "/") - repo2, name2, ok2 := strings.Cut(img2, "/") + name1 := strings.ReplaceAll(img1, "/", "-") + name2 := strings.ReplaceAll(img2, "/", "-") - if ok1 { - name1 = repo1 + "-" + name1 - } else { - name1 = repo1 - } - if ok2 { - name2 = repo2 + "-" + name2 - } else { - name2 = repo2 + if nameSuffix != "" { + nameSuffix = "-" + nameSuffix } // ex: local/hashicorp-consul-and-envoyproxy-envoy:1.15.0-with-v1.26.2 - return "local/" + name1 + "-and-" + name2 + ":" + tag1 + "-with-" + tag2 + return "local/" + name1 + "-and-" + name2 + nameSuffix + ":" + tag1 + "-with-" + tag2 } // TODO: what is this for and why do we need to do this and why is it named this? diff --git a/testing/deployer/topology/naming_shim.go b/testing/deployer/topology/naming_shim.go new file mode 100644 index 000000000000..7cc51c19d8b5 --- /dev/null +++ b/testing/deployer/topology/naming_shim.go @@ -0,0 +1,43 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package topology + +// Deprecated: SortedWorkloads +func (n *Node) SortedServices() []*Workload { + return n.SortedWorkloads() +} + +// Deprecated: mapifyWorkloads +func mapifyServices(services []*Workload) map[ServiceID]*Workload { + return mapifyWorkloads(services) +} + +// Deprecated: WorkloadByID +func (c *Cluster) ServiceByID(nid NodeID, sid ServiceID) *Workload { + return c.WorkloadByID(nid, sid) +} + +// Deprecated: WorkloadsByID +func (c *Cluster) ServicesByID(sid ServiceID) []*Workload { + return c.WorkloadsByID(sid) +} + +// Deprecated: WorkloadByID +func (n *Node) ServiceByID(sid ServiceID) *Workload { + return n.WorkloadByID(sid) +} + +// Deprecated: Workload +type Service = Workload + +// Deprecated: ID +type ServiceID = ID + +// Deprecated: NewID +func NewServiceID(name, namespace, partition string) ID { + return NewID(name, namespace, partition) +} + +// Deprecated: Destination +type Upstream = Destination diff --git a/testing/deployer/topology/relationships.go b/testing/deployer/topology/relationships.go new file mode 100644 index 000000000000..212841de3c80 --- /dev/null +++ b/testing/deployer/topology/relationships.go @@ -0,0 +1,97 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package topology + +import ( + "bytes" + "fmt" + "text/tabwriter" +) + +// ComputeRelationships will analyze a full topology and generate all of the +// caller/destination information for all of them. +func (t *Topology) ComputeRelationships() []Relationship { + var out []Relationship + for _, cluster := range t.Clusters { + for _, n := range cluster.Nodes { + for _, w := range n.Workloads { + for _, dest := range w.Destinations { + out = append(out, Relationship{ + Caller: w, + Destination: dest, + Upstream: dest, + }) + } + for _, dest := range w.ImpliedDestinations { + out = append(out, Relationship{ + Caller: w, + Destination: dest, + Upstream: dest, + }) + } + } + } + } + return out +} + +// RenderRelationships will take the output of ComputeRelationships and display +// it in tabular form. +func RenderRelationships(ships []Relationship) string { + var buf bytes.Buffer + w := tabwriter.NewWriter(&buf, 0, 0, 3, ' ', tabwriter.Debug) + fmt.Fprintf(w, "CALLER\tnode\tservice\tport\tDEST\tservice\t\n") + for _, r := range ships { + suffix := "" + if r.Destination.Implied { + suffix = " (implied)" + } + fmt.Fprintf(w, + "%s\t%s\t%s\t%d\t%s\t%s\t\n", + r.callingCluster(), + r.Caller.Node.ID().String(), + r.Caller.ID.String(), + r.Destination.LocalPort, + r.destinationCluster(), + r.Destination.ID.String()+suffix, + ) + } + fmt.Fprintf(w, "\t\t\t\t\t\t\n") + + w.Flush() + return buf.String() +} + +type Relationship struct { + Caller *Workload + Destination *Destination + + // Deprecated: Destination + Upstream *Destination +} + +func (r Relationship) String() string { + suffix := "" + if r.Destination.PortName != "" { + suffix = " port " + r.Destination.PortName + } + return fmt.Sprintf( + "%s on %s in %s via :%d => %s in %s%s", + r.Caller.ID.String(), + r.Caller.Node.ID().String(), + r.callingCluster(), + r.Destination.LocalPort, + r.Destination.ID.String(), + r.destinationCluster(), + suffix, + ) +} + +func (r Relationship) callingCluster() string { + return r.Caller.Node.Cluster +} + +func (r Relationship) destinationCluster() string { + return r.Destination.Cluster +} diff --git a/testing/deployer/topology/topology.go b/testing/deployer/topology/topology.go index a71dbaa4514f..10e9add9e92d 100644 --- a/testing/deployer/topology/topology.go +++ b/testing/deployer/topology/topology.go @@ -10,8 +10,11 @@ import ( "net/netip" "reflect" "sort" + "strings" "github.com/hashicorp/consul/api" + pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" + "github.com/hashicorp/consul/proto-public/pbresource" ) type Topology struct { @@ -108,6 +111,45 @@ func (c *Config) Cluster(name string) *Cluster { return nil } +// DisableNode is a no-op if the node is already disabled. +func (c *Config) DisableNode(clusterName string, nid NodeID) (bool, error) { + cluster := c.Cluster(clusterName) + if cluster == nil { + return false, fmt.Errorf("no such cluster: %q", clusterName) + } + + for _, n := range cluster.Nodes { + if n.ID() == nid { + if n.Disabled { + return false, nil + } + n.Disabled = true + return true, nil + } + } + + return false, fmt.Errorf("expected to find nodeID %q in cluster %q", nid.String(), clusterName) +} + +// EnableNode is a no-op if the node is already enabled. +func (c *Config) EnableNode(clusterName string, nid NodeID) (bool, error) { + cluster := c.Cluster(clusterName) + if cluster == nil { + return false, fmt.Errorf("no such cluster: %q", clusterName) + } + + for _, n := range cluster.Nodes { + if n.ID() == nid { + if !n.Disabled { + return false, nil + } + n.Disabled = false + return true, nil + } + } + return false, fmt.Errorf("expected to find nodeID %q in cluster %q", nid.String(), clusterName) +} + type Network struct { Type string // lan/wan ; empty means lan Name string // logical name @@ -198,6 +240,14 @@ type Cluster struct { // components. Enterprise bool `json:",omitempty"` + // Services is a forward declaration of V2 services. This goes in hand with + // the V2Services field on the Service (instance) struct. + // + // Use of this is optional. If you elect not to use it, then v2 Services + // definitions are inferred from the list of service instances defined on + // the nodes in this cluster. + Services map[ID]*pbcatalog.Service `json:"omitempty"` + // Nodes is the definition of the nodes (agent-less and agent-ful). Nodes []*Node @@ -212,11 +262,16 @@ type Cluster struct { // create multiple peer clusters with identical datacenter names. Datacenter string - // InitialConfigEntries is a convenience function to have some config + // InitialConfigEntries is a convenience mechanism to have some config // entries created after the servers start up but before the rest of the // topology comes up. InitialConfigEntries []api.ConfigEntry `json:",omitempty"` + // InitialResources is a convenience mechanism to have some resources + // created after the servers start up but before the rest of the topology + // comes up. + InitialResources []*pbresource.Resource `json:",omitempty"` + // TLSVolumeName is the docker volume name containing the various certs // generated by 'consul tls cert create' // @@ -227,6 +282,10 @@ type Cluster struct { // // Denormalized during compile. Peerings map[string]*PeerCluster `json:",omitempty"` + + // EnableV2 activates V2 on the servers. If any node in the cluster needs + // V2 this will be turned on automatically. + EnableV2 bool `json:",omitempty"` } func (c *Cluster) inheritFromExisting(existing *Cluster) { @@ -351,26 +410,18 @@ func (c *Cluster) SortedNodes() []*Node { return out } -func (c *Cluster) FindService(id NodeServiceID) *Service { - id.Normalize() - - nid := id.NodeID() - sid := id.ServiceID() - return c.ServiceByID(nid, sid) -} - -func (c *Cluster) ServiceByID(nid NodeID, sid ServiceID) *Service { - return c.NodeByID(nid).ServiceByID(sid) +func (c *Cluster) WorkloadByID(nid NodeID, sid ID) *Workload { + return c.NodeByID(nid).WorkloadByID(sid) } -func (c *Cluster) ServicesByID(sid ServiceID) []*Service { - sid.Normalize() +func (c *Cluster) WorkloadsByID(id ID) []*Workload { + id.Normalize() - var out []*Service + var out []*Workload for _, n := range c.Nodes { - for _, svc := range n.Services { - if svc.ID == sid { - out = append(out, svc) + for _, wrk := range n.Workloads { + if wrk.ID == id { + out = append(out, wrk) } } } @@ -422,9 +473,18 @@ const ( NodeKindDataplane NodeKind = "dataplane" ) +type NodeVersion string + +const ( + NodeVersionUnknown NodeVersion = "" + NodeVersionV1 NodeVersion = "v1" + NodeVersionV2 NodeVersion = "v2" +) + // TODO: rename pod type Node struct { Kind NodeKind + Version NodeVersion Partition string // will be not empty Name string // logical name @@ -436,7 +496,9 @@ type Node struct { Disabled bool `json:",omitempty"` Addresses []*Address - Services []*Service + Workloads []*Workload + // Deprecated: use Workloads + Services []*Workload // denormalized at topology compile Cluster string @@ -462,6 +524,9 @@ func (n *Node) DockerName() string { } func (n *Node) ExposedPort(internalPort int) int { + if internalPort == 0 { + return 0 + } return n.usedPorts[internalPort] } @@ -515,7 +580,7 @@ func (n *Node) LocalAddress() string { for _, a := range n.Addresses { if a.IsLocal() { if a.IPAddress == "" { - panic("node has no assigned local address") + panic("node has no assigned local address: " + n.Name) } return a.IPAddress } @@ -538,7 +603,7 @@ func (n *Node) LocalProxyPort() int { if a.ProxyPort > 0 { return a.ProxyPort } - panic("node has no assigned local address") + panic("node has no assigned local address: " + n.Name) } } panic("node has no local network") @@ -568,6 +633,14 @@ func (n *Node) PublicProxyPort() int { panic("node has no public network") } +func (n *Node) IsV2() bool { + return n.Version == NodeVersionV2 +} + +func (n *Node) IsV1() bool { + return !n.IsV2() +} + func (n *Node) IsServer() bool { return n.Kind == NodeKindServer } @@ -584,9 +657,9 @@ func (n *Node) IsDataplane() bool { return n.Kind == NodeKindDataplane } -func (n *Node) SortedServices() []*Service { - var out []*Service - out = append(out, n.Services...) +func (n *Node) SortedWorkloads() []*Workload { + var out []*Workload + out = append(out, n.Workloads...) sort.Slice(out, func(i, j int) bool { mi := out[i].IsMeshGateway mj := out[j].IsMeshGateway @@ -600,6 +673,15 @@ func (n *Node) SortedServices() []*Service { return out } +func (n *Node) NeedsTransparentProxy() bool { + for _, svc := range n.Workloads { + if svc.EnableTransparentProxy { + return true + } + } + return false +} + // DigestExposedPorts returns true if it was changed. func (n *Node) DigestExposedPorts(ports map[int]int) bool { if reflect.DeepEqual(n.usedPorts, ports) { @@ -617,33 +699,79 @@ func (n *Node) DigestExposedPorts(ports map[int]int) bool { )) } } - for _, svc := range n.Services { + for _, svc := range n.Workloads { svc.DigestExposedPorts(ports) } return true } -func (n *Node) ServiceByID(sid ServiceID) *Service { - sid.Normalize() - for _, svc := range n.Services { - if svc.ID == sid { - return svc +func (n *Node) WorkloadByID(id ID) *Workload { + id.Normalize() + for _, wrk := range n.Workloads { + if wrk.ID == id { + return wrk } } - panic("service not found: " + sid.String()) + panic("workload not found: " + id.String()) +} + +// Protocol is a convenience function to use when authoring topology configs. +func Protocol(s string) (pbcatalog.Protocol, bool) { + switch strings.ToLower(s) { + case "tcp": + return pbcatalog.Protocol_PROTOCOL_TCP, true + case "http": + return pbcatalog.Protocol_PROTOCOL_HTTP, true + case "http2": + return pbcatalog.Protocol_PROTOCOL_HTTP2, true + case "grpc": + return pbcatalog.Protocol_PROTOCOL_GRPC, true + case "mesh": + return pbcatalog.Protocol_PROTOCOL_MESH, true + default: + return pbcatalog.Protocol_PROTOCOL_UNSPECIFIED, false + } } -type ServiceAndNode struct { - Service *Service - Node *Node +type Port struct { + Number int + Protocol string `json:",omitempty"` + + // denormalized at topology compile + ActualProtocol pbcatalog.Protocol `json:",omitempty"` } -type Service struct { - ID ServiceID - Image string - Port int - ExposedPort int `json:",omitempty"` +type Workload struct { + ID ID + Image string + + // Port is the v1 single-port of this service. + Port int `json:",omitempty"` + + // Ports is the v2 multi-port list for this service. + // + // This only applies for multi-port (v2). + Ports map[string]*Port `json:",omitempty"` + + // V2Services contains service names (which are merged with the tenancy + // info from ID) to resolve services in the Services slice in the Cluster + // definition. + // + // If omitted it is inferred that the ID.Name field is the singular service + // for this workload. + // + // This only applies for multi-port (v2). + V2Services []string `json:",omitempty"` + + // WorkloadIdentity contains named WorkloadIdentity to assign to this + // workload. + // + // If omitted it is inferred that the ID.Name field is the singular + // identity for this workload. + // + // This only applies for multi-port (v2). + WorkloadIdentity string `json:",omitempty"` Disabled bool `json:",omitempty"` // TODO @@ -662,107 +790,240 @@ type Service struct { Command []string `json:",omitempty"` // optional Env []string `json:",omitempty"` // optional - DisableServiceMesh bool `json:",omitempty"` - IsMeshGateway bool `json:",omitempty"` - Upstreams []*Upstream + EnableTransparentProxy bool `json:",omitempty"` + DisableServiceMesh bool `json:",omitempty"` + IsMeshGateway bool `json:",omitempty"` + Destinations []*Destination `json:",omitempty"` + ImpliedDestinations []*Destination `json:",omitempty"` + + // Deprecated: Destinations + Upstreams []*Destination `json:",omitempty"` + // Deprecated: ImpliedDestinations + ImpliedUpstreams []*Destination `json:",omitempty"` // denormalized at topology compile - Node *Node `json:"-"` + Node *Node `json:"-"` + NodeVersion NodeVersion `json:"-"` + Workload string `json:"-"` +} + +func (w *Workload) ExposedPort(name string) int { + if w.Node == nil { + panic("ExposedPort cannot be called until after Compile") + } + + var internalPort int + if name == "" { + internalPort = w.Port + } else { + port, ok := w.Ports[name] + if !ok { + panic("port with name " + name + " not present on service") + } + internalPort = port.Number + } + + return w.Node.ExposedPort(internalPort) +} + +func (w *Workload) PortOrDefault(name string) int { + if len(w.Ports) > 0 { + return w.Ports[name].Number + } + return w.Port +} + +func (w *Workload) IsV2() bool { + return w.NodeVersion == NodeVersionV2 } -func (s *Service) inheritFromExisting(existing *Service) { - s.ExposedPort = existing.ExposedPort - s.ExposedEnvoyAdminPort = existing.ExposedEnvoyAdminPort +func (w *Workload) IsV1() bool { + return !w.IsV2() } -func (s *Service) ports() []int { +func (w *Workload) inheritFromExisting(existing *Workload) { + w.ExposedEnvoyAdminPort = existing.ExposedEnvoyAdminPort +} + +func (w *Workload) ports() []int { var out []int - if s.Port > 0 { - out = append(out, s.Port) + if len(w.Ports) > 0 { + seen := make(map[int]struct{}) + for _, port := range w.Ports { + if _, ok := seen[port.Number]; !ok { + // It's totally fine to expose the same port twice in a workload. + seen[port.Number] = struct{}{} + out = append(out, port.Number) + } + } + } else if w.Port > 0 { + out = append(out, w.Port) } - if s.EnvoyAdminPort > 0 { - out = append(out, s.EnvoyAdminPort) + if w.EnvoyAdminPort > 0 { + out = append(out, w.EnvoyAdminPort) } - if s.EnvoyPublicListenerPort > 0 { - out = append(out, s.EnvoyPublicListenerPort) + if w.EnvoyPublicListenerPort > 0 { + out = append(out, w.EnvoyPublicListenerPort) } - for _, u := range s.Upstreams { - if u.LocalPort > 0 { - out = append(out, u.LocalPort) + for _, dest := range w.Destinations { + if dest.LocalPort > 0 { + out = append(out, dest.LocalPort) } } return out } -func (s *Service) HasCheck() bool { - return s.CheckTCP != "" || s.CheckHTTP != "" +func (w *Workload) HasCheck() bool { + return w.CheckTCP != "" || w.CheckHTTP != "" } -func (s *Service) DigestExposedPorts(ports map[int]int) { - s.ExposedPort = ports[s.Port] - if s.EnvoyAdminPort > 0 { - s.ExposedEnvoyAdminPort = ports[s.EnvoyAdminPort] +func (w *Workload) DigestExposedPorts(ports map[int]int) { + if w.EnvoyAdminPort > 0 { + w.ExposedEnvoyAdminPort = ports[w.EnvoyAdminPort] } else { - s.ExposedEnvoyAdminPort = 0 + w.ExposedEnvoyAdminPort = 0 } } -func (s *Service) Validate() error { - if s.ID.Name == "" { +func (w *Workload) Validate() error { + if w.ID.Name == "" { return fmt.Errorf("service name is required") } - if s.Image == "" && !s.IsMeshGateway { + if w.Image == "" && !w.IsMeshGateway { return fmt.Errorf("service image is required") } - if s.Port <= 0 { - return fmt.Errorf("service has invalid port") + + if len(w.Upstreams) > 0 { + w.Destinations = append(w.Destinations, w.Upstreams...) + w.Upstreams = nil + } + if len(w.ImpliedUpstreams) > 0 { + w.ImpliedDestinations = append(w.ImpliedDestinations, w.ImpliedUpstreams...) + w.ImpliedUpstreams = nil } - if s.DisableServiceMesh && s.IsMeshGateway { + + if w.IsV2() { + if len(w.Ports) > 0 && w.Port > 0 { + return fmt.Errorf("cannot specify both singleport and multiport on service in v2") + } + if w.Port > 0 { + w.Ports = map[string]*Port{ + "legacy": { + Number: w.Port, + Protocol: "tcp", + }, + } + w.Port = 0 + } + + if !w.DisableServiceMesh && w.EnvoyPublicListenerPort > 0 { + w.Ports["mesh"] = &Port{ + Number: w.EnvoyPublicListenerPort, + Protocol: "mesh", + } + } + + for name, port := range w.Ports { + if port == nil { + return fmt.Errorf("cannot be nil") + } + if port.Number <= 0 { + return fmt.Errorf("service has invalid port number %q", name) + } + if port.ActualProtocol != pbcatalog.Protocol_PROTOCOL_UNSPECIFIED { + return fmt.Errorf("user cannot specify ActualProtocol field") + } + + proto, valid := Protocol(port.Protocol) + if !valid { + return fmt.Errorf("service has invalid port protocol %q", port.Protocol) + } + port.ActualProtocol = proto + } + } else { + if len(w.Ports) > 0 { + return fmt.Errorf("cannot specify mulitport on service in v1") + } + if w.Port <= 0 { + return fmt.Errorf("service has invalid port") + } + if w.EnableTransparentProxy { + return fmt.Errorf("tproxy does not work with v1 yet") + } + } + if w.DisableServiceMesh && w.IsMeshGateway { return fmt.Errorf("cannot disable service mesh and still run a mesh gateway") } - if s.DisableServiceMesh && len(s.Upstreams) > 0 { - return fmt.Errorf("cannot disable service mesh and configure upstreams") + if w.DisableServiceMesh && len(w.Destinations) > 0 { + return fmt.Errorf("cannot disable service mesh and configure destinations") + } + if w.DisableServiceMesh && len(w.ImpliedDestinations) > 0 { + return fmt.Errorf("cannot disable service mesh and configure implied destinations") + } + if w.DisableServiceMesh && w.EnableTransparentProxy { + return fmt.Errorf("cannot disable service mesh and activate tproxy") } - if s.DisableServiceMesh { - if s.EnvoyAdminPort != 0 { + if w.DisableServiceMesh { + if w.EnvoyAdminPort != 0 { return fmt.Errorf("cannot use envoy admin port without a service mesh") } } else { - if s.EnvoyAdminPort <= 0 { + if w.EnvoyAdminPort <= 0 { return fmt.Errorf("envoy admin port is required") } } - for _, u := range s.Upstreams { - if u.ID.Name == "" { - return fmt.Errorf("upstream service name is required") + for _, dest := range w.Destinations { + if dest.ID.Name == "" { + return fmt.Errorf("destination service name is required") } - if u.LocalPort <= 0 { - return fmt.Errorf("upstream local port is required") + if dest.LocalPort <= 0 { + return fmt.Errorf("destination local port is required") } - if u.LocalAddress != "" { - ip := net.ParseIP(u.LocalAddress) + if dest.LocalAddress != "" { + ip := net.ParseIP(dest.LocalAddress) if ip == nil { - return fmt.Errorf("upstream local address is invalid: %s", u.LocalAddress) + return fmt.Errorf("destination local address is invalid: %s", dest.LocalAddress) } } + if dest.Implied { + return fmt.Errorf("implied field cannot be set") + } + } + for _, dest := range w.ImpliedDestinations { + if dest.ID.Name == "" { + return fmt.Errorf("implied destination service name is required") + } + if dest.LocalPort > 0 { + return fmt.Errorf("implied destination local port cannot be set") + } + if dest.LocalAddress != "" { + return fmt.Errorf("implied destination local address cannot be set") + } } return nil } -type Upstream struct { - ID ServiceID +type Destination struct { + ID ID LocalAddress string `json:",omitempty"` // defaults to 127.0.0.1 LocalPort int Peer string `json:",omitempty"` + + // PortName is the named port of this Destination to route traffic to. + // + // This only applies for multi-port (v2). + PortName string `json:",omitempty"` // TODO: what about mesh gateway mode overrides? // computed at topology compile - Cluster string `json:",omitempty"` - Peering *PeerCluster `json:",omitempty"` // this will have Link!=nil + Cluster string `json:",omitempty"` + Peering *PeerCluster `json:",omitempty"` // this will have Link!=nil + Implied bool `json:",omitempty"` + VirtualPort uint32 `json:",omitempty"` } type Peering struct { diff --git a/testing/deployer/update-latest-versions.sh b/testing/deployer/update-latest-versions.sh new file mode 100755 index 000000000000..7c2eef790a1a --- /dev/null +++ b/testing/deployer/update-latest-versions.sh @@ -0,0 +1,59 @@ +#!/bin/bash + +set -euo pipefail + +unset CDPATH + +cd "$(dirname "$0")" + +### +# This script will update the default image names to the latest released versions of +# Consul, Consul Enterprise, and Consul Dataplane. +# +# For Envoy, it will interrogate the latest version of Consul for it's maximum supported +# Envoy version and use that. +### + +readonly consul_latest="hashicorp/consul:latest" +readonly dataplane_latest="hashicorp/consul-dataplane:latest" + +# First pull current versions of some images. +docker pull "$consul_latest" || true +docker pull "$dataplane_latest" || true + +# Read the version from the easy ones directly out of their image labels. +consul_version="$(docker image inspect "$consul_latest" | jq -r '.[0].Config.Labels."org.opencontainers.image.version"')" +dataplane_version="$(docker image inspect "$dataplane_latest" | jq -r '.[0].Config.Labels.version')" + +# Check to see what version of Envoy consul wants. +docker rm -f consul-envoy-check &>/dev/null || true +docker run -d --name consul-envoy-check "$consul_latest" + +envoy_version="" +while true; do + # We have to retry in case consul doesn't fully start up before we get here. + set +e + envoy_version="$(docker exec consul-envoy-check sh -c 'wget -q localhost:8500/v1/agent/self -O -' | jq -r '.xDS.SupportedProxies.envoy[0]')" + set -e + if [[ -n "$envoy_version" ]]; then + break + fi +done +docker rm -f consul-envoy-check &>/dev/null || true + +cat > topology/default_versions.go < ../api - -replace github.com/hashicorp/consul/envoyextensions => ../envoyextensions - -replace github.com/hashicorp/consul/proto-public => ../proto-public +replace ( + github.com/hashicorp/consul/api => ../api + github.com/hashicorp/consul/envoyextensions => ../envoyextensions +) exclude ( github.com/hashicorp/go-msgpack v1.1.5 // has breaking changes and must be avoided @@ -14,10 +13,10 @@ exclude ( ) require ( - github.com/envoyproxy/go-control-plane v0.11.0 + github.com/envoyproxy/go-control-plane v0.11.1 github.com/envoyproxy/go-control-plane/xdsmatcher v0.0.0-20230524161521-aaaacbfbe53e - github.com/hashicorp/consul/api v1.24.0 - github.com/hashicorp/consul/envoyextensions v0.4.1 + github.com/hashicorp/consul/api v1.26.1 + github.com/hashicorp/consul/envoyextensions v0.5.1 github.com/stretchr/testify v1.8.3 google.golang.org/protobuf v1.30.0 ) @@ -25,9 +24,9 @@ require ( require ( github.com/armon/go-metrics v0.4.1 // indirect github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect - github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195 // indirect + github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/envoyproxy/protoc-gen-validate v0.10.0 // indirect + github.com/envoyproxy/protoc-gen-validate v1.0.1 // indirect github.com/fatih/color v1.14.1 // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect @@ -45,15 +44,17 @@ require ( github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/prometheus/client_model v0.3.0 // indirect + github.com/prometheus/client_model v0.4.0 // indirect github.com/rogpeppe/go-internal v1.10.0 // indirect go.opentelemetry.io/proto/otlp v0.19.0 // indirect golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 // indirect - golang.org/x/net v0.13.0 // indirect - golang.org/x/sys v0.11.0 // indirect - golang.org/x/text v0.11.0 // indirect - google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect - google.golang.org/grpc v1.55.0 // indirect + golang.org/x/net v0.17.0 // indirect + golang.org/x/sys v0.13.0 // indirect + golang.org/x/text v0.13.0 // indirect + google.golang.org/genproto v0.0.0-20230526203410-71b5a4ffd15e // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20230526203410-71b5a4ffd15e // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e // indirect + google.golang.org/grpc v1.56.3 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/troubleshoot/go.sum b/troubleshoot/go.sum index b5f44a5e8f16..b487eb60a5f9 100644 --- a/troubleshoot/go.sum +++ b/troubleshoot/go.sum @@ -68,8 +68,8 @@ github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195 h1:58f1tJ1ra+zFINPlwLWvQsR9CzAKt2e+EWV2yX9oXQ4= -github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k= +github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -81,13 +81,13 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= -github.com/envoyproxy/go-control-plane v0.11.0 h1:jtLewhRR2vMRNnq2ZZUoCjUlgut+Y0+sDDWPOfwOi1o= -github.com/envoyproxy/go-control-plane v0.11.0/go.mod h1:VnHyVMpzcLvCFt9yUz1UnCwHLhwx1WguiVDV7pTG/tI= +github.com/envoyproxy/go-control-plane v0.11.1 h1:wSUXTlLfiAQRWs2F+p+EKOY9rUyis1MyGqJ2DIk5HpM= +github.com/envoyproxy/go-control-plane v0.11.1/go.mod h1:uhMcXKCQMEJHiAb0w+YGefQLaTEw+YhGluxZkrTmD0g= github.com/envoyproxy/go-control-plane/xdsmatcher v0.0.0-20230524161521-aaaacbfbe53e h1:g8euodkL4GdSpVAjfzhssb07KgVmOUqyF4QOmwFumTs= github.com/envoyproxy/go-control-plane/xdsmatcher v0.0.0-20230524161521-aaaacbfbe53e/go.mod h1:/NGEcKqwNq3HAS2vCqHfsPx9sJZbkiNQ6dGx9gTE/NA= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v0.10.0 h1:oIfnZFdC0YhpNNEX+SuIqko4cqqVZeN9IGTrhZje83Y= -github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= +github.com/envoyproxy/protoc-gen-validate v1.0.1 h1:kt9FtLiooDc0vbwTLhdg3dyNX1K9Qwa1EK9LcD4jVUQ= +github.com/envoyproxy/protoc-gen-validate v1.0.1/go.mod h1:0vj8bNkYbSTNS2PIyH87KZaeN4x9zpL9Qt8fQC7d+vs= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= @@ -162,7 +162,7 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= -github.com/hashicorp/consul/sdk v0.14.1 h1:ZiwE2bKb+zro68sWzZ1SgHF3kRMBZ94TwOCFRF4ylPs= +github.com/hashicorp/consul/sdk v0.15.0 h1:2qK9nDrr4tiJKRoxPGhm6B7xJjLVIQqkjiab2M4aKjU= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -266,8 +266,8 @@ github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1: github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= -github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= +github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= +github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= @@ -378,8 +378,8 @@ golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81R golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= -golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY= -golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -438,8 +438,8 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= -golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -448,8 +448,8 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= -golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -551,8 +551,12 @@ google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A= -google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= +google.golang.org/genproto v0.0.0-20230526203410-71b5a4ffd15e h1:Ao9GzfUMPH3zjVfzXG5rlWlk+Q8MXWKwWpwVQE1MXfw= +google.golang.org/genproto v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:zqTuNwFlFRsw5zIts5VnzLQxSRqh+CGOTVMlYbY0Eyk= +google.golang.org/genproto/googleapis/api v0.0.0-20230526203410-71b5a4ffd15e h1:AZX1ra8YbFMSb7+1pI8S9v4rrgRR7jU1FmuFSSjTVcQ= +google.golang.org/genproto/googleapis/api v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e h1:NumxXLPfHSndr3wBBdeKiVHjGVFzi9RX2HwwQke94iY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -569,8 +573,8 @@ google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTp google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag= -google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= +google.golang.org/grpc v1.56.3 h1:8I4C0Yq1EjstUzUJzpcRVbuYA2mODtEmpWiQoN/b2nc= +google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= diff --git a/ui/.nvmrc b/ui/.nvmrc index b6a7d89c68e0..3c032078a4a2 100644 --- a/ui/.nvmrc +++ b/ui/.nvmrc @@ -1 +1 @@ -16 +18 diff --git a/ui/package.json b/ui/package.json index 5a161e4e691b..7ed39b1595ac 100644 --- a/ui/package.json +++ b/ui/package.json @@ -24,6 +24,6 @@ "ember-basic-dropdown": "3.0.21" }, "engines": { - "node": ">=14 <=16" + "node": "18" } } diff --git a/ui/packages/consul-acls/app/components/consul/acl/selector/index.hbs b/ui/packages/consul-acls/app/components/consul/acl/selector/index.hbs index a13efa37c19d..cbee305c31bf 100644 --- a/ui/packages/consul-acls/app/components/consul/acl/selector/index.hbs +++ b/ui/packages/consul-acls/app/components/consul/acl/selector/index.hbs @@ -3,82 +3,54 @@ SPDX-License-Identifier: BUSL-1.1 }} - -
  • - - Tokens - -
    • -{{#if (can "read acls")}} -
  • - - Policies - -
    • -
  • - - Roles - -
    • -
  • - - Auth Methods - -
    • -{{else if (not (can "use acls"))}} -
  • - - Policies - -
    • -
  • - - Roles - -
    • -
  • - - Auth Methods - -
    • -{{/if}} +{{#let @list as |SNL|}} + {{#if (can "use acls")}} + {{t "components.hashicorp-consul.side-nav.acls.title"}} + {{else}} + + {{t "components.hashicorp-consul.side-nav.acls.title"}} + + {{/if}} + + + {{#if (can "read acls")}} + + + + {{else if (not (can "use acls"))}} + + {{t "components.hashicorp-consul.side-nav.acls.policies"}} + + + {{t "components.hashicorp-consul.side-nav.acls.roles"}} + + + {{t "components.hashicorp-consul.side-nav.acls.auth-methods"}} + + {{/if}} +{{/let}} \ No newline at end of file diff --git a/ui/packages/consul-acls/app/components/consul/token/selector/README.mdx b/ui/packages/consul-acls/app/components/consul/token/selector/README.mdx index ecb6933c3468..17b3f7cde72c 100644 --- a/ui/packages/consul-acls/app/components/consul/token/selector/README.mdx +++ b/ui/packages/consul-acls/app/components/consul/token/selector/README.mdx @@ -2,7 +2,7 @@ A self-contained component to allow the user to 'select' their token a.k.a. log in. The component is mostly a wrapper around a composition of ``, ``, `` and ``. The majority of +/>`, ``, and ``. The majority of the functionality is contained in those other components. This composition mostly orchestrates the interactions between them i.e. wires them together. diff --git a/ui/packages/consul-acls/app/components/consul/token/selector/index.hbs b/ui/packages/consul-acls/app/components/consul/token/selector/index.hbs index 1ded54b9434d..89485ce0cffd 100644 --- a/ui/packages/consul-acls/app/components/consul/token/selector/index.hbs +++ b/ui/packages/consul-acls/app/components/consul/token/selector/index.hbs @@ -3,163 +3,162 @@ SPDX-License-Identifier: BUSL-1.1 }} -{{#if (can 'use acls')}} -
  • +{{#if (can "use acls")}} + + <:unauthorized as |authDialog|> - - <:unauthorized as |authDialog|> - - + + +

    + Log in to Consul +

    +     + + - Login -     -     - - Log in - - - + {{#if (can "use SSO")}} + + + + {{/if}} + + + + - -

    - Log in to Consul -

    -     - - - - {{#if (can "use SSO")}} - - - - {{/if}} - - - - - -     - - <:authorized as |authDialog|> - + + + + + + - - -

    - Log in with a different token -

    -     - - - - - - - - - - - - Logout - - - - - Logout - - - {{#if authDialog.token.AccessorID}} - - {{/if}} - - - - - Logout - - - - - - -     + @text={{t "components.hashicorp-consul.side-nav.user-menu.settings"}} + @isHrefExternal={{false}} + /> + + + + <:authorized as |authDialog|> -
    • -{{yield - (hash - open=this.modal.open - close=this.model.close - ) -}} -{{/if}} + + + +

    + Log in with a different token +

    +     + + + + + + + + +     + + + {{#if authDialog.token.AccessorID}} + + {{/if}} + + + + + +     + {{yield (hash open=this.modal.open close=this.model.close)}} +{{else}} + + + + +{{/if}} \ No newline at end of file diff --git a/ui/packages/consul-hcp/app/components/consul/hcp/home/index.hbs b/ui/packages/consul-hcp/app/components/consul/hcp/home/index.hbs index bb5a1fc32a98..2e3b0f375c27 100644 --- a/ui/packages/consul-hcp/app/components/consul/hcp/home/index.hbs +++ b/ui/packages/consul-hcp/app/components/consul/hcp/home/index.hbs @@ -3,11 +3,13 @@ SPDX-License-Identifier: BUSL-1.1 }} -
    - - Back to HCP - -
    +{{#let @list (env "CONSUL_HCP_URL") as |SNL hcpUrl|}} + {{#if (and SNL hcpUrl)}} + + {{/if}} +{{/let}} \ No newline at end of file diff --git a/ui/packages/consul-hcp/app/components/consul/hcp/home/index.scss b/ui/packages/consul-hcp/app/components/consul/hcp/home/index.scss deleted file mode 100644 index 5d268de6dd6d..000000000000 --- a/ui/packages/consul-hcp/app/components/consul/hcp/home/index.scss +++ /dev/null @@ -1,16 +0,0 @@ -/** - * Copyright (c) HashiCorp, Inc. - * SPDX-License-Identifier: BUSL-1.1 - */ - -.consul-hcp-home { - position: relative; - top: -22px; -} -.consul-hcp-home a::before { - content: ''; - --icon-name: icon-arrow-left; - --icon-size: icon-300; - margin-right: 8px; -} - diff --git a/ui/packages/consul-hcp/app/components/consul/hcp/home/index.test.js b/ui/packages/consul-hcp/app/components/consul/hcp/home/index.test.js index 962a7c7c4a8a..0ffb7c48583f 100644 --- a/ui/packages/consul-hcp/app/components/consul/hcp/home/index.test.js +++ b/ui/packages/consul-hcp/app/components/consul/hcp/home/index.test.js @@ -35,9 +35,46 @@ module('Integration | Component | consul hcp home', function(hooks) { } ); - await render(hbs``); + await render(hbs` + + + + `); + assert.dom('[data-test-back-to-hcp]').isVisible(); assert.dom('a').hasAttribute('href', 'http://hcp'); }); + + test('it does not output the Back to HCP link if CONSUL_HCP_URL is not present', async function(assert) { + // temporary registration until we are running as separate applications + this.owner.register( + 'component:consul/hcp/home', + ConsulHcpHome + ); + // + + const Helper = this.owner.resolveRegistration('helper:env'); + this.owner.register( + 'helper:env', + class extends Helper { + compute([name, def]) { + switch(name) { + case 'CONSUL_HCP_URL': + return undefined; + } + return super.compute(...arguments); + } + } + ); + + await render(hbs` + + + + `); + + assert.dom('[data-test-back-to-hcp]').doesNotExist(); + assert.dom('a').doesNotExist(); + }); }); diff --git a/ui/packages/consul-lock-sessions/app/components/consul/lock-session/list/index.hbs b/ui/packages/consul-lock-sessions/app/components/consul/lock-session/list/index.hbs index 247b0dd8fc9d..465c0721ec7b 100644 --- a/ui/packages/consul-lock-sessions/app/components/consul/lock-session/list/index.hbs +++ b/ui/packages/consul-lock-sessions/app/components/consul/lock-session/list/index.hbs @@ -14,7 +14,7 @@ as |item index|> {{else}} {{item.ID}} - @@ -28,7 +28,7 @@ as |item index|> ID
    - diff --git a/ui/packages/consul-nspaces/app/components/consul/nspace/selector/index.hbs b/ui/packages/consul-nspaces/app/components/consul/nspace/selector/index.hbs index 8ddb666e13c5..6c126b72181f 100644 --- a/ui/packages/consul-nspaces/app/components/consul/nspace/selector/index.hbs +++ b/ui/packages/consul-nspaces/app/components/consul/nspace/selector/index.hbs @@ -3,93 +3,58 @@ SPDX-License-Identifier: BUSL-1.1 }} -{{#if (can "use nspaces")}} - {{#if (can "choose nspaces")}} - {{#let - (or @nspace 'default') - (is-href 'dc.nspaces' @dc.Name) - as |nspace isManaging|}} -
  • - - - {{if isManaging 'Manage Namespaces' nspace}} - - - {{#if (gt @nspaces.length 0)}} - - {{else}} - - {{/if}} - - {{#each menu.items as |item|}} - - - - {{item.Name}} - - - {{/each}} - - - -
    • - {{/let}} - {{/if}} -{{/if}} +{{#if (and (can "use nspaces") (can "choose nspaces"))}} + {{#let + @list + (if @nspace (hash Name=@nspace) (hash Name="default")) + (is-href "dc.nspaces" @dc.Name) + as |SNL nspace isManaging| + }} + {{t + "components.hashicorp-consul.side-nav.nspaces.title" + }} + + + + + + {{Selector.item.Name}} + + + {{/let}} +{{/if}} \ No newline at end of file diff --git a/ui/packages/consul-partitions/app/components/consul/partition/selector/index.hbs b/ui/packages/consul-partitions/app/components/consul/partition/selector/index.hbs index b9727a9de96e..322402ec749d 100644 --- a/ui/packages/consul-partitions/app/components/consul/partition/selector/index.hbs +++ b/ui/packages/consul-partitions/app/components/consul/partition/selector/index.hbs @@ -4,71 +4,55 @@ }} {{#let - (or @partition "default") + @list + (if @partition (hash Name=@partition) (hash Name="default")) (is-href "dc.partitions" @dc.Name) - as |partition isManaging| + (can "choose partitions" dc=@dc) + as |SNL partition isManaging canChoose| }} - {{#if (can "choose partitions" dc=@dc)}} -
  • - {{t + "components.hashicorp-consul.side-nav.partitions.title" + }} + + + + + {{#if canChoose}} + - - {{if isManaging "Manage Partition" partition}} - - - - - {{#each menu.items as |item|}} - - - {{item.Name}} - - - {{/each}} - - - -
    • - {{else}} -
  • - {{"default"}} -
    • - {{/if}} -{{/let}} + {{Selector.item.Name}} + + {{/if}} + +{{/let}} \ No newline at end of file diff --git a/ui/packages/consul-peerings/app/components/consul/peer/address/list/index.hbs b/ui/packages/consul-peerings/app/components/consul/peer/address/list/index.hbs index bc6294e015f0..aabada41ad10 100644 --- a/ui/packages/consul-peerings/app/components/consul/peer/address/list/index.hbs +++ b/ui/packages/consul-peerings/app/components/consul/peer/address/list/index.hbs @@ -18,7 +18,7 @@
    {{address}}
    - - Organization - -
  • - - Peers - -
    • - +{{#let @list as |SNL|}} + {{t "components.hashicorp-consul.side-nav.organization.title"}} + +{{/let}} \ No newline at end of file diff --git a/ui/packages/consul-peerings/app/templates/dc/peers/show/imported.hbs b/ui/packages/consul-peerings/app/templates/dc/peers/show/imported.hbs index c7d32b3b16db..763306cb70a4 100644 --- a/ui/packages/consul-peerings/app/templates/dc/peers/show/imported.hbs +++ b/ui/packages/consul-peerings/app/templates/dc/peers/show/imported.hbs @@ -83,6 +83,7 @@ diff --git a/ui/packages/consul-ui/README.md b/ui/packages/consul-ui/README.md index a54c4e2603a4..cb4615bee937 100644 --- a/ui/packages/consul-ui/README.md +++ b/ui/packages/consul-ui/README.md @@ -112,7 +112,7 @@ See [./docs/index.mdx](./docs/index.mdx#environment-variables) We follow a `ui/**/**` branch naming pattern. This branch naming pattern allows front-end focused builds, such as FE tests, to run automatically in Pull Requests. Please note this only works if you are a member of the HashiCorp -GitHub Org. If you are an external contributor these tests won't run and will +GitHub Org. If you are an external contributor, these tests won't run and will instead be run by a member of our team during review. Examples: diff --git a/ui/packages/consul-ui/app/components/app/index.hbs b/ui/packages/consul-ui/app/components/app/index.hbs index ba7daf4be232..08f7efdf5b85 100644 --- a/ui/packages/consul-ui/app/components/app/index.hbs +++ b/ui/packages/consul-ui/app/components/app/index.hbs @@ -3,102 +3,19 @@ SPDX-License-Identifier: BUSL-1.1 }} -{{#let (hash - main=(concat guid '-main') - Notification=(component 'app/notification') -) as |exported|}} +{{#let (hash main=(concat guid '-main') Notification=(component 'app/notification')) as |exported|}} -
    - -
    - - {{t 'components.app.skip_to_content'}} - {{!-- - In order to add further skip links from within other templates use: - - Skip to subcontent - - from within your template - --}} - -
    - - - - -
    - - {{yield exported to="home-nav"}} -
    -{{!-- - The viewport tolerances here give us a 10 pixel buffer to make sure the menu - is marked as out of the viewport, we use all sides so we don't need to change - this should any CSS change ---}} - -{{!-- - Whilst this has a role of navigation, it is 'complementary navigation' we - don't want to change the navigation role here, but we do want to label it as - 'complementary' to the main content. The phrase 'complementary navigation' as - read by a screenreader should convey the meaning we are after here. ---}} - +
    + + {{yield exported to='side-nav'}} +
    +
    + {{yield exported to='notifications'}} +
    -
    -
    -
    - {{yield exported to="notifications"}} - -
    - {{yield exported to="main"}} -
    -
    - {{yield exported to="content-info"}} -
    -
    + {{yield exported to='main'}} + + {{/let}} \ No newline at end of file diff --git a/ui/packages/consul-ui/app/components/app/index.scss b/ui/packages/consul-ui/app/components/app/index.scss index 7de7fa108413..59f28c60258f 100644 --- a/ui/packages/consul-ui/app/components/app/index.scss +++ b/ui/packages/consul-ui/app/components/app/index.scss @@ -3,9 +3,6 @@ * SPDX-License-Identifier: BUSL-1.1 */ -.app .skip-links { - @extend %skip-links; -} .app .notifications { @extend %app-notifications; } @@ -28,125 +25,3 @@ max-width: 80%; pointer-events: auto; } - -[role='contentinfo'] { - @extend %footer; -} -[role='banner'] { - @extend %main-header-horizontal; -} -[role='banner'] > label { - @extend %main-nav-horizontal-toggle-button; -} -.app > input[id] { - @extend %main-nav-horizontal-toggle; -} -%main-header-horizontal > div { - @extend %main-nav-horizontal-panel; -} - -%main-header-horizontal nav:first-of-type { - @extend %main-nav-vertical, %main-nav-sidebar; -} -%main-header-horizontal nav:last-of-type { - @extend %main-nav-horizontal; - margin-left: auto; -} -%main-nav-vertical-hoisted { - top: 18px; -} -%main-nav-vertical-hoisted [aria-label]::before { - display: none !important; -} -%main-nav-horizontal [aria-haspopup='menu'] ~ * { - position: absolute; - right: 0; - min-width: 192px; -} -%main-nav-horizontal [aria-expanded], -%main-nav-vertical-hoisted [aria-expanded] { - @extend %main-nav-horizontal-popover-menu-trigger; - @extend %main-nav-horizontal-action; -} -%main-nav-horizontal-popover-menu-trigger { - @extend %main-nav-horizontal-action-active; -} -%footer, -%main-nav-sidebar, -%main-notifications, -main { - @extend %transition-pushover; -} -%footer { - @extend %body-100-regular; - position: fixed; - z-index: 50; - - color: var(--token-color-foreground-disabled); - width: 250px; - padding-left: 25px; -} -%footer { - top: calc(100vh - 42px); - top: calc(max(100vh, 460px) - 42px); -} -html.has-partitions.has-nspaces .app [role='contentinfo'] { - top: calc(100vh - 42px); - top: calc(max(100vh, 640px) - 42px); -} -%main-nav-sidebar { - z-index: 10; -} -%footer, -%main-nav-sidebar { - transition-property: left; -} -%app-notifications, -main { - margin-top: var(--chrome-height, 64px); - transition-property: margin-left; -} -%app-notifications { - transition-property: margin-left, width; -} - -@media #{$--sidebar-open} { - %main-nav-horizontal-toggle ~ main .notifications { - width: calc(100% - var(--chrome-width)); - } - %main-nav-horizontal-toggle:checked ~ main .notifications { - width: 100%; - } - %main-nav-horizontal-toggle ~ footer, - %main-nav-horizontal-toggle + header > div > nav:first-of-type { - left: 0; - } - %main-nav-horizontal-toggle:checked ~ footer, - %main-nav-horizontal-toggle:checked + header > div > nav:first-of-type { - left: calc(var(--chrome-width, 280px) * -1); - } - %main-nav-horizontal-toggle ~ main { - margin-left: var(--chrome-width, 280px); - } - %main-nav-horizontal-toggle:checked ~ main .notifications, - %main-nav-horizontal-toggle:checked ~ main { - margin-left: 0; - } -} -@media #{$--lt-sidebar-open} { - %main-nav-horizontal-toggle ~ main .notifications { - width: 100%; - } - %main-nav-horizontal-toggle:checked ~ footer, - %main-nav-horizontal-toggle:checked + header > div > nav:first-of-type { - left: 0; - } - %main-nav-horizontal-toggle ~ footer, - %main-nav-horizontal-toggle + header > div > nav:first-of-type { - left: calc(var(--chrome-width, 280px) * -1); - } - %main-nav-horizontal-toggle ~ main .notifications, - %main-nav-horizontal-toggle ~ main { - margin-left: 0; - } -} diff --git a/ui/packages/consul-ui/app/components/auth-dialog/README.mdx b/ui/packages/consul-ui/app/components/auth-dialog/README.mdx index da916cbb34ad..c1094621f70a 100644 --- a/ui/packages/consul-ui/app/components/auth-dialog/README.mdx +++ b/ui/packages/consul-ui/app/components/auth-dialog/README.mdx @@ -14,9 +14,6 @@ A component to help orchestrate a login/logout flow. /> <:authorized as |api|> -