From f2986c84c4ae2b60d92e08610759c93819d12573 Mon Sep 17 00:00:00 2001 From: Stephen Robinson Date: Mon, 20 Jan 2025 10:01:03 +0000 Subject: [PATCH] feat: allow http route definition in web service (#100) - PLT-926 Allows creating http route definitions within the web service, will allow on demand environments to create http routes and use existing gateways --- imports/gateway.networking.k8s.io.ts | 23941 +++++++++------- lib/web-service/web-service-props.ts | 15 + lib/web-service/web-service.ts | 78 + .../__snapshots__/web-service.test.ts.snap | 110 + test/web-service/web-service.test.ts | 57 + 5 files changed, 14434 insertions(+), 9767 deletions(-) diff --git a/imports/gateway.networking.k8s.io.ts b/imports/gateway.networking.k8s.io.ts index 43c81e6..9a3e87c 100644 --- a/imports/gateway.networking.k8s.io.ts +++ b/imports/gateway.networking.k8s.io.ts @@ -4,43 +4,43 @@ import { Construct } from 'constructs'; /** - * Gateway represents an instance of a service-traffic handling infrastructure -by binding Listeners to a set of IP addresses. + * BackendLBPolicy provides a way to define load balancing rules +for a backend. * - * @schema Gateway + * @schema BackendLBPolicy */ -export class Gateway extends ApiObject { +export class BackendLbPolicy extends ApiObject { /** - * Returns the apiVersion and kind for "Gateway" + * Returns the apiVersion and kind for "BackendLBPolicy" */ public static readonly GVK: GroupVersionKind = { - apiVersion: 'gateway.networking.k8s.io/v1', - kind: 'Gateway', + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'BackendLBPolicy', } /** - * Renders a Kubernetes manifest for "Gateway". + * Renders a Kubernetes manifest for "BackendLBPolicy". * * This can be used to inline resource manifests inside other objects (e.g. as templates). * * @param props initialization props */ - public static manifest(props: GatewayProps): any { + public static manifest(props: BackendLbPolicyProps): any { return { - ...Gateway.GVK, - ...toJson_GatewayProps(props), + ...BackendLbPolicy.GVK, + ...toJson_BackendLbPolicyProps(props), }; } /** - * Defines a "Gateway" API object + * Defines a "BackendLBPolicy" API object * @param scope the scope in which to define this object * @param id a scope-local name for the object * @param props initialization props */ - public constructor(scope: Construct, id: string, props: GatewayProps) { + public constructor(scope: Construct, id: string, props: BackendLbPolicyProps) { super(scope, id, { - ...Gateway.GVK, + ...BackendLbPolicy.GVK, ...props, }); } @@ -52,42 +52,42 @@ export class Gateway extends ApiObject { const resolved = super.toJson(); return { - ...Gateway.GVK, - ...toJson_GatewayProps(resolved), + ...BackendLbPolicy.GVK, + ...toJson_BackendLbPolicyProps(resolved), }; } } /** - * Gateway represents an instance of a service-traffic handling infrastructure - * by binding Listeners to a set of IP addresses. + * BackendLBPolicy provides a way to define load balancing rules + * for a backend. * - * @schema Gateway + * @schema BackendLBPolicy */ -export interface GatewayProps { +export interface BackendLbPolicyProps { /** - * @schema Gateway#metadata + * @schema BackendLBPolicy#metadata */ readonly metadata?: ApiObjectMetadata; /** - * Spec defines the desired state of Gateway. + * Spec defines the desired state of BackendLBPolicy. * - * @schema Gateway#spec + * @schema BackendLBPolicy#spec */ - readonly spec: GatewaySpec; + readonly spec: BackendLbPolicySpec; } /** - * Converts an object of type 'GatewayProps' to JSON representation. + * Converts an object of type 'BackendLbPolicyProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GatewayProps(obj: GatewayProps | undefined): Record | undefined { +export function toJson_BackendLbPolicyProps(obj: BackendLbPolicyProps | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { 'metadata': obj.metadata, - 'spec': toJson_GatewaySpec(obj.spec), + 'spec': toJson_BackendLbPolicySpec(obj.spec), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -95,214 +95,137 @@ export function toJson_GatewayProps(obj: GatewayProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'sessionPersistence': toJson_BackendLbPolicySpecSessionPersistence(obj.sessionPersistence), + 'targetRefs': obj.targetRefs?.map(y => toJson_BackendLbPolicySpecTargetRefs(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ +/** + * SessionPersistence defines and configures session persistence + * for the backend. + * + * + * Support: Extended + * + * @schema BackendLbPolicySpecSessionPersistence + */ +export interface BackendLbPolicySpecSessionPersistence { /** - * Listeners associated with this Gateway. Listeners define - * logical endpoints that are bound on this Gateway's addresses. - * At least one Listener MUST be specified. - * - * - * Each Listener in a set of Listeners (for example, in a single Gateway) - * MUST be _distinct_, in that a traffic flow MUST be able to be assigned to - * exactly one listener. (This section uses "set of Listeners" rather than - * "Listeners in a single Gateway" because implementations MAY merge configuration - * from multiple Gateways onto a single data plane, and these rules _also_ - * apply in that case). - * - * - * Practically, this means that each listener in a set MUST have a unique - * combination of Port, Protocol, and, if supported by the protocol, Hostname. - * - * - * Some combinations of port, protocol, and TLS settings are considered - * Core support and MUST be supported by implementations based on their - * targeted conformance profile: - * - * - * HTTP Profile - * - * - * 1. HTTPRoute, Port: 80, Protocol: HTTP - * 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided - * - * - * TLS Profile - * - * - * 1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough - * - * - * "Distinct" Listeners have the following property: - * - * - * The implementation can match inbound requests to a single distinct - * Listener. When multiple Listeners share values for fields (for - * example, two Listeners with the same Port value), the implementation - * can match requests to only one of the Listeners using other - * Listener fields. - * - * - * For example, the following Listener scenarios are distinct: - * - * - * 1. Multiple Listeners with the same Port that all use the "HTTP" - * Protocol that all have unique Hostname values. - * 2. Multiple Listeners with the same Port that use either the "HTTPS" or - * "TLS" Protocol that all have unique Hostname values. - * 3. A mixture of "TCP" and "UDP" Protocol Listeners, where no Listener - * with the same Protocol has the same Port value. - * - * - * Some fields in the Listener struct have possible values that affect - * whether the Listener is distinct. Hostname is particularly relevant - * for HTTP or HTTPS protocols. - * - * - * When using the Hostname value to select between same-Port, same-Protocol - * Listeners, the Hostname value must be different on each Listener for the - * Listener to be distinct. - * - * - * When the Listeners are distinct based on Hostname, inbound request - * hostnames MUST match from the most specific to least specific Hostname - * values to choose the correct Listener and its associated set of Routes. - * - * - * Exact matches must be processed before wildcard matches, and wildcard - * matches must be processed before fallback (empty Hostname value) - * matches. For example, `"foo.example.com"` takes precedence over - * `"*.example.com"`, and `"*.example.com"` takes precedence over `""`. - * - * - * Additionally, if there are multiple wildcard entries, more specific - * wildcard entries must be processed before less specific wildcard entries. - * For example, `"*.foo.example.com"` takes precedence over `"*.example.com"`. - * The precise definition here is that the higher the number of dots in the - * hostname to the right of the wildcard character, the higher the precedence. - * - * - * The wildcard character will match any number of characters _and dots_ to - * the left, however, so `"*.example.com"` will match both - * `"foo.bar.example.com"` _and_ `"bar.example.com"`. - * - * - * If a set of Listeners contains Listeners that are not distinct, then those - * Listeners are Conflicted, and the implementation MUST set the "Conflicted" - * condition in the Listener Status to "True". - * - * - * Implementations MAY choose to accept a Gateway with some Conflicted - * Listeners only if they only accept the partial Listener set that contains - * no Conflicted Listeners. To put this another way, implementations may - * accept a partial Listener set only if they throw out *all* the conflicting - * Listeners. No picking one of the conflicting listeners as the winner. - * This also means that the Gateway must have at least one non-conflicting - * Listener in this case, otherwise it violates the requirement that at - * least one Listener must be present. + * AbsoluteTimeout defines the absolute timeout of the persistent + * session. Once the AbsoluteTimeout duration has elapsed, the + * session becomes invalid. * * - * The implementation MUST set a "ListenersNotValid" condition on the - * Gateway Status when the Gateway contains Conflicted Listeners whether or - * not they accept the Gateway. That Condition SHOULD clearly - * indicate in the Message which Listeners are conflicted, and which are - * Accepted. Additionally, the Listener status for those listeners SHOULD - * indicate which Listeners are conflicted and not Accepted. + * Support: Extended * + * @schema BackendLbPolicySpecSessionPersistence#absoluteTimeout + */ + readonly absoluteTimeout?: string; + + /** + * CookieConfig provides configuration settings that are specific + * to cookie-based session persistence. * - * A Gateway's Listeners are considered "compatible" if: * + * Support: Core * - * 1. They are distinct. - * 2. The implementation can serve them in compliance with the Addresses - * requirement that all Listeners are available on all assigned - * addresses. + * @schema BackendLbPolicySpecSessionPersistence#cookieConfig + */ + readonly cookieConfig?: BackendLbPolicySpecSessionPersistenceCookieConfig; + + /** + * IdleTimeout defines the idle timeout of the persistent session. + * Once the session has been idle for more than the specified + * IdleTimeout duration, the session becomes invalid. * * - * Compatible combinations in Extended support are expected to vary across - * implementations. A combination that is compatible for one implementation - * may not be compatible for another. + * Support: Extended * + * @schema BackendLbPolicySpecSessionPersistence#idleTimeout + */ + readonly idleTimeout?: string; + + /** + * SessionName defines the name of the persistent session token + * which may be reflected in the cookie or the header. Users + * should avoid reusing session names to prevent unintended + * consequences, such as rejection or unpredictable behavior. * - * For example, an implementation that cannot serve both TCP and UDP listeners - * on the same address, or cannot mix HTTPS and generic TLS listens on the same port - * would not consider those cases compatible, even though they are distinct. * + * Support: Implementation-specific * - * Note that requests SHOULD match at most one Listener. For example, if - * Listeners are defined for "foo.example.com" and "*.example.com", a - * request to "foo.example.com" SHOULD only be routed using routes attached - * to the "foo.example.com" Listener (and not the "*.example.com" Listener). - * This concept is known as "Listener Isolation". Implementations that do - * not support Listener Isolation MUST clearly document this. + * @schema BackendLbPolicySpecSessionPersistence#sessionName + */ + readonly sessionName?: string; + + /** + * Type defines the type of session persistence such as through + * the use a header or cookie. Defaults to cookie based session + * persistence. * * - * Implementations MAY merge separate Gateways onto a single set of - * Addresses if all Listeners across all Gateways are compatible. + * Support: Core for "Cookie" type * * - * Support: Core + * Support: Extended for "Header" type * - * @schema GatewaySpec#listeners + * @default cookie based session + * @schema BackendLbPolicySpecSessionPersistence#type */ - readonly listeners: GatewaySpecListeners[]; + readonly type?: BackendLbPolicySpecSessionPersistenceType; } /** - * Converts an object of type 'GatewaySpec' to JSON representation. + * Converts an object of type 'BackendLbPolicySpecSessionPersistence' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GatewaySpec(obj: GatewaySpec | undefined): Record | undefined { +export function toJson_BackendLbPolicySpecSessionPersistence(obj: BackendLbPolicySpecSessionPersistence | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'addresses': obj.addresses?.map(y => toJson_GatewaySpecAddresses(y)), - 'gatewayClassName': obj.gatewayClassName, - 'listeners': obj.listeners?.map(y => toJson_GatewaySpecListeners(y)), + 'absoluteTimeout': obj.absoluteTimeout, + 'cookieConfig': toJson_BackendLbPolicySpecSessionPersistenceCookieConfig(obj.cookieConfig), + 'idleTimeout': obj.idleTimeout, + 'sessionName': obj.sessionName, + 'type': obj.type, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -310,191 +233,246 @@ export function toJson_GatewaySpec(obj: GatewaySpec | undefined): Record | undefined { +export function toJson_BackendLbPolicySpecTargetRefs(obj: BackendLbPolicySpecTargetRefs | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'type': obj.type, - 'value': obj.value, - }; - // filter undefined values + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + }; + // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ /** - * Listener embodies the concept of a logical endpoint where a Gateway accepts - * network connections. + * CookieConfig provides configuration settings that are specific + * to cookie-based session persistence. * - * @schema GatewaySpecListeners + * + * Support: Core + * + * @schema BackendLbPolicySpecSessionPersistenceCookieConfig */ -export interface GatewaySpecListeners { +export interface BackendLbPolicySpecSessionPersistenceCookieConfig { /** - * AllowedRoutes defines the types of routes that MAY be attached to a - * Listener and the trusted namespaces where those Route resources MAY be - * present. + * LifetimeType specifies whether the cookie has a permanent or + * session-based lifetime. A permanent cookie persists until its + * specified expiry time, defined by the Expires or Max-Age cookie + * attributes, while a session cookie is deleted when the current + * session ends. * * - * Although a client request may match multiple route rules, only one rule - * may ultimately receive the request. Matching precedence MUST be - * determined in order of the following criteria: + * When set to "Permanent", AbsoluteTimeout indicates the + * cookie's lifetime via the Expires or Max-Age cookie attributes + * and is required. * * - * * The most specific match as defined by the Route type. - * * The oldest Route based on creation timestamp. For example, a Route with - * a creation timestamp of "2020-09-08 01:02:03" is given precedence over - * a Route with a creation timestamp of "2020-09-08 01:02:04". - * * If everything else is equivalent, the Route appearing first in - * alphabetical order (namespace/name) should be given precedence. For - * example, foo/bar is given precedence over foo/baz. + * When set to "Session", AbsoluteTimeout indicates the + * absolute lifetime of the cookie tracked by the gateway and + * is optional. * * - * All valid rules within a Route attached to this Listener should be - * implemented. Invalid Route rules can be ignored (sometimes that will mean - * the full Route). If a Route rule transitions from valid to invalid, - * support for that Route rule should be dropped to ensure consistency. For - * example, even if a filter specified by a Route rule is invalid, the rest - * of the rules within that Route should still be supported. + * Support: Core for "Session" type * * - * Support: Core + * Support: Extended for "Permanent" type * - * @schema GatewaySpecListeners#allowedRoutes + * @schema BackendLbPolicySpecSessionPersistenceCookieConfig#lifetimeType */ - readonly allowedRoutes?: GatewaySpecListenersAllowedRoutes; + readonly lifetimeType?: BackendLbPolicySpecSessionPersistenceCookieConfigLifetimeType; + +} + +/** + * Converts an object of type 'BackendLbPolicySpecSessionPersistenceCookieConfig' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_BackendLbPolicySpecSessionPersistenceCookieConfig(obj: BackendLbPolicySpecSessionPersistenceCookieConfig | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'lifetimeType': obj.lifetimeType, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Type defines the type of session persistence such as through + * the use a header or cookie. Defaults to cookie based session + * persistence. + * + * + * Support: Core for "Cookie" type + * + * + * Support: Extended for "Header" type + * + * @default cookie based session + * @schema BackendLbPolicySpecSessionPersistenceType + */ +export enum BackendLbPolicySpecSessionPersistenceType { + /** Cookie */ + COOKIE = "Cookie", + /** Header */ + HEADER = "Header", +} + +/** + * LifetimeType specifies whether the cookie has a permanent or + * session-based lifetime. A permanent cookie persists until its + * specified expiry time, defined by the Expires or Max-Age cookie + * attributes, while a session cookie is deleted when the current + * session ends. + * + * + * When set to "Permanent", AbsoluteTimeout indicates the + * cookie's lifetime via the Expires or Max-Age cookie attributes + * and is required. + * + * + * When set to "Session", AbsoluteTimeout indicates the + * absolute lifetime of the cookie tracked by the gateway and + * is optional. + * + * + * Support: Core for "Session" type + * + * + * Support: Extended for "Permanent" type + * + * @schema BackendLbPolicySpecSessionPersistenceCookieConfigLifetimeType + */ +export enum BackendLbPolicySpecSessionPersistenceCookieConfigLifetimeType { + /** Permanent */ + PERMANENT = "Permanent", + /** Session */ + SESSION = "Session", +} + +/** + * BackendTLSPolicy provides a way to configure how a Gateway +connects to a Backend via TLS. + * + * @schema BackendTLSPolicy + */ +export class BackendTlsPolicy extends ApiObject { /** - * Hostname specifies the virtual hostname to match for protocol types that - * define this concept. When unspecified, all hostnames are matched. This - * field is ignored for protocols that don't require hostname based - * matching. - * - * - * Implementations MUST apply Hostname matching appropriately for each of - * the following protocols: - * - * - * * TLS: The Listener Hostname MUST match the SNI. - * * HTTP: The Listener Hostname MUST match the Host header of the request. - * * HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP - * protocol layers as described above. If an implementation does not - * ensure that both the SNI and Host header match the Listener hostname, - * it MUST clearly document that. - * - * - * For HTTPRoute and TLSRoute resources, there is an interaction with the - * `spec.hostnames` array. When both listener and route specify hostnames, - * there MUST be an intersection between the values for a Route to be - * accepted. For more information, refer to the Route specific Hostnames - * documentation. - * - * - * Hostnames that are prefixed with a wildcard label (`*.`) are interpreted - * as a suffix match. That means that a match for `*.example.com` would match - * both `test.example.com`, and `foo.test.example.com`, but not `example.com`. - * - * - * Support: Core - * - * @schema GatewaySpecListeners#hostname + * Returns the apiVersion and kind for "BackendTLSPolicy" */ - readonly hostname?: string; + public static readonly GVK: GroupVersionKind = { + apiVersion: 'gateway.networking.k8s.io/v1alpha3', + kind: 'BackendTLSPolicy', + } /** - * Name is the name of the Listener. This name MUST be unique within a - * Gateway. - * + * Renders a Kubernetes manifest for "BackendTLSPolicy". * - * Support: Core + * This can be used to inline resource manifests inside other objects (e.g. as templates). * - * @schema GatewaySpecListeners#name + * @param props initialization props */ - readonly name: string; + public static manifest(props: BackendTlsPolicyProps): any { + return { + ...BackendTlsPolicy.GVK, + ...toJson_BackendTlsPolicyProps(props), + }; + } /** - * Port is the network port. Multiple listeners may use the - * same port, subject to the Listener compatibility rules. - * - * - * Support: Core - * - * @schema GatewaySpecListeners#port + * Defines a "BackendTLSPolicy" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props */ - readonly port: number; + public constructor(scope: Construct, id: string, props: BackendTlsPolicyProps) { + super(scope, id, { + ...BackendTlsPolicy.GVK, + ...props, + }); + } /** - * Protocol specifies the network protocol this listener expects to receive. - * - * - * Support: Core - * - * @schema GatewaySpecListeners#protocol + * Renders the object to Kubernetes JSON. */ - readonly protocol: string; + public toJson(): any { + const resolved = super.toJson(); + + return { + ...BackendTlsPolicy.GVK, + ...toJson_BackendTlsPolicyProps(resolved), + }; + } +} +/** + * BackendTLSPolicy provides a way to configure how a Gateway + * connects to a Backend via TLS. + * + * @schema BackendTLSPolicy + */ +export interface BackendTlsPolicyProps { /** - * TLS is the TLS configuration for the Listener. This field is required if - * the Protocol field is "HTTPS" or "TLS". It is invalid to set this field - * if the Protocol field is "HTTP", "TCP", or "UDP". - * - * - * The association of SNIs to Certificate defined in GatewayTLSConfig is - * defined based on the Hostname field for this listener. - * - * - * The GatewayClass MUST use the longest matching SNI out of all - * available certificates for any TLS handshake. - * - * - * Support: Core + * @schema BackendTLSPolicy#metadata + */ + readonly metadata?: ApiObjectMetadata; + + /** + * Spec defines the desired state of BackendTLSPolicy. * - * @schema GatewaySpecListeners#tls + * @schema BackendTLSPolicy#spec */ - readonly tls?: GatewaySpecListenersTls; + readonly spec: BackendTlsPolicySpec; } /** - * Converts an object of type 'GatewaySpecListeners' to JSON representation. + * Converts an object of type 'BackendTlsPolicyProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GatewaySpecListeners(obj: GatewaySpecListeners | undefined): Record | undefined { +export function toJson_BackendTlsPolicyProps(obj: BackendTlsPolicyProps | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'allowedRoutes': toJson_GatewaySpecListenersAllowedRoutes(obj.allowedRoutes), - 'hostname': obj.hostname, - 'name': obj.name, - 'port': obj.port, - 'protocol': obj.protocol, - 'tls': toJson_GatewaySpecListenersTls(obj.tls), + 'metadata': obj.metadata, + 'spec': toJson_BackendTlsPolicySpec(obj.spec), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -502,79 +480,47 @@ export function toJson_GatewaySpecListeners(obj: GatewaySpecListeners | undefine /* eslint-enable max-len, quote-props */ /** - * AllowedRoutes defines the types of routes that MAY be attached to a - * Listener and the trusted namespaces where those Route resources MAY be - * present. - * - * - * Although a client request may match multiple route rules, only one rule - * may ultimately receive the request. Matching precedence MUST be - * determined in order of the following criteria: - * - * - * * The most specific match as defined by the Route type. - * * The oldest Route based on creation timestamp. For example, a Route with - * a creation timestamp of "2020-09-08 01:02:03" is given precedence over - * a Route with a creation timestamp of "2020-09-08 01:02:04". - * * If everything else is equivalent, the Route appearing first in - * alphabetical order (namespace/name) should be given precedence. For - * example, foo/bar is given precedence over foo/baz. - * - * - * All valid rules within a Route attached to this Listener should be - * implemented. Invalid Route rules can be ignored (sometimes that will mean - * the full Route). If a Route rule transitions from valid to invalid, - * support for that Route rule should be dropped to ensure consistency. For - * example, even if a filter specified by a Route rule is invalid, the rest - * of the rules within that Route should still be supported. - * + * Spec defines the desired state of BackendTLSPolicy. * - * Support: Core - * - * @schema GatewaySpecListenersAllowedRoutes + * @schema BackendTlsPolicySpec */ -export interface GatewaySpecListenersAllowedRoutes { +export interface BackendTlsPolicySpec { /** - * Kinds specifies the groups and kinds of Routes that are allowed to bind - * to this Gateway Listener. When unspecified or empty, the kinds of Routes - * selected are determined using the Listener protocol. + * TargetRefs identifies an API object to apply the policy to. + * Only Services have Extended support. Implementations MAY support + * additional objects, with Implementation Specific support. + * Note that this config applies to the entire referenced resource + * by default, but this default may change in the future to provide + * a more granular application of the policy. * * - * A RouteGroupKind MUST correspond to kinds of Routes that are compatible - * with the application protocol specified in the Listener's Protocol field. - * If an implementation does not support or recognize this resource type, it - * MUST set the "ResolvedRefs" condition to False for this Listener with the - * "InvalidRouteKinds" reason. + * Support: Extended for Kubernetes Service * * - * Support: Core + * Support: Implementation-specific for any other resource * - * @schema GatewaySpecListenersAllowedRoutes#kinds + * @schema BackendTlsPolicySpec#targetRefs */ - readonly kinds?: GatewaySpecListenersAllowedRoutesKinds[]; + readonly targetRefs: BackendTlsPolicySpecTargetRefs[]; /** - * Namespaces indicates namespaces from which Routes may be attached to this - * Listener. This is restricted to the namespace of this Gateway by default. - * + * Validation contains backend TLS validation configuration. * - * Support: Core - * - * @schema GatewaySpecListenersAllowedRoutes#namespaces + * @schema BackendTlsPolicySpec#validation */ - readonly namespaces?: GatewaySpecListenersAllowedRoutesNamespaces; + readonly validation: BackendTlsPolicySpecValidation; } /** - * Converts an object of type 'GatewaySpecListenersAllowedRoutes' to JSON representation. + * Converts an object of type 'BackendTlsPolicySpec' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GatewaySpecListenersAllowedRoutes(obj: GatewaySpecListenersAllowedRoutes | undefined): Record | undefined { +export function toJson_BackendTlsPolicySpec(obj: BackendTlsPolicySpec | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'kinds': obj.kinds?.map(y => toJson_GatewaySpecListenersAllowedRoutesKinds(y)), - 'namespaces': toJson_GatewaySpecListenersAllowedRoutesNamespaces(obj.namespaces), + 'targetRefs': obj.targetRefs?.map(y => toJson_BackendTlsPolicySpecTargetRefs(y)), + 'validation': toJson_BackendTlsPolicySpecValidation(obj.validation), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -582,111 +528,73 @@ export function toJson_GatewaySpecListenersAllowedRoutes(obj: GatewaySpecListene /* eslint-enable max-len, quote-props */ /** - * TLS is the TLS configuration for the Listener. This field is required if - * the Protocol field is "HTTPS" or "TLS". It is invalid to set this field - * if the Protocol field is "HTTP", "TCP", or "UDP". - * + * LocalPolicyTargetReferenceWithSectionName identifies an API object to apply a + * direct policy to. This should be used as part of Policy resources that can + * target single resources. For more information on how this policy attachment + * mode works, and a sample Policy resource, refer to the policy attachment + * documentation for Gateway API. * - * The association of SNIs to Certificate defined in GatewayTLSConfig is - * defined based on the Hostname field for this listener. - * - * - * The GatewayClass MUST use the longest matching SNI out of all - * available certificates for any TLS handshake. * + * Note: This should only be used for direct policy attachment when references + * to SectionName are actually needed. In all other cases, + * LocalPolicyTargetReference should be used. * - * Support: Core - * - * @schema GatewaySpecListenersTls + * @schema BackendTlsPolicySpecTargetRefs */ -export interface GatewaySpecListenersTls { +export interface BackendTlsPolicySpecTargetRefs { /** - * CertificateRefs contains a series of references to Kubernetes objects that - * contains TLS certificates and private keys. These certificates are used to - * establish a TLS handshake for requests that match the hostname of the - * associated listener. + * Group is the group of the target resource. * - * - * A single CertificateRef to a Kubernetes Secret has "Core" support. - * Implementations MAY choose to support attaching multiple certificates to - * a Listener, but this behavior is implementation-specific. - * - * - * References to a resource in different namespace are invalid UNLESS there - * is a ReferenceGrant in the target namespace that allows the certificate - * to be attached. If a ReferenceGrant does not allow this reference, the - * "ResolvedRefs" condition MUST be set to False for this listener with the - * "RefNotPermitted" reason. - * - * - * This field is required to have at least one element when the mode is set - * to "Terminate" (default) and is optional otherwise. - * - * - * CertificateRefs can reference to standard Kubernetes resources, i.e. - * Secret, or implementation-specific custom resources. - * - * - * Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls - * - * - * Support: Implementation-specific (More than one reference or other resource types) - * - * @schema GatewaySpecListenersTls#certificateRefs + * @schema BackendTlsPolicySpecTargetRefs#group */ - readonly certificateRefs?: GatewaySpecListenersTlsCertificateRefs[]; + readonly group: string; /** - * Mode defines the TLS behavior for the TLS session initiated by the client. - * There are two possible modes: - * - * - * - Terminate: The TLS session between the downstream client and the - * Gateway is terminated at the Gateway. This mode requires certificates - * to be specified in some way, such as populating the certificateRefs - * field. - * - Passthrough: The TLS session is NOT terminated by the Gateway. This - * implies that the Gateway can't decipher the TLS stream except for - * the ClientHello message of the TLS protocol. The certificateRefs field - * is ignored in this mode. - * + * Kind is kind of the target resource. * - * Support: Core + * @schema BackendTlsPolicySpecTargetRefs#kind + */ + readonly kind: string; + + /** + * Name is the name of the target resource. * - * @schema GatewaySpecListenersTls#mode + * @schema BackendTlsPolicySpecTargetRefs#name */ - readonly mode?: GatewaySpecListenersTlsMode; + readonly name: string; /** - * Options are a list of key/value pairs to enable extended TLS - * configuration for each implementation. For example, configuring the - * minimum TLS version or supported cipher suites. + * SectionName is the name of a section within the target resource. When + * unspecified, this targetRef targets the entire resource. In the following + * resources, SectionName is interpreted as the following: * * - * A set of common keys MAY be defined by the API in the future. To avoid - * any ambiguity, implementation-specific definitions MUST use - * domain-prefixed names, such as `example.com/my-custom-option`. - * Un-prefixed names are reserved for key names defined by Gateway API. + * * Gateway: Listener name + * * HTTPRoute: HTTPRouteRule name + * * Service: Port name * * - * Support: Implementation-specific + * If a SectionName is specified, but does not exist on the targeted object, + * the Policy must fail to attach, and the policy implementation should record + * a `ResolvedRefs` or similar Condition in the Policy's status. * - * @schema GatewaySpecListenersTls#options + * @schema BackendTlsPolicySpecTargetRefs#sectionName */ - readonly options?: { [key: string]: string }; + readonly sectionName?: string; } /** - * Converts an object of type 'GatewaySpecListenersTls' to JSON representation. + * Converts an object of type 'BackendTlsPolicySpecTargetRefs' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GatewaySpecListenersTls(obj: GatewaySpecListenersTls | undefined): Record | undefined { +export function toJson_BackendTlsPolicySpecTargetRefs(obj: BackendTlsPolicySpecTargetRefs | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'certificateRefs': obj.certificateRefs?.map(y => toJson_GatewaySpecListenersTlsCertificateRefs(y)), - 'mode': obj.mode, - 'options': ((obj.options) === undefined) ? undefined : (Object.entries(obj.options).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + 'sectionName': obj.sectionName, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -694,92 +602,90 @@ export function toJson_GatewaySpecListenersTls(obj: GatewaySpecListenersTls | un /* eslint-enable max-len, quote-props */ /** - * RouteGroupKind indicates the group and kind of a Route resource. + * Validation contains backend TLS validation configuration. * - * @schema GatewaySpecListenersAllowedRoutesKinds + * @schema BackendTlsPolicySpecValidation */ -export interface GatewaySpecListenersAllowedRoutesKinds { +export interface BackendTlsPolicySpecValidation { /** - * Group is the group of the Route. + * CACertificateRefs contains one or more references to Kubernetes objects that + * contain a PEM-encoded TLS CA certificate bundle, which is used to + * validate a TLS handshake between the Gateway and backend Pod. * - * @schema GatewaySpecListenersAllowedRoutesKinds#group - */ - readonly group?: string; - - /** - * Kind is the kind of the Route. * - * @schema GatewaySpecListenersAllowedRoutesKinds#kind + * If CACertificateRefs is empty or unspecified, then WellKnownCACertificates must be + * specified. Only one of CACertificateRefs or WellKnownCACertificates may be specified, + * not both. If CACertifcateRefs is empty or unspecified, the configuration for + * WellKnownCACertificates MUST be honored instead if supported by the implementation. + * + * + * References to a resource in a different namespace are invalid for the + * moment, although we will revisit this in the future. + * + * + * A single CACertificateRef to a Kubernetes ConfigMap kind has "Core" support. + * Implementations MAY choose to support attaching multiple certificates to + * a backend, but this behavior is implementation-specific. + * + * + * Support: Core - An optional single reference to a Kubernetes ConfigMap, + * with the CA certificate in a key named `ca.crt`. + * + * + * Support: Implementation-specific (More than one reference, or other kinds + * of resources). + * + * @schema BackendTlsPolicySpecValidation#caCertificateRefs */ - readonly kind: string; - -} - -/** - * Converts an object of type 'GatewaySpecListenersAllowedRoutesKinds' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_GatewaySpecListenersAllowedRoutesKinds(obj: GatewaySpecListenersAllowedRoutesKinds | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'group': obj.group, - 'kind': obj.kind, - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ + readonly caCertificateRefs?: BackendTlsPolicySpecValidationCaCertificateRefs[]; -/** - * Namespaces indicates namespaces from which Routes may be attached to this - * Listener. This is restricted to the namespace of this Gateway by default. - * - * - * Support: Core - * - * @schema GatewaySpecListenersAllowedRoutesNamespaces - */ -export interface GatewaySpecListenersAllowedRoutesNamespaces { /** - * From indicates where Routes will be selected for this Gateway. Possible - * values are: + * Hostname is used for two purposes in the connection between Gateways and + * backends: * * - * * All: Routes in all namespaces may be used by this Gateway. - * * Selector: Routes in namespaces selected by the selector may be used by - * this Gateway. - * * Same: Only Routes in the same namespace may be used by this Gateway. + * 1. Hostname MUST be used as the SNI to connect to the backend (RFC 6066). + * 2. Hostname MUST be used for authentication and MUST match the certificate + * served by the matching backend. * * * Support: Core * - * @schema GatewaySpecListenersAllowedRoutesNamespaces#from + * @schema BackendTlsPolicySpecValidation#hostname */ - readonly from?: GatewaySpecListenersAllowedRoutesNamespacesFrom; + readonly hostname: string; /** - * Selector must be specified when From is set to "Selector". In that case, - * only Routes in Namespaces matching this Selector will be selected by this - * Gateway. This field is ignored for other values of "From". + * WellKnownCACertificates specifies whether system CA certificates may be used in + * the TLS handshake between the gateway and backend pod. * * - * Support: Core + * If WellKnownCACertificates is unspecified or empty (""), then CACertificateRefs + * must be specified with at least one entry for a valid configuration. Only one of + * CACertificateRefs or WellKnownCACertificates may be specified, not both. If an + * implementation does not support the WellKnownCACertificates field or the value + * supplied is not supported, the Status Conditions on the Policy MUST be + * updated to include an Accepted: False Condition with Reason: Invalid. * - * @schema GatewaySpecListenersAllowedRoutesNamespaces#selector + * + * Support: Implementation-specific + * + * @schema BackendTlsPolicySpecValidation#wellKnownCACertificates */ - readonly selector?: GatewaySpecListenersAllowedRoutesNamespacesSelector; + readonly wellKnownCaCertificates?: BackendTlsPolicySpecValidationWellKnownCaCertificates; } /** - * Converts an object of type 'GatewaySpecListenersAllowedRoutesNamespaces' to JSON representation. + * Converts an object of type 'BackendTlsPolicySpecValidation' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GatewaySpecListenersAllowedRoutesNamespaces(obj: GatewaySpecListenersAllowedRoutesNamespaces | undefined): Record | undefined { +export function toJson_BackendTlsPolicySpecValidation(obj: BackendTlsPolicySpecValidation | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'from': obj.from, - 'selector': toJson_GatewaySpecListenersAllowedRoutesNamespacesSelector(obj.selector), + 'caCertificateRefs': obj.caCertificateRefs?.map(y => toJson_BackendTlsPolicySpecValidationCaCertificateRefs(y)), + 'hostname': obj.hostname, + 'wellKnownCACertificates': obj.wellKnownCaCertificates, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -787,10 +693,8 @@ export function toJson_GatewaySpecListenersAllowedRoutesNamespaces(obj: GatewayS /* eslint-enable max-len, quote-props */ /** - * SecretObjectReference identifies an API object including its namespace, - * defaulting to Secret. - * - * + * LocalObjectReference identifies an API object within the namespace of the + * referrer. * The API object must be valid in the cluster; the Group and Kind must * be registered in the cluster for this reference to be valid. * @@ -799,61 +703,43 @@ export function toJson_GatewaySpecListenersAllowedRoutesNamespaces(obj: GatewayS * be rejected by the implementation, with appropriate Conditions set * on the containing object. * - * @schema GatewaySpecListenersTlsCertificateRefs + * @schema BackendTlsPolicySpecValidationCaCertificateRefs */ -export interface GatewaySpecListenersTlsCertificateRefs { +export interface BackendTlsPolicySpecValidationCaCertificateRefs { /** * Group is the group of the referent. For example, "gateway.networking.k8s.io". * When unspecified or empty string, core API group is inferred. * - * @schema GatewaySpecListenersTlsCertificateRefs#group + * @schema BackendTlsPolicySpecValidationCaCertificateRefs#group */ - readonly group?: string; + readonly group: string; /** - * Kind is kind of the referent. For example "Secret". + * Kind is kind of the referent. For example "HTTPRoute" or "Service". * - * @schema GatewaySpecListenersTlsCertificateRefs#kind + * @schema BackendTlsPolicySpecValidationCaCertificateRefs#kind */ - readonly kind?: string; + readonly kind: string; /** * Name is the name of the referent. * - * @schema GatewaySpecListenersTlsCertificateRefs#name + * @schema BackendTlsPolicySpecValidationCaCertificateRefs#name */ readonly name: string; - /** - * Namespace is the namespace of the referenced object. When unspecified, the local - * namespace is inferred. - * - * - * Note that when a namespace different than the local namespace is specified, - * a ReferenceGrant object is required in the referent namespace to allow that - * namespace's owner to accept the reference. See the ReferenceGrant - * documentation for details. - * - * - * Support: Core - * - * @schema GatewaySpecListenersTlsCertificateRefs#namespace - */ - readonly namespace?: string; - } /** - * Converts an object of type 'GatewaySpecListenersTlsCertificateRefs' to JSON representation. + * Converts an object of type 'BackendTlsPolicySpecValidationCaCertificateRefs' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GatewaySpecListenersTlsCertificateRefs(obj: GatewaySpecListenersTlsCertificateRefs | undefined): Record | undefined { +export function toJson_BackendTlsPolicySpecValidationCaCertificateRefs(obj: BackendTlsPolicySpecValidationCaCertificateRefs | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { 'group': obj.group, 'kind': obj.kind, 'name': obj.name, - 'namespace': obj.namespace, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -861,188 +747,66 @@ export function toJson_GatewaySpecListenersTlsCertificateRefs(obj: GatewaySpecLi /* eslint-enable max-len, quote-props */ /** - * Mode defines the TLS behavior for the TLS session initiated by the client. - * There are two possible modes: + * WellKnownCACertificates specifies whether system CA certificates may be used in + * the TLS handshake between the gateway and backend pod. * * - * - Terminate: The TLS session between the downstream client and the - * Gateway is terminated at the Gateway. This mode requires certificates - * to be specified in some way, such as populating the certificateRefs - * field. - * - Passthrough: The TLS session is NOT terminated by the Gateway. This - * implies that the Gateway can't decipher the TLS stream except for - * the ClientHello message of the TLS protocol. The certificateRefs field - * is ignored in this mode. + * If WellKnownCACertificates is unspecified or empty (""), then CACertificateRefs + * must be specified with at least one entry for a valid configuration. Only one of + * CACertificateRefs or WellKnownCACertificates may be specified, not both. If an + * implementation does not support the WellKnownCACertificates field or the value + * supplied is not supported, the Status Conditions on the Policy MUST be + * updated to include an Accepted: False Condition with Reason: Invalid. * * - * Support: Core + * Support: Implementation-specific * - * @schema GatewaySpecListenersTlsMode + * @schema BackendTlsPolicySpecValidationWellKnownCaCertificates */ -export enum GatewaySpecListenersTlsMode { - /** Terminate */ - TERMINATE = "Terminate", - /** Passthrough */ - PASSTHROUGH = "Passthrough", +export enum BackendTlsPolicySpecValidationWellKnownCaCertificates { + /** System */ + SYSTEM = "System", } -/** - * From indicates where Routes will be selected for this Gateway. Possible - * values are: - * - * - * * All: Routes in all namespaces may be used by this Gateway. - * * Selector: Routes in namespaces selected by the selector may be used by - * this Gateway. - * * Same: Only Routes in the same namespace may be used by this Gateway. - * - * - * Support: Core - * - * @schema GatewaySpecListenersAllowedRoutesNamespacesFrom - */ -export enum GatewaySpecListenersAllowedRoutesNamespacesFrom { - /** All */ - ALL = "All", - /** Selector */ - SELECTOR = "Selector", - /** Same */ - SAME = "Same", -} /** - * Selector must be specified when From is set to "Selector". In that case, - * only Routes in Namespaces matching this Selector will be selected by this - * Gateway. This field is ignored for other values of "From". - * - * - * Support: Core + * Gateway represents an instance of a service-traffic handling infrastructure +by binding Listeners to a set of IP addresses. * - * @schema GatewaySpecListenersAllowedRoutesNamespacesSelector + * @schema Gateway */ -export interface GatewaySpecListenersAllowedRoutesNamespacesSelector { +export class Gateway extends ApiObject { /** - * matchExpressions is a list of label selector requirements. The requirements are ANDed. - * - * @schema GatewaySpecListenersAllowedRoutesNamespacesSelector#matchExpressions + * Returns the apiVersion and kind for "Gateway" */ - readonly matchExpressions?: GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions[]; + public static readonly GVK: GroupVersionKind = { + apiVersion: 'gateway.networking.k8s.io/v1', + kind: 'Gateway', + } /** - * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - * map is equivalent to an element of matchExpressions, whose key field is "key", the - * operator is "In", and the values array contains only "value". The requirements are ANDed. + * Renders a Kubernetes manifest for "Gateway". * - * @schema GatewaySpecListenersAllowedRoutesNamespacesSelector#matchLabels + * This can be used to inline resource manifests inside other objects (e.g. as templates). + * + * @param props initialization props */ - readonly matchLabels?: { [key: string]: string }; - -} - -/** - * Converts an object of type 'GatewaySpecListenersAllowedRoutesNamespacesSelector' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_GatewaySpecListenersAllowedRoutesNamespacesSelector(obj: GatewaySpecListenersAllowedRoutesNamespacesSelector | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'matchExpressions': obj.matchExpressions?.map(y => toJson_GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions(y)), - 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ - -/** - * A label selector requirement is a selector that contains values, a key, and an operator that - * relates the key and values. - * - * @schema GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions - */ -export interface GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions { - /** - * key is the label key that the selector applies to. - * - * @schema GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions#key - */ - readonly key: string; - - /** - * operator represents a key's relationship to a set of values. - * Valid operators are In, NotIn, Exists and DoesNotExist. - * - * @schema GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions#operator - */ - readonly operator: string; - - /** - * values is an array of string values. If the operator is In or NotIn, - * the values array must be non-empty. If the operator is Exists or DoesNotExist, - * the values array must be empty. This array is replaced during a strategic - * merge patch. - * - * @schema GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions#values - */ - readonly values?: string[]; - -} - -/** - * Converts an object of type 'GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions(obj: GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'key': obj.key, - 'operator': obj.operator, - 'values': obj.values?.map(y => y), - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ - - -/** - * Gateway represents an instance of a service-traffic handling infrastructure -by binding Listeners to a set of IP addresses. - * - * @schema GatewayV1Beta1 - */ -export class GatewayV1Beta1 extends ApiObject { - /** - * Returns the apiVersion and kind for "GatewayV1Beta1" - */ - public static readonly GVK: GroupVersionKind = { - apiVersion: 'gateway.networking.k8s.io/v1beta1', - kind: 'Gateway', - } - - /** - * Renders a Kubernetes manifest for "GatewayV1Beta1". - * - * This can be used to inline resource manifests inside other objects (e.g. as templates). - * - * @param props initialization props - */ - public static manifest(props: GatewayV1Beta1Props): any { - return { - ...GatewayV1Beta1.GVK, - ...toJson_GatewayV1Beta1Props(props), - }; - } + public static manifest(props: GatewayProps): any { + return { + ...Gateway.GVK, + ...toJson_GatewayProps(props), + }; + } /** - * Defines a "GatewayV1Beta1" API object + * Defines a "Gateway" API object * @param scope the scope in which to define this object * @param id a scope-local name for the object * @param props initialization props */ - public constructor(scope: Construct, id: string, props: GatewayV1Beta1Props) { + public constructor(scope: Construct, id: string, props: GatewayProps) { super(scope, id, { - ...GatewayV1Beta1.GVK, + ...Gateway.GVK, ...props, }); } @@ -1054,8 +818,8 @@ export class GatewayV1Beta1 extends ApiObject { const resolved = super.toJson(); return { - ...GatewayV1Beta1.GVK, - ...toJson_GatewayV1Beta1Props(resolved), + ...Gateway.GVK, + ...toJson_GatewayProps(resolved), }; } } @@ -1064,32 +828,32 @@ export class GatewayV1Beta1 extends ApiObject { * Gateway represents an instance of a service-traffic handling infrastructure * by binding Listeners to a set of IP addresses. * - * @schema GatewayV1Beta1 + * @schema Gateway */ -export interface GatewayV1Beta1Props { +export interface GatewayProps { /** - * @schema GatewayV1Beta1#metadata + * @schema Gateway#metadata */ readonly metadata?: ApiObjectMetadata; /** * Spec defines the desired state of Gateway. * - * @schema GatewayV1Beta1#spec + * @schema Gateway#spec */ - readonly spec: GatewayV1Beta1Spec; + readonly spec: GatewaySpec; } /** - * Converts an object of type 'GatewayV1Beta1Props' to JSON representation. + * Converts an object of type 'GatewayProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GatewayV1Beta1Props(obj: GatewayV1Beta1Props | undefined): Record | undefined { +export function toJson_GatewayProps(obj: GatewayProps | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { 'metadata': obj.metadata, - 'spec': toJson_GatewayV1Beta1Spec(obj.spec), + 'spec': toJson_GatewaySpec(obj.spec), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -1099,9 +863,9 @@ export function toJson_GatewayV1Beta1Props(obj: GatewayV1Beta1Props | undefined) /** * Spec defines the desired state of Gateway. * - * @schema GatewayV1Beta1Spec + * @schema GatewaySpec */ -export interface GatewayV1Beta1Spec { +export interface GatewaySpec { /** * Addresses requested for this Gateway. This is optional and behavior can * depend on the implementation. If a value is set in the spec and the @@ -1131,18 +895,31 @@ export interface GatewayV1Beta1Spec { * * * - * @schema GatewayV1Beta1Spec#addresses + * @schema GatewaySpec#addresses */ - readonly addresses?: GatewayV1Beta1SpecAddresses[]; + readonly addresses?: GatewaySpecAddresses[]; /** * GatewayClassName used for this Gateway. This is the name of a * GatewayClass resource. * - * @schema GatewayV1Beta1Spec#gatewayClassName + * @schema GatewaySpec#gatewayClassName */ readonly gatewayClassName: string; + /** + * Infrastructure defines infrastructure level attributes about this Gateway instance. + * + * + * Support: Core + * + * + * + * + * @schema GatewaySpec#infrastructure + */ + readonly infrastructure?: GatewaySpecInfrastructure; + /** * Listeners associated with this Gateway. Listeners define * logical endpoints that are bound on this Gateway's addresses. @@ -1289,22 +1066,23 @@ export interface GatewayV1Beta1Spec { * * Support: Core * - * @schema GatewayV1Beta1Spec#listeners + * @schema GatewaySpec#listeners */ - readonly listeners: GatewayV1Beta1SpecListeners[]; + readonly listeners: GatewaySpecListeners[]; } /** - * Converts an object of type 'GatewayV1Beta1Spec' to JSON representation. + * Converts an object of type 'GatewaySpec' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GatewayV1Beta1Spec(obj: GatewayV1Beta1Spec | undefined): Record | undefined { +export function toJson_GatewaySpec(obj: GatewaySpec | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'addresses': obj.addresses?.map(y => toJson_GatewayV1Beta1SpecAddresses(y)), + 'addresses': obj.addresses?.map(y => toJson_GatewaySpecAddresses(y)), 'gatewayClassName': obj.gatewayClassName, - 'listeners': obj.listeners?.map(y => toJson_GatewayV1Beta1SpecListeners(y)), + 'infrastructure': toJson_GatewaySpecInfrastructure(obj.infrastructure), + 'listeners': obj.listeners?.map(y => toJson_GatewaySpecListeners(y)), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -1314,13 +1092,13 @@ export function toJson_GatewayV1Beta1Spec(obj: GatewayV1Beta1Spec | undefined): /** * GatewayAddress describes an address that can be bound to a Gateway. * - * @schema GatewayV1Beta1SpecAddresses + * @schema GatewaySpecAddresses */ -export interface GatewayV1Beta1SpecAddresses { +export interface GatewaySpecAddresses { /** * Type of the address. * - * @schema GatewayV1Beta1SpecAddresses#type + * @schema GatewaySpecAddresses#type */ readonly type?: string; @@ -1331,17 +1109,17 @@ export interface GatewayV1Beta1SpecAddresses { * * Examples: `1.2.3.4`, `128::1`, `my-ip-address`. * - * @schema GatewayV1Beta1SpecAddresses#value + * @schema GatewaySpecAddresses#value */ readonly value: string; } /** - * Converts an object of type 'GatewayV1Beta1SpecAddresses' to JSON representation. + * Converts an object of type 'GatewaySpecAddresses' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GatewayV1Beta1SpecAddresses(obj: GatewayV1Beta1SpecAddresses | undefined): Record | undefined { +export function toJson_GatewaySpecAddresses(obj: GatewaySpecAddresses | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { 'type': obj.type, @@ -1352,13 +1130,97 @@ export function toJson_GatewayV1Beta1SpecAddresses(obj: GatewayV1Beta1SpecAddres } /* eslint-enable max-len, quote-props */ +/** + * Infrastructure defines infrastructure level attributes about this Gateway instance. + * + * + * Support: Core + * + * + * + * + * @schema GatewaySpecInfrastructure + */ +export interface GatewaySpecInfrastructure { + /** + * Annotations that SHOULD be applied to any resources created in response to this Gateway. + * + * + * For implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources. + * For other implementations, this refers to any relevant (implementation specific) "annotations" concepts. + * + * + * An implementation may chose to add additional implementation-specific annotations as they see fit. + * + * + * Support: Extended + * + * @schema GatewaySpecInfrastructure#annotations + */ + readonly annotations?: { [key: string]: string }; + + /** + * Labels that SHOULD be applied to any resources created in response to this Gateway. + * + * + * For implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources. + * For other implementations, this refers to any relevant (implementation specific) "labels" concepts. + * + * + * An implementation may chose to add additional implementation-specific labels as they see fit. + * + * + * Support: Extended + * + * @schema GatewaySpecInfrastructure#labels + */ + readonly labels?: { [key: string]: string }; + + /** + * ParametersRef is a reference to a resource that contains the configuration + * parameters corresponding to the Gateway. This is optional if the + * controller does not require any additional configuration. + * + * + * This follows the same semantics as GatewayClass's `parametersRef`, but on a per-Gateway basis + * + * + * The Gateway's GatewayClass may provide its own `parametersRef`. When both are specified, + * the merging behavior is implementation specific. + * It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway. + * + * + * Support: Implementation-specific + * + * @schema GatewaySpecInfrastructure#parametersRef + */ + readonly parametersRef?: GatewaySpecInfrastructureParametersRef; + +} + +/** + * Converts an object of type 'GatewaySpecInfrastructure' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GatewaySpecInfrastructure(obj: GatewaySpecInfrastructure | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'annotations': ((obj.annotations) === undefined) ? undefined : (Object.entries(obj.annotations).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'labels': ((obj.labels) === undefined) ? undefined : (Object.entries(obj.labels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'parametersRef': toJson_GatewaySpecInfrastructureParametersRef(obj.parametersRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + /** * Listener embodies the concept of a logical endpoint where a Gateway accepts * network connections. * - * @schema GatewayV1Beta1SpecListeners + * @schema GatewaySpecListeners */ -export interface GatewayV1Beta1SpecListeners { +export interface GatewaySpecListeners { /** * AllowedRoutes defines the types of routes that MAY be attached to a * Listener and the trusted namespaces where those Route resources MAY be @@ -1389,9 +1251,9 @@ export interface GatewayV1Beta1SpecListeners { * * Support: Core * - * @schema GatewayV1Beta1SpecListeners#allowedRoutes + * @schema GatewaySpecListeners#allowedRoutes */ - readonly allowedRoutes?: GatewayV1Beta1SpecListenersAllowedRoutes; + readonly allowedRoutes?: GatewaySpecListenersAllowedRoutes; /** * Hostname specifies the virtual hostname to match for protocol types that @@ -1426,7 +1288,7 @@ export interface GatewayV1Beta1SpecListeners { * * Support: Core * - * @schema GatewayV1Beta1SpecListeners#hostname + * @schema GatewaySpecListeners#hostname */ readonly hostname?: string; @@ -1437,7 +1299,7 @@ export interface GatewayV1Beta1SpecListeners { * * Support: Core * - * @schema GatewayV1Beta1SpecListeners#name + * @schema GatewaySpecListeners#name */ readonly name: string; @@ -1448,7 +1310,7 @@ export interface GatewayV1Beta1SpecListeners { * * Support: Core * - * @schema GatewayV1Beta1SpecListeners#port + * @schema GatewaySpecListeners#port */ readonly port: number; @@ -1458,7 +1320,7 @@ export interface GatewayV1Beta1SpecListeners { * * Support: Core * - * @schema GatewayV1Beta1SpecListeners#protocol + * @schema GatewaySpecListeners#protocol */ readonly protocol: string; @@ -1478,25 +1340,25 @@ export interface GatewayV1Beta1SpecListeners { * * Support: Core * - * @schema GatewayV1Beta1SpecListeners#tls + * @schema GatewaySpecListeners#tls */ - readonly tls?: GatewayV1Beta1SpecListenersTls; + readonly tls?: GatewaySpecListenersTls; } /** - * Converts an object of type 'GatewayV1Beta1SpecListeners' to JSON representation. + * Converts an object of type 'GatewaySpecListeners' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GatewayV1Beta1SpecListeners(obj: GatewayV1Beta1SpecListeners | undefined): Record | undefined { +export function toJson_GatewaySpecListeners(obj: GatewaySpecListeners | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'allowedRoutes': toJson_GatewayV1Beta1SpecListenersAllowedRoutes(obj.allowedRoutes), + 'allowedRoutes': toJson_GatewaySpecListenersAllowedRoutes(obj.allowedRoutes), 'hostname': obj.hostname, 'name': obj.name, 'port': obj.port, 'protocol': obj.protocol, - 'tls': toJson_GatewayV1Beta1SpecListenersTls(obj.tls), + 'tls': toJson_GatewaySpecListenersTls(obj.tls), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -1504,13 +1366,71 @@ export function toJson_GatewayV1Beta1SpecListeners(obj: GatewayV1Beta1SpecListen /* eslint-enable max-len, quote-props */ /** - * AllowedRoutes defines the types of routes that MAY be attached to a - * Listener and the trusted namespaces where those Route resources MAY be - * present. + * ParametersRef is a reference to a resource that contains the configuration + * parameters corresponding to the Gateway. This is optional if the + * controller does not require any additional configuration. * * - * Although a client request may match multiple route rules, only one rule - * may ultimately receive the request. Matching precedence MUST be + * This follows the same semantics as GatewayClass's `parametersRef`, but on a per-Gateway basis + * + * + * The Gateway's GatewayClass may provide its own `parametersRef`. When both are specified, + * the merging behavior is implementation specific. + * It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway. + * + * + * Support: Implementation-specific + * + * @schema GatewaySpecInfrastructureParametersRef + */ +export interface GatewaySpecInfrastructureParametersRef { + /** + * Group is the group of the referent. + * + * @schema GatewaySpecInfrastructureParametersRef#group + */ + readonly group: string; + + /** + * Kind is kind of the referent. + * + * @schema GatewaySpecInfrastructureParametersRef#kind + */ + readonly kind: string; + + /** + * Name is the name of the referent. + * + * @schema GatewaySpecInfrastructureParametersRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'GatewaySpecInfrastructureParametersRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GatewaySpecInfrastructureParametersRef(obj: GatewaySpecInfrastructureParametersRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * AllowedRoutes defines the types of routes that MAY be attached to a + * Listener and the trusted namespaces where those Route resources MAY be + * present. + * + * + * Although a client request may match multiple route rules, only one rule + * may ultimately receive the request. Matching precedence MUST be * determined in order of the following criteria: * * @@ -1533,9 +1453,9 @@ export function toJson_GatewayV1Beta1SpecListeners(obj: GatewayV1Beta1SpecListen * * Support: Core * - * @schema GatewayV1Beta1SpecListenersAllowedRoutes + * @schema GatewaySpecListenersAllowedRoutes */ -export interface GatewayV1Beta1SpecListenersAllowedRoutes { +export interface GatewaySpecListenersAllowedRoutes { /** * Kinds specifies the groups and kinds of Routes that are allowed to bind * to this Gateway Listener. When unspecified or empty, the kinds of Routes @@ -1551,9 +1471,9 @@ export interface GatewayV1Beta1SpecListenersAllowedRoutes { * * Support: Core * - * @schema GatewayV1Beta1SpecListenersAllowedRoutes#kinds + * @schema GatewaySpecListenersAllowedRoutes#kinds */ - readonly kinds?: GatewayV1Beta1SpecListenersAllowedRoutesKinds[]; + readonly kinds?: GatewaySpecListenersAllowedRoutesKinds[]; /** * Namespaces indicates namespaces from which Routes may be attached to this @@ -1562,21 +1482,21 @@ export interface GatewayV1Beta1SpecListenersAllowedRoutes { * * Support: Core * - * @schema GatewayV1Beta1SpecListenersAllowedRoutes#namespaces + * @schema GatewaySpecListenersAllowedRoutes#namespaces */ - readonly namespaces?: GatewayV1Beta1SpecListenersAllowedRoutesNamespaces; + readonly namespaces?: GatewaySpecListenersAllowedRoutesNamespaces; } /** - * Converts an object of type 'GatewayV1Beta1SpecListenersAllowedRoutes' to JSON representation. + * Converts an object of type 'GatewaySpecListenersAllowedRoutes' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GatewayV1Beta1SpecListenersAllowedRoutes(obj: GatewayV1Beta1SpecListenersAllowedRoutes | undefined): Record | undefined { +export function toJson_GatewaySpecListenersAllowedRoutes(obj: GatewaySpecListenersAllowedRoutes | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'kinds': obj.kinds?.map(y => toJson_GatewayV1Beta1SpecListenersAllowedRoutesKinds(y)), - 'namespaces': toJson_GatewayV1Beta1SpecListenersAllowedRoutesNamespaces(obj.namespaces), + 'kinds': obj.kinds?.map(y => toJson_GatewaySpecListenersAllowedRoutesKinds(y)), + 'namespaces': toJson_GatewaySpecListenersAllowedRoutesNamespaces(obj.namespaces), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -1599,9 +1519,9 @@ export function toJson_GatewayV1Beta1SpecListenersAllowedRoutes(obj: GatewayV1Be * * Support: Core * - * @schema GatewayV1Beta1SpecListenersTls + * @schema GatewaySpecListenersTls */ -export interface GatewayV1Beta1SpecListenersTls { +export interface GatewaySpecListenersTls { /** * CertificateRefs contains a series of references to Kubernetes objects that * contains TLS certificates and private keys. These certificates are used to @@ -1634,9 +1554,26 @@ export interface GatewayV1Beta1SpecListenersTls { * * Support: Implementation-specific (More than one reference or other resource types) * - * @schema GatewayV1Beta1SpecListenersTls#certificateRefs + * @schema GatewaySpecListenersTls#certificateRefs */ - readonly certificateRefs?: GatewayV1Beta1SpecListenersTlsCertificateRefs[]; + readonly certificateRefs?: GatewaySpecListenersTlsCertificateRefs[]; + + /** + * FrontendValidation holds configuration information for validating the frontend (client). + * Setting this field will require clients to send a client certificate + * required for validation during the TLS handshake. In browsers this may result in a dialog appearing + * that requests a user to specify the client certificate. + * The maximum depth of a certificate chain accepted in verification is Implementation specific. + * + * + * Support: Extended + * + * + * + * + * @schema GatewaySpecListenersTls#frontendValidation + */ + readonly frontendValidation?: GatewaySpecListenersTlsFrontendValidation; /** * Mode defines the TLS behavior for the TLS session initiated by the client. @@ -1655,9 +1592,9 @@ export interface GatewayV1Beta1SpecListenersTls { * * Support: Core * - * @schema GatewayV1Beta1SpecListenersTls#mode + * @schema GatewaySpecListenersTls#mode */ - readonly mode?: GatewayV1Beta1SpecListenersTlsMode; + readonly mode?: GatewaySpecListenersTlsMode; /** * Options are a list of key/value pairs to enable extended TLS @@ -1673,20 +1610,21 @@ export interface GatewayV1Beta1SpecListenersTls { * * Support: Implementation-specific * - * @schema GatewayV1Beta1SpecListenersTls#options + * @schema GatewaySpecListenersTls#options */ readonly options?: { [key: string]: string }; } /** - * Converts an object of type 'GatewayV1Beta1SpecListenersTls' to JSON representation. + * Converts an object of type 'GatewaySpecListenersTls' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GatewayV1Beta1SpecListenersTls(obj: GatewayV1Beta1SpecListenersTls | undefined): Record | undefined { +export function toJson_GatewaySpecListenersTls(obj: GatewaySpecListenersTls | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'certificateRefs': obj.certificateRefs?.map(y => toJson_GatewayV1Beta1SpecListenersTlsCertificateRefs(y)), + 'certificateRefs': obj.certificateRefs?.map(y => toJson_GatewaySpecListenersTlsCertificateRefs(y)), + 'frontendValidation': toJson_GatewaySpecListenersTlsFrontendValidation(obj.frontendValidation), 'mode': obj.mode, 'options': ((obj.options) === undefined) ? undefined : (Object.entries(obj.options).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), }; @@ -1698,30 +1636,30 @@ export function toJson_GatewayV1Beta1SpecListenersTls(obj: GatewayV1Beta1SpecLis /** * RouteGroupKind indicates the group and kind of a Route resource. * - * @schema GatewayV1Beta1SpecListenersAllowedRoutesKinds + * @schema GatewaySpecListenersAllowedRoutesKinds */ -export interface GatewayV1Beta1SpecListenersAllowedRoutesKinds { +export interface GatewaySpecListenersAllowedRoutesKinds { /** * Group is the group of the Route. * - * @schema GatewayV1Beta1SpecListenersAllowedRoutesKinds#group + * @schema GatewaySpecListenersAllowedRoutesKinds#group */ readonly group?: string; /** * Kind is the kind of the Route. * - * @schema GatewayV1Beta1SpecListenersAllowedRoutesKinds#kind + * @schema GatewaySpecListenersAllowedRoutesKinds#kind */ readonly kind: string; } /** - * Converts an object of type 'GatewayV1Beta1SpecListenersAllowedRoutesKinds' to JSON representation. + * Converts an object of type 'GatewaySpecListenersAllowedRoutesKinds' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GatewayV1Beta1SpecListenersAllowedRoutesKinds(obj: GatewayV1Beta1SpecListenersAllowedRoutesKinds | undefined): Record | undefined { +export function toJson_GatewaySpecListenersAllowedRoutesKinds(obj: GatewaySpecListenersAllowedRoutesKinds | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { 'group': obj.group, @@ -1739,9 +1677,9 @@ export function toJson_GatewayV1Beta1SpecListenersAllowedRoutesKinds(obj: Gatewa * * Support: Core * - * @schema GatewayV1Beta1SpecListenersAllowedRoutesNamespaces + * @schema GatewaySpecListenersAllowedRoutesNamespaces */ -export interface GatewayV1Beta1SpecListenersAllowedRoutesNamespaces { +export interface GatewaySpecListenersAllowedRoutesNamespaces { /** * From indicates where Routes will be selected for this Gateway. Possible * values are: @@ -1755,9 +1693,9 @@ export interface GatewayV1Beta1SpecListenersAllowedRoutesNamespaces { * * Support: Core * - * @schema GatewayV1Beta1SpecListenersAllowedRoutesNamespaces#from + * @schema GatewaySpecListenersAllowedRoutesNamespaces#from */ - readonly from?: GatewayV1Beta1SpecListenersAllowedRoutesNamespacesFrom; + readonly from?: GatewaySpecListenersAllowedRoutesNamespacesFrom; /** * Selector must be specified when From is set to "Selector". In that case, @@ -1767,21 +1705,21 @@ export interface GatewayV1Beta1SpecListenersAllowedRoutesNamespaces { * * Support: Core * - * @schema GatewayV1Beta1SpecListenersAllowedRoutesNamespaces#selector + * @schema GatewaySpecListenersAllowedRoutesNamespaces#selector */ - readonly selector?: GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelector; + readonly selector?: GatewaySpecListenersAllowedRoutesNamespacesSelector; } /** - * Converts an object of type 'GatewayV1Beta1SpecListenersAllowedRoutesNamespaces' to JSON representation. + * Converts an object of type 'GatewaySpecListenersAllowedRoutesNamespaces' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GatewayV1Beta1SpecListenersAllowedRoutesNamespaces(obj: GatewayV1Beta1SpecListenersAllowedRoutesNamespaces | undefined): Record | undefined { +export function toJson_GatewaySpecListenersAllowedRoutesNamespaces(obj: GatewaySpecListenersAllowedRoutesNamespaces | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { 'from': obj.from, - 'selector': toJson_GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelector(obj.selector), + 'selector': toJson_GatewaySpecListenersAllowedRoutesNamespacesSelector(obj.selector), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -1801,28 +1739,28 @@ export function toJson_GatewayV1Beta1SpecListenersAllowedRoutesNamespaces(obj: G * be rejected by the implementation, with appropriate Conditions set * on the containing object. * - * @schema GatewayV1Beta1SpecListenersTlsCertificateRefs + * @schema GatewaySpecListenersTlsCertificateRefs */ -export interface GatewayV1Beta1SpecListenersTlsCertificateRefs { +export interface GatewaySpecListenersTlsCertificateRefs { /** * Group is the group of the referent. For example, "gateway.networking.k8s.io". * When unspecified or empty string, core API group is inferred. * - * @schema GatewayV1Beta1SpecListenersTlsCertificateRefs#group + * @schema GatewaySpecListenersTlsCertificateRefs#group */ readonly group?: string; /** * Kind is kind of the referent. For example "Secret". * - * @schema GatewayV1Beta1SpecListenersTlsCertificateRefs#kind + * @schema GatewaySpecListenersTlsCertificateRefs#kind */ readonly kind?: string; /** * Name is the name of the referent. * - * @schema GatewayV1Beta1SpecListenersTlsCertificateRefs#name + * @schema GatewaySpecListenersTlsCertificateRefs#name */ readonly name: string; @@ -1839,17 +1777,17 @@ export interface GatewayV1Beta1SpecListenersTlsCertificateRefs { * * Support: Core * - * @schema GatewayV1Beta1SpecListenersTlsCertificateRefs#namespace + * @schema GatewaySpecListenersTlsCertificateRefs#namespace */ readonly namespace?: string; } /** - * Converts an object of type 'GatewayV1Beta1SpecListenersTlsCertificateRefs' to JSON representation. + * Converts an object of type 'GatewaySpecListenersTlsCertificateRefs' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GatewayV1Beta1SpecListenersTlsCertificateRefs(obj: GatewayV1Beta1SpecListenersTlsCertificateRefs | undefined): Record | undefined { +export function toJson_GatewaySpecListenersTlsCertificateRefs(obj: GatewaySpecListenersTlsCertificateRefs | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { 'group': obj.group, @@ -1862,6 +1800,69 @@ export function toJson_GatewayV1Beta1SpecListenersTlsCertificateRefs(obj: Gatewa } /* eslint-enable max-len, quote-props */ +/** + * FrontendValidation holds configuration information for validating the frontend (client). + * Setting this field will require clients to send a client certificate + * required for validation during the TLS handshake. In browsers this may result in a dialog appearing + * that requests a user to specify the client certificate. + * The maximum depth of a certificate chain accepted in verification is Implementation specific. + * + * + * Support: Extended + * + * + * + * + * @schema GatewaySpecListenersTlsFrontendValidation + */ +export interface GatewaySpecListenersTlsFrontendValidation { + /** + * CACertificateRefs contains one or more references to + * Kubernetes objects that contain TLS certificates of + * the Certificate Authorities that can be used + * as a trust anchor to validate the certificates presented by the client. + * + * + * A single CA certificate reference to a Kubernetes ConfigMap + * has "Core" support. + * Implementations MAY choose to support attaching multiple CA certificates to + * a Listener, but this behavior is implementation-specific. + * + * + * Support: Core - A single reference to a Kubernetes ConfigMap + * with the CA certificate in a key named `ca.crt`. + * + * + * Support: Implementation-specific (More than one reference, or other kinds + * of resources). + * + * + * References to a resource in a different namespace are invalid UNLESS there + * is a ReferenceGrant in the target namespace that allows the certificate + * to be attached. If a ReferenceGrant does not allow this reference, the + * "ResolvedRefs" condition MUST be set to False for this listener with the + * "RefNotPermitted" reason. + * + * @schema GatewaySpecListenersTlsFrontendValidation#caCertificateRefs + */ + readonly caCertificateRefs?: GatewaySpecListenersTlsFrontendValidationCaCertificateRefs[]; + +} + +/** + * Converts an object of type 'GatewaySpecListenersTlsFrontendValidation' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GatewaySpecListenersTlsFrontendValidation(obj: GatewaySpecListenersTlsFrontendValidation | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'caCertificateRefs': obj.caCertificateRefs?.map(y => toJson_GatewaySpecListenersTlsFrontendValidationCaCertificateRefs(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + /** * Mode defines the TLS behavior for the TLS session initiated by the client. * There are two possible modes: @@ -1879,9 +1880,9 @@ export function toJson_GatewayV1Beta1SpecListenersTlsCertificateRefs(obj: Gatewa * * Support: Core * - * @schema GatewayV1Beta1SpecListenersTlsMode + * @schema GatewaySpecListenersTlsMode */ -export enum GatewayV1Beta1SpecListenersTlsMode { +export enum GatewaySpecListenersTlsMode { /** Terminate */ TERMINATE = "Terminate", /** Passthrough */ @@ -1901,9 +1902,9 @@ export enum GatewayV1Beta1SpecListenersTlsMode { * * Support: Core * - * @schema GatewayV1Beta1SpecListenersAllowedRoutesNamespacesFrom + * @schema GatewaySpecListenersAllowedRoutesNamespacesFrom */ -export enum GatewayV1Beta1SpecListenersAllowedRoutesNamespacesFrom { +export enum GatewaySpecListenersAllowedRoutesNamespacesFrom { /** All */ ALL = "All", /** Selector */ @@ -1920,35 +1921,35 @@ export enum GatewayV1Beta1SpecListenersAllowedRoutesNamespacesFrom { * * Support: Core * - * @schema GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelector + * @schema GatewaySpecListenersAllowedRoutesNamespacesSelector */ -export interface GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelector { +export interface GatewaySpecListenersAllowedRoutesNamespacesSelector { /** * matchExpressions is a list of label selector requirements. The requirements are ANDed. * - * @schema GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelector#matchExpressions + * @schema GatewaySpecListenersAllowedRoutesNamespacesSelector#matchExpressions */ - readonly matchExpressions?: GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelectorMatchExpressions[]; + readonly matchExpressions?: GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions[]; /** * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels * map is equivalent to an element of matchExpressions, whose key field is "key", the * operator is "In", and the values array contains only "value". The requirements are ANDed. * - * @schema GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelector#matchLabels + * @schema GatewaySpecListenersAllowedRoutesNamespacesSelector#matchLabels */ readonly matchLabels?: { [key: string]: string }; } /** - * Converts an object of type 'GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelector' to JSON representation. + * Converts an object of type 'GatewaySpecListenersAllowedRoutesNamespacesSelector' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelector(obj: GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelector | undefined): Record | undefined { +export function toJson_GatewaySpecListenersAllowedRoutesNamespacesSelector(obj: GatewaySpecListenersAllowedRoutesNamespacesSelector | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'matchExpressions': obj.matchExpressions?.map(y => toJson_GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelectorMatchExpressions(y)), + 'matchExpressions': obj.matchExpressions?.map(y => toJson_GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions(y)), 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), }; // filter undefined values @@ -1957,112 +1958,167 @@ export function toJson_GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelecto /* eslint-enable max-len, quote-props */ /** - * A label selector requirement is a selector that contains values, a key, and an operator that - * relates the key and values. + * ObjectReference identifies an API object including its namespace. * - * @schema GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelectorMatchExpressions + * + * The API object must be valid in the cluster; the Group and Kind must + * be registered in the cluster for this reference to be valid. + * + * + * References to objects with invalid Group and Kind are not valid, and must + * be rejected by the implementation, with appropriate Conditions set + * on the containing object. + * + * @schema GatewaySpecListenersTlsFrontendValidationCaCertificateRefs */ -export interface GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelectorMatchExpressions { +export interface GatewaySpecListenersTlsFrontendValidationCaCertificateRefs { /** - * key is the label key that the selector applies to. + * Group is the group of the referent. For example, "gateway.networking.k8s.io". + * When unspecified or empty string, core API group is inferred. * - * @schema GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelectorMatchExpressions#key + * @schema GatewaySpecListenersTlsFrontendValidationCaCertificateRefs#group */ - readonly key: string; + readonly group: string; /** - * operator represents a key's relationship to a set of values. - * Valid operators are In, NotIn, Exists and DoesNotExist. + * Kind is kind of the referent. For example "ConfigMap" or "Service". * - * @schema GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelectorMatchExpressions#operator + * @schema GatewaySpecListenersTlsFrontendValidationCaCertificateRefs#kind */ - readonly operator: string; + readonly kind: string; /** - * values is an array of string values. If the operator is In or NotIn, - * the values array must be non-empty. If the operator is Exists or DoesNotExist, - * the values array must be empty. This array is replaced during a strategic - * merge patch. + * Name is the name of the referent. * - * @schema GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelectorMatchExpressions#values + * @schema GatewaySpecListenersTlsFrontendValidationCaCertificateRefs#name */ - readonly values?: string[]; - -} + readonly name: string; -/** - * Converts an object of type 'GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelectorMatchExpressions' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelectorMatchExpressions(obj: GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelectorMatchExpressions | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'key': obj.key, - 'operator': obj.operator, - 'values': obj.values?.map(y => y), - }; - // filter undefined values + /** + * Namespace is the namespace of the referenced object. When unspecified, the local + * namespace is inferred. + * + * + * Note that when a namespace different than the local namespace is specified, + * a ReferenceGrant object is required in the referent namespace to allow that + * namespace's owner to accept the reference. See the ReferenceGrant + * documentation for details. + * + * + * Support: Core + * + * @schema GatewaySpecListenersTlsFrontendValidationCaCertificateRefs#namespace + */ + readonly namespace?: string; + +} + +/** + * Converts an object of type 'GatewaySpecListenersTlsFrontendValidationCaCertificateRefs' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GatewaySpecListenersTlsFrontendValidationCaCertificateRefs(obj: GatewaySpecListenersTlsFrontendValidationCaCertificateRefs | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + 'namespace': obj.namespace, + }; + // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ - /** - * GatewayClass describes a class of Gateways available to the user for creating -Gateway resources. + * A label selector requirement is a selector that contains values, a key, and an operator that + * relates the key and values. + * + * @schema GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions + */ +export interface GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions#key + */ + readonly key: string; + /** + * operator represents a key's relationship to a set of values. + * Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions#operator + */ + readonly operator: string; -It is recommended that this resource be used as a template for Gateways. This -means that a Gateway is based on the state of the GatewayClass at the time it -was created and changes to the GatewayClass or associated parameters are not -propagated down to existing Gateways. This recommendation is intended to -limit the blast radius of changes to GatewayClass or associated parameters. -If implementations choose to propagate GatewayClass changes to existing -Gateways, that MUST be clearly documented by the implementation. + /** + * values is an array of string values. If the operator is In or NotIn, + * the values array must be non-empty. If the operator is Exists or DoesNotExist, + * the values array must be empty. This array is replaced during a strategic + * merge patch. + * + * @schema GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions#values + */ + readonly values?: string[]; +} -Whenever one or more Gateways are using a GatewayClass, implementations SHOULD -add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the -associated GatewayClass. This ensures that a GatewayClass associated with a -Gateway is not deleted while in use. +/** + * Converts an object of type 'GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions(obj: GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ -GatewayClass is a Cluster level resource. +/** + * Gateway represents an instance of a service-traffic handling infrastructure +by binding Listeners to a set of IP addresses. * - * @schema GatewayClass + * @schema GatewayV1Beta1 */ -export class GatewayClass extends ApiObject { +export class GatewayV1Beta1 extends ApiObject { /** - * Returns the apiVersion and kind for "GatewayClass" + * Returns the apiVersion and kind for "GatewayV1Beta1" */ public static readonly GVK: GroupVersionKind = { - apiVersion: 'gateway.networking.k8s.io/v1', - kind: 'GatewayClass', + apiVersion: 'gateway.networking.k8s.io/v1beta1', + kind: 'Gateway', } /** - * Renders a Kubernetes manifest for "GatewayClass". + * Renders a Kubernetes manifest for "GatewayV1Beta1". * * This can be used to inline resource manifests inside other objects (e.g. as templates). * * @param props initialization props */ - public static manifest(props: GatewayClassProps): any { + public static manifest(props: GatewayV1Beta1Props): any { return { - ...GatewayClass.GVK, - ...toJson_GatewayClassProps(props), + ...GatewayV1Beta1.GVK, + ...toJson_GatewayV1Beta1Props(props), }; } /** - * Defines a "GatewayClass" API object + * Defines a "GatewayV1Beta1" API object * @param scope the scope in which to define this object * @param id a scope-local name for the object * @param props initialization props */ - public constructor(scope: Construct, id: string, props: GatewayClassProps) { + public constructor(scope: Construct, id: string, props: GatewayV1Beta1Props) { super(scope, id, { - ...GatewayClass.GVK, + ...GatewayV1Beta1.GVK, ...props, }); } @@ -2074,60 +2130,42 @@ export class GatewayClass extends ApiObject { const resolved = super.toJson(); return { - ...GatewayClass.GVK, - ...toJson_GatewayClassProps(resolved), + ...GatewayV1Beta1.GVK, + ...toJson_GatewayV1Beta1Props(resolved), }; } } /** - * GatewayClass describes a class of Gateways available to the user for creating - * Gateway resources. - * - * - * It is recommended that this resource be used as a template for Gateways. This - * means that a Gateway is based on the state of the GatewayClass at the time it - * was created and changes to the GatewayClass or associated parameters are not - * propagated down to existing Gateways. This recommendation is intended to - * limit the blast radius of changes to GatewayClass or associated parameters. - * If implementations choose to propagate GatewayClass changes to existing - * Gateways, that MUST be clearly documented by the implementation. - * - * - * Whenever one or more Gateways are using a GatewayClass, implementations SHOULD - * add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the - * associated GatewayClass. This ensures that a GatewayClass associated with a - * Gateway is not deleted while in use. - * - * - * GatewayClass is a Cluster level resource. + * Gateway represents an instance of a service-traffic handling infrastructure + * by binding Listeners to a set of IP addresses. * - * @schema GatewayClass + * @schema GatewayV1Beta1 */ -export interface GatewayClassProps { +export interface GatewayV1Beta1Props { /** - * @schema GatewayClass#metadata + * @schema GatewayV1Beta1#metadata */ readonly metadata?: ApiObjectMetadata; /** - * Spec defines the desired state of GatewayClass. + * Spec defines the desired state of Gateway. * - * @schema GatewayClass#spec + * @schema GatewayV1Beta1#spec */ - readonly spec: GatewayClassSpec; + readonly spec: GatewayV1Beta1Spec; } /** - * Converts an object of type 'GatewayClassProps' to JSON representation. + * Converts an object of type 'GatewayV1Beta1Props' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GatewayClassProps(obj: GatewayClassProps | undefined): Record | undefined { +export function toJson_GatewayV1Beta1Props(obj: GatewayV1Beta1Props | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { 'metadata': obj.metadata, - 'spec': toJson_GatewayClassSpec(obj.spec), + 'spec': toJson_GatewayV1Beta1Spec(obj.spec), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -2135,275 +2173,3526 @@ export function toJson_GatewayClassProps(obj: GatewayClassProps | undefined): Re /* eslint-enable max-len, quote-props */ /** - * Spec defines the desired state of GatewayClass. + * Spec defines the desired state of Gateway. * - * @schema GatewayClassSpec + * @schema GatewayV1Beta1Spec */ -export interface GatewayClassSpec { +export interface GatewayV1Beta1Spec { /** - * ControllerName is the name of the controller that is managing Gateways of - * this class. The value of this field MUST be a domain prefixed path. + * Addresses requested for this Gateway. This is optional and behavior can + * depend on the implementation. If a value is set in the spec and the + * requested address is invalid or unavailable, the implementation MUST + * indicate this in the associated entry in GatewayStatus.Addresses. * * - * Example: "example.net/gateway-controller". + * The Addresses field represents a request for the address(es) on the + * "outside of the Gateway", that traffic bound for this Gateway will use. + * This could be the IP address or hostname of an external load balancer or + * other networking infrastructure, or some other address that traffic will + * be sent to. * * - * This field is not mutable and cannot be empty. + * If no Addresses are specified, the implementation MAY schedule the + * Gateway in an implementation-specific manner, assigning an appropriate + * set of Addresses. * * - * Support: Core + * The implementation MUST bind all Listeners to every GatewayAddress that + * it assigns to the Gateway and add a corresponding entry in + * GatewayStatus.Addresses. * - * @schema GatewayClassSpec#controllerName + * + * Support: Extended + * + * + * + * + * @schema GatewayV1Beta1Spec#addresses */ - readonly controllerName: string; + readonly addresses?: GatewayV1Beta1SpecAddresses[]; /** - * Description helps describe a GatewayClass with more details. + * GatewayClassName used for this Gateway. This is the name of a + * GatewayClass resource. * - * @schema GatewayClassSpec#description + * @schema GatewayV1Beta1Spec#gatewayClassName */ - readonly description?: string; + readonly gatewayClassName: string; /** - * ParametersRef is a reference to a resource that contains the configuration - * parameters corresponding to the GatewayClass. This is optional if the - * controller does not require any additional configuration. + * Infrastructure defines infrastructure level attributes about this Gateway instance. * * - * ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, - * or an implementation-specific custom resource. The resource can be - * cluster-scoped or namespace-scoped. + * Support: Core * * - * If the referent cannot be found, the GatewayClass's "InvalidParameters" - * status condition will be true. * * - * A Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified, - * the merging behavior is implementation specific. - * It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway. + * @schema GatewayV1Beta1Spec#infrastructure + */ + readonly infrastructure?: GatewayV1Beta1SpecInfrastructure; + + /** + * Listeners associated with this Gateway. Listeners define + * logical endpoints that are bound on this Gateway's addresses. + * At least one Listener MUST be specified. * * - * Support: Implementation-specific + * Each Listener in a set of Listeners (for example, in a single Gateway) + * MUST be _distinct_, in that a traffic flow MUST be able to be assigned to + * exactly one listener. (This section uses "set of Listeners" rather than + * "Listeners in a single Gateway" because implementations MAY merge configuration + * from multiple Gateways onto a single data plane, and these rules _also_ + * apply in that case). * - * @schema GatewayClassSpec#parametersRef - */ - readonly parametersRef?: GatewayClassSpecParametersRef; - -} - -/** - * Converts an object of type 'GatewayClassSpec' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_GatewayClassSpec(obj: GatewayClassSpec | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'controllerName': obj.controllerName, - 'description': obj.description, - 'parametersRef': toJson_GatewayClassSpecParametersRef(obj.parametersRef), - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ - -/** - * ParametersRef is a reference to a resource that contains the configuration - * parameters corresponding to the GatewayClass. This is optional if the - * controller does not require any additional configuration. - * - * - * ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, + * + * Practically, this means that each listener in a set MUST have a unique + * combination of Port, Protocol, and, if supported by the protocol, Hostname. + * + * + * Some combinations of port, protocol, and TLS settings are considered + * Core support and MUST be supported by implementations based on their + * targeted conformance profile: + * + * + * HTTP Profile + * + * + * 1. HTTPRoute, Port: 80, Protocol: HTTP + * 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided + * + * + * TLS Profile + * + * + * 1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough + * + * + * "Distinct" Listeners have the following property: + * + * + * The implementation can match inbound requests to a single distinct + * Listener. When multiple Listeners share values for fields (for + * example, two Listeners with the same Port value), the implementation + * can match requests to only one of the Listeners using other + * Listener fields. + * + * + * For example, the following Listener scenarios are distinct: + * + * + * 1. Multiple Listeners with the same Port that all use the "HTTP" + * Protocol that all have unique Hostname values. + * 2. Multiple Listeners with the same Port that use either the "HTTPS" or + * "TLS" Protocol that all have unique Hostname values. + * 3. A mixture of "TCP" and "UDP" Protocol Listeners, where no Listener + * with the same Protocol has the same Port value. + * + * + * Some fields in the Listener struct have possible values that affect + * whether the Listener is distinct. Hostname is particularly relevant + * for HTTP or HTTPS protocols. + * + * + * When using the Hostname value to select between same-Port, same-Protocol + * Listeners, the Hostname value must be different on each Listener for the + * Listener to be distinct. + * + * + * When the Listeners are distinct based on Hostname, inbound request + * hostnames MUST match from the most specific to least specific Hostname + * values to choose the correct Listener and its associated set of Routes. + * + * + * Exact matches must be processed before wildcard matches, and wildcard + * matches must be processed before fallback (empty Hostname value) + * matches. For example, `"foo.example.com"` takes precedence over + * `"*.example.com"`, and `"*.example.com"` takes precedence over `""`. + * + * + * Additionally, if there are multiple wildcard entries, more specific + * wildcard entries must be processed before less specific wildcard entries. + * For example, `"*.foo.example.com"` takes precedence over `"*.example.com"`. + * The precise definition here is that the higher the number of dots in the + * hostname to the right of the wildcard character, the higher the precedence. + * + * + * The wildcard character will match any number of characters _and dots_ to + * the left, however, so `"*.example.com"` will match both + * `"foo.bar.example.com"` _and_ `"bar.example.com"`. + * + * + * If a set of Listeners contains Listeners that are not distinct, then those + * Listeners are Conflicted, and the implementation MUST set the "Conflicted" + * condition in the Listener Status to "True". + * + * + * Implementations MAY choose to accept a Gateway with some Conflicted + * Listeners only if they only accept the partial Listener set that contains + * no Conflicted Listeners. To put this another way, implementations may + * accept a partial Listener set only if they throw out *all* the conflicting + * Listeners. No picking one of the conflicting listeners as the winner. + * This also means that the Gateway must have at least one non-conflicting + * Listener in this case, otherwise it violates the requirement that at + * least one Listener must be present. + * + * + * The implementation MUST set a "ListenersNotValid" condition on the + * Gateway Status when the Gateway contains Conflicted Listeners whether or + * not they accept the Gateway. That Condition SHOULD clearly + * indicate in the Message which Listeners are conflicted, and which are + * Accepted. Additionally, the Listener status for those listeners SHOULD + * indicate which Listeners are conflicted and not Accepted. + * + * + * A Gateway's Listeners are considered "compatible" if: + * + * + * 1. They are distinct. + * 2. The implementation can serve them in compliance with the Addresses + * requirement that all Listeners are available on all assigned + * addresses. + * + * + * Compatible combinations in Extended support are expected to vary across + * implementations. A combination that is compatible for one implementation + * may not be compatible for another. + * + * + * For example, an implementation that cannot serve both TCP and UDP listeners + * on the same address, or cannot mix HTTPS and generic TLS listens on the same port + * would not consider those cases compatible, even though they are distinct. + * + * + * Note that requests SHOULD match at most one Listener. For example, if + * Listeners are defined for "foo.example.com" and "*.example.com", a + * request to "foo.example.com" SHOULD only be routed using routes attached + * to the "foo.example.com" Listener (and not the "*.example.com" Listener). + * This concept is known as "Listener Isolation". Implementations that do + * not support Listener Isolation MUST clearly document this. + * + * + * Implementations MAY merge separate Gateways onto a single set of + * Addresses if all Listeners across all Gateways are compatible. + * + * + * Support: Core + * + * @schema GatewayV1Beta1Spec#listeners + */ + readonly listeners: GatewayV1Beta1SpecListeners[]; + +} + +/** + * Converts an object of type 'GatewayV1Beta1Spec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GatewayV1Beta1Spec(obj: GatewayV1Beta1Spec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'addresses': obj.addresses?.map(y => toJson_GatewayV1Beta1SpecAddresses(y)), + 'gatewayClassName': obj.gatewayClassName, + 'infrastructure': toJson_GatewayV1Beta1SpecInfrastructure(obj.infrastructure), + 'listeners': obj.listeners?.map(y => toJson_GatewayV1Beta1SpecListeners(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * GatewayAddress describes an address that can be bound to a Gateway. + * + * @schema GatewayV1Beta1SpecAddresses + */ +export interface GatewayV1Beta1SpecAddresses { + /** + * Type of the address. + * + * @schema GatewayV1Beta1SpecAddresses#type + */ + readonly type?: string; + + /** + * Value of the address. The validity of the values will depend + * on the type and support by the controller. + * + * + * Examples: `1.2.3.4`, `128::1`, `my-ip-address`. + * + * @schema GatewayV1Beta1SpecAddresses#value + */ + readonly value: string; + +} + +/** + * Converts an object of type 'GatewayV1Beta1SpecAddresses' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GatewayV1Beta1SpecAddresses(obj: GatewayV1Beta1SpecAddresses | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'type': obj.type, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Infrastructure defines infrastructure level attributes about this Gateway instance. + * + * + * Support: Core + * + * + * + * + * @schema GatewayV1Beta1SpecInfrastructure + */ +export interface GatewayV1Beta1SpecInfrastructure { + /** + * Annotations that SHOULD be applied to any resources created in response to this Gateway. + * + * + * For implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources. + * For other implementations, this refers to any relevant (implementation specific) "annotations" concepts. + * + * + * An implementation may chose to add additional implementation-specific annotations as they see fit. + * + * + * Support: Extended + * + * @schema GatewayV1Beta1SpecInfrastructure#annotations + */ + readonly annotations?: { [key: string]: string }; + + /** + * Labels that SHOULD be applied to any resources created in response to this Gateway. + * + * + * For implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources. + * For other implementations, this refers to any relevant (implementation specific) "labels" concepts. + * + * + * An implementation may chose to add additional implementation-specific labels as they see fit. + * + * + * Support: Extended + * + * @schema GatewayV1Beta1SpecInfrastructure#labels + */ + readonly labels?: { [key: string]: string }; + + /** + * ParametersRef is a reference to a resource that contains the configuration + * parameters corresponding to the Gateway. This is optional if the + * controller does not require any additional configuration. + * + * + * This follows the same semantics as GatewayClass's `parametersRef`, but on a per-Gateway basis + * + * + * The Gateway's GatewayClass may provide its own `parametersRef`. When both are specified, + * the merging behavior is implementation specific. + * It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway. + * + * + * Support: Implementation-specific + * + * @schema GatewayV1Beta1SpecInfrastructure#parametersRef + */ + readonly parametersRef?: GatewayV1Beta1SpecInfrastructureParametersRef; + +} + +/** + * Converts an object of type 'GatewayV1Beta1SpecInfrastructure' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GatewayV1Beta1SpecInfrastructure(obj: GatewayV1Beta1SpecInfrastructure | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'annotations': ((obj.annotations) === undefined) ? undefined : (Object.entries(obj.annotations).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'labels': ((obj.labels) === undefined) ? undefined : (Object.entries(obj.labels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'parametersRef': toJson_GatewayV1Beta1SpecInfrastructureParametersRef(obj.parametersRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Listener embodies the concept of a logical endpoint where a Gateway accepts + * network connections. + * + * @schema GatewayV1Beta1SpecListeners + */ +export interface GatewayV1Beta1SpecListeners { + /** + * AllowedRoutes defines the types of routes that MAY be attached to a + * Listener and the trusted namespaces where those Route resources MAY be + * present. + * + * + * Although a client request may match multiple route rules, only one rule + * may ultimately receive the request. Matching precedence MUST be + * determined in order of the following criteria: + * + * + * * The most specific match as defined by the Route type. + * * The oldest Route based on creation timestamp. For example, a Route with + * a creation timestamp of "2020-09-08 01:02:03" is given precedence over + * a Route with a creation timestamp of "2020-09-08 01:02:04". + * * If everything else is equivalent, the Route appearing first in + * alphabetical order (namespace/name) should be given precedence. For + * example, foo/bar is given precedence over foo/baz. + * + * + * All valid rules within a Route attached to this Listener should be + * implemented. Invalid Route rules can be ignored (sometimes that will mean + * the full Route). If a Route rule transitions from valid to invalid, + * support for that Route rule should be dropped to ensure consistency. For + * example, even if a filter specified by a Route rule is invalid, the rest + * of the rules within that Route should still be supported. + * + * + * Support: Core + * + * @schema GatewayV1Beta1SpecListeners#allowedRoutes + */ + readonly allowedRoutes?: GatewayV1Beta1SpecListenersAllowedRoutes; + + /** + * Hostname specifies the virtual hostname to match for protocol types that + * define this concept. When unspecified, all hostnames are matched. This + * field is ignored for protocols that don't require hostname based + * matching. + * + * + * Implementations MUST apply Hostname matching appropriately for each of + * the following protocols: + * + * + * * TLS: The Listener Hostname MUST match the SNI. + * * HTTP: The Listener Hostname MUST match the Host header of the request. + * * HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP + * protocol layers as described above. If an implementation does not + * ensure that both the SNI and Host header match the Listener hostname, + * it MUST clearly document that. + * + * + * For HTTPRoute and TLSRoute resources, there is an interaction with the + * `spec.hostnames` array. When both listener and route specify hostnames, + * there MUST be an intersection between the values for a Route to be + * accepted. For more information, refer to the Route specific Hostnames + * documentation. + * + * + * Hostnames that are prefixed with a wildcard label (`*.`) are interpreted + * as a suffix match. That means that a match for `*.example.com` would match + * both `test.example.com`, and `foo.test.example.com`, but not `example.com`. + * + * + * Support: Core + * + * @schema GatewayV1Beta1SpecListeners#hostname + */ + readonly hostname?: string; + + /** + * Name is the name of the Listener. This name MUST be unique within a + * Gateway. + * + * + * Support: Core + * + * @schema GatewayV1Beta1SpecListeners#name + */ + readonly name: string; + + /** + * Port is the network port. Multiple listeners may use the + * same port, subject to the Listener compatibility rules. + * + * + * Support: Core + * + * @schema GatewayV1Beta1SpecListeners#port + */ + readonly port: number; + + /** + * Protocol specifies the network protocol this listener expects to receive. + * + * + * Support: Core + * + * @schema GatewayV1Beta1SpecListeners#protocol + */ + readonly protocol: string; + + /** + * TLS is the TLS configuration for the Listener. This field is required if + * the Protocol field is "HTTPS" or "TLS". It is invalid to set this field + * if the Protocol field is "HTTP", "TCP", or "UDP". + * + * + * The association of SNIs to Certificate defined in GatewayTLSConfig is + * defined based on the Hostname field for this listener. + * + * + * The GatewayClass MUST use the longest matching SNI out of all + * available certificates for any TLS handshake. + * + * + * Support: Core + * + * @schema GatewayV1Beta1SpecListeners#tls + */ + readonly tls?: GatewayV1Beta1SpecListenersTls; + +} + +/** + * Converts an object of type 'GatewayV1Beta1SpecListeners' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GatewayV1Beta1SpecListeners(obj: GatewayV1Beta1SpecListeners | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'allowedRoutes': toJson_GatewayV1Beta1SpecListenersAllowedRoutes(obj.allowedRoutes), + 'hostname': obj.hostname, + 'name': obj.name, + 'port': obj.port, + 'protocol': obj.protocol, + 'tls': toJson_GatewayV1Beta1SpecListenersTls(obj.tls), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ParametersRef is a reference to a resource that contains the configuration + * parameters corresponding to the Gateway. This is optional if the + * controller does not require any additional configuration. + * + * + * This follows the same semantics as GatewayClass's `parametersRef`, but on a per-Gateway basis + * + * + * The Gateway's GatewayClass may provide its own `parametersRef`. When both are specified, + * the merging behavior is implementation specific. + * It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway. + * + * + * Support: Implementation-specific + * + * @schema GatewayV1Beta1SpecInfrastructureParametersRef + */ +export interface GatewayV1Beta1SpecInfrastructureParametersRef { + /** + * Group is the group of the referent. + * + * @schema GatewayV1Beta1SpecInfrastructureParametersRef#group + */ + readonly group: string; + + /** + * Kind is kind of the referent. + * + * @schema GatewayV1Beta1SpecInfrastructureParametersRef#kind + */ + readonly kind: string; + + /** + * Name is the name of the referent. + * + * @schema GatewayV1Beta1SpecInfrastructureParametersRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'GatewayV1Beta1SpecInfrastructureParametersRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GatewayV1Beta1SpecInfrastructureParametersRef(obj: GatewayV1Beta1SpecInfrastructureParametersRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * AllowedRoutes defines the types of routes that MAY be attached to a + * Listener and the trusted namespaces where those Route resources MAY be + * present. + * + * + * Although a client request may match multiple route rules, only one rule + * may ultimately receive the request. Matching precedence MUST be + * determined in order of the following criteria: + * + * + * * The most specific match as defined by the Route type. + * * The oldest Route based on creation timestamp. For example, a Route with + * a creation timestamp of "2020-09-08 01:02:03" is given precedence over + * a Route with a creation timestamp of "2020-09-08 01:02:04". + * * If everything else is equivalent, the Route appearing first in + * alphabetical order (namespace/name) should be given precedence. For + * example, foo/bar is given precedence over foo/baz. + * + * + * All valid rules within a Route attached to this Listener should be + * implemented. Invalid Route rules can be ignored (sometimes that will mean + * the full Route). If a Route rule transitions from valid to invalid, + * support for that Route rule should be dropped to ensure consistency. For + * example, even if a filter specified by a Route rule is invalid, the rest + * of the rules within that Route should still be supported. + * + * + * Support: Core + * + * @schema GatewayV1Beta1SpecListenersAllowedRoutes + */ +export interface GatewayV1Beta1SpecListenersAllowedRoutes { + /** + * Kinds specifies the groups and kinds of Routes that are allowed to bind + * to this Gateway Listener. When unspecified or empty, the kinds of Routes + * selected are determined using the Listener protocol. + * + * + * A RouteGroupKind MUST correspond to kinds of Routes that are compatible + * with the application protocol specified in the Listener's Protocol field. + * If an implementation does not support or recognize this resource type, it + * MUST set the "ResolvedRefs" condition to False for this Listener with the + * "InvalidRouteKinds" reason. + * + * + * Support: Core + * + * @schema GatewayV1Beta1SpecListenersAllowedRoutes#kinds + */ + readonly kinds?: GatewayV1Beta1SpecListenersAllowedRoutesKinds[]; + + /** + * Namespaces indicates namespaces from which Routes may be attached to this + * Listener. This is restricted to the namespace of this Gateway by default. + * + * + * Support: Core + * + * @schema GatewayV1Beta1SpecListenersAllowedRoutes#namespaces + */ + readonly namespaces?: GatewayV1Beta1SpecListenersAllowedRoutesNamespaces; + +} + +/** + * Converts an object of type 'GatewayV1Beta1SpecListenersAllowedRoutes' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GatewayV1Beta1SpecListenersAllowedRoutes(obj: GatewayV1Beta1SpecListenersAllowedRoutes | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'kinds': obj.kinds?.map(y => toJson_GatewayV1Beta1SpecListenersAllowedRoutesKinds(y)), + 'namespaces': toJson_GatewayV1Beta1SpecListenersAllowedRoutesNamespaces(obj.namespaces), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * TLS is the TLS configuration for the Listener. This field is required if + * the Protocol field is "HTTPS" or "TLS". It is invalid to set this field + * if the Protocol field is "HTTP", "TCP", or "UDP". + * + * + * The association of SNIs to Certificate defined in GatewayTLSConfig is + * defined based on the Hostname field for this listener. + * + * + * The GatewayClass MUST use the longest matching SNI out of all + * available certificates for any TLS handshake. + * + * + * Support: Core + * + * @schema GatewayV1Beta1SpecListenersTls + */ +export interface GatewayV1Beta1SpecListenersTls { + /** + * CertificateRefs contains a series of references to Kubernetes objects that + * contains TLS certificates and private keys. These certificates are used to + * establish a TLS handshake for requests that match the hostname of the + * associated listener. + * + * + * A single CertificateRef to a Kubernetes Secret has "Core" support. + * Implementations MAY choose to support attaching multiple certificates to + * a Listener, but this behavior is implementation-specific. + * + * + * References to a resource in different namespace are invalid UNLESS there + * is a ReferenceGrant in the target namespace that allows the certificate + * to be attached. If a ReferenceGrant does not allow this reference, the + * "ResolvedRefs" condition MUST be set to False for this listener with the + * "RefNotPermitted" reason. + * + * + * This field is required to have at least one element when the mode is set + * to "Terminate" (default) and is optional otherwise. + * + * + * CertificateRefs can reference to standard Kubernetes resources, i.e. + * Secret, or implementation-specific custom resources. + * + * + * Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls + * + * + * Support: Implementation-specific (More than one reference or other resource types) + * + * @schema GatewayV1Beta1SpecListenersTls#certificateRefs + */ + readonly certificateRefs?: GatewayV1Beta1SpecListenersTlsCertificateRefs[]; + + /** + * FrontendValidation holds configuration information for validating the frontend (client). + * Setting this field will require clients to send a client certificate + * required for validation during the TLS handshake. In browsers this may result in a dialog appearing + * that requests a user to specify the client certificate. + * The maximum depth of a certificate chain accepted in verification is Implementation specific. + * + * + * Support: Extended + * + * + * + * + * @schema GatewayV1Beta1SpecListenersTls#frontendValidation + */ + readonly frontendValidation?: GatewayV1Beta1SpecListenersTlsFrontendValidation; + + /** + * Mode defines the TLS behavior for the TLS session initiated by the client. + * There are two possible modes: + * + * + * - Terminate: The TLS session between the downstream client and the + * Gateway is terminated at the Gateway. This mode requires certificates + * to be specified in some way, such as populating the certificateRefs + * field. + * - Passthrough: The TLS session is NOT terminated by the Gateway. This + * implies that the Gateway can't decipher the TLS stream except for + * the ClientHello message of the TLS protocol. The certificateRefs field + * is ignored in this mode. + * + * + * Support: Core + * + * @schema GatewayV1Beta1SpecListenersTls#mode + */ + readonly mode?: GatewayV1Beta1SpecListenersTlsMode; + + /** + * Options are a list of key/value pairs to enable extended TLS + * configuration for each implementation. For example, configuring the + * minimum TLS version or supported cipher suites. + * + * + * A set of common keys MAY be defined by the API in the future. To avoid + * any ambiguity, implementation-specific definitions MUST use + * domain-prefixed names, such as `example.com/my-custom-option`. + * Un-prefixed names are reserved for key names defined by Gateway API. + * + * + * Support: Implementation-specific + * + * @schema GatewayV1Beta1SpecListenersTls#options + */ + readonly options?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'GatewayV1Beta1SpecListenersTls' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GatewayV1Beta1SpecListenersTls(obj: GatewayV1Beta1SpecListenersTls | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'certificateRefs': obj.certificateRefs?.map(y => toJson_GatewayV1Beta1SpecListenersTlsCertificateRefs(y)), + 'frontendValidation': toJson_GatewayV1Beta1SpecListenersTlsFrontendValidation(obj.frontendValidation), + 'mode': obj.mode, + 'options': ((obj.options) === undefined) ? undefined : (Object.entries(obj.options).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * RouteGroupKind indicates the group and kind of a Route resource. + * + * @schema GatewayV1Beta1SpecListenersAllowedRoutesKinds + */ +export interface GatewayV1Beta1SpecListenersAllowedRoutesKinds { + /** + * Group is the group of the Route. + * + * @schema GatewayV1Beta1SpecListenersAllowedRoutesKinds#group + */ + readonly group?: string; + + /** + * Kind is the kind of the Route. + * + * @schema GatewayV1Beta1SpecListenersAllowedRoutesKinds#kind + */ + readonly kind: string; + +} + +/** + * Converts an object of type 'GatewayV1Beta1SpecListenersAllowedRoutesKinds' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GatewayV1Beta1SpecListenersAllowedRoutesKinds(obj: GatewayV1Beta1SpecListenersAllowedRoutesKinds | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'group': obj.group, + 'kind': obj.kind, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Namespaces indicates namespaces from which Routes may be attached to this + * Listener. This is restricted to the namespace of this Gateway by default. + * + * + * Support: Core + * + * @schema GatewayV1Beta1SpecListenersAllowedRoutesNamespaces + */ +export interface GatewayV1Beta1SpecListenersAllowedRoutesNamespaces { + /** + * From indicates where Routes will be selected for this Gateway. Possible + * values are: + * + * + * * All: Routes in all namespaces may be used by this Gateway. + * * Selector: Routes in namespaces selected by the selector may be used by + * this Gateway. + * * Same: Only Routes in the same namespace may be used by this Gateway. + * + * + * Support: Core + * + * @schema GatewayV1Beta1SpecListenersAllowedRoutesNamespaces#from + */ + readonly from?: GatewayV1Beta1SpecListenersAllowedRoutesNamespacesFrom; + + /** + * Selector must be specified when From is set to "Selector". In that case, + * only Routes in Namespaces matching this Selector will be selected by this + * Gateway. This field is ignored for other values of "From". + * + * + * Support: Core + * + * @schema GatewayV1Beta1SpecListenersAllowedRoutesNamespaces#selector + */ + readonly selector?: GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelector; + +} + +/** + * Converts an object of type 'GatewayV1Beta1SpecListenersAllowedRoutesNamespaces' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GatewayV1Beta1SpecListenersAllowedRoutesNamespaces(obj: GatewayV1Beta1SpecListenersAllowedRoutesNamespaces | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'from': obj.from, + 'selector': toJson_GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelector(obj.selector), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * SecretObjectReference identifies an API object including its namespace, + * defaulting to Secret. + * + * + * The API object must be valid in the cluster; the Group and Kind must + * be registered in the cluster for this reference to be valid. + * + * + * References to objects with invalid Group and Kind are not valid, and must + * be rejected by the implementation, with appropriate Conditions set + * on the containing object. + * + * @schema GatewayV1Beta1SpecListenersTlsCertificateRefs + */ +export interface GatewayV1Beta1SpecListenersTlsCertificateRefs { + /** + * Group is the group of the referent. For example, "gateway.networking.k8s.io". + * When unspecified or empty string, core API group is inferred. + * + * @schema GatewayV1Beta1SpecListenersTlsCertificateRefs#group + */ + readonly group?: string; + + /** + * Kind is kind of the referent. For example "Secret". + * + * @schema GatewayV1Beta1SpecListenersTlsCertificateRefs#kind + */ + readonly kind?: string; + + /** + * Name is the name of the referent. + * + * @schema GatewayV1Beta1SpecListenersTlsCertificateRefs#name + */ + readonly name: string; + + /** + * Namespace is the namespace of the referenced object. When unspecified, the local + * namespace is inferred. + * + * + * Note that when a namespace different than the local namespace is specified, + * a ReferenceGrant object is required in the referent namespace to allow that + * namespace's owner to accept the reference. See the ReferenceGrant + * documentation for details. + * + * + * Support: Core + * + * @schema GatewayV1Beta1SpecListenersTlsCertificateRefs#namespace + */ + readonly namespace?: string; + +} + +/** + * Converts an object of type 'GatewayV1Beta1SpecListenersTlsCertificateRefs' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GatewayV1Beta1SpecListenersTlsCertificateRefs(obj: GatewayV1Beta1SpecListenersTlsCertificateRefs | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + 'namespace': obj.namespace, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * FrontendValidation holds configuration information for validating the frontend (client). + * Setting this field will require clients to send a client certificate + * required for validation during the TLS handshake. In browsers this may result in a dialog appearing + * that requests a user to specify the client certificate. + * The maximum depth of a certificate chain accepted in verification is Implementation specific. + * + * + * Support: Extended + * + * + * + * + * @schema GatewayV1Beta1SpecListenersTlsFrontendValidation + */ +export interface GatewayV1Beta1SpecListenersTlsFrontendValidation { + /** + * CACertificateRefs contains one or more references to + * Kubernetes objects that contain TLS certificates of + * the Certificate Authorities that can be used + * as a trust anchor to validate the certificates presented by the client. + * + * + * A single CA certificate reference to a Kubernetes ConfigMap + * has "Core" support. + * Implementations MAY choose to support attaching multiple CA certificates to + * a Listener, but this behavior is implementation-specific. + * + * + * Support: Core - A single reference to a Kubernetes ConfigMap + * with the CA certificate in a key named `ca.crt`. + * + * + * Support: Implementation-specific (More than one reference, or other kinds + * of resources). + * + * + * References to a resource in a different namespace are invalid UNLESS there + * is a ReferenceGrant in the target namespace that allows the certificate + * to be attached. If a ReferenceGrant does not allow this reference, the + * "ResolvedRefs" condition MUST be set to False for this listener with the + * "RefNotPermitted" reason. + * + * @schema GatewayV1Beta1SpecListenersTlsFrontendValidation#caCertificateRefs + */ + readonly caCertificateRefs?: GatewayV1Beta1SpecListenersTlsFrontendValidationCaCertificateRefs[]; + +} + +/** + * Converts an object of type 'GatewayV1Beta1SpecListenersTlsFrontendValidation' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GatewayV1Beta1SpecListenersTlsFrontendValidation(obj: GatewayV1Beta1SpecListenersTlsFrontendValidation | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'caCertificateRefs': obj.caCertificateRefs?.map(y => toJson_GatewayV1Beta1SpecListenersTlsFrontendValidationCaCertificateRefs(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Mode defines the TLS behavior for the TLS session initiated by the client. + * There are two possible modes: + * + * + * - Terminate: The TLS session between the downstream client and the + * Gateway is terminated at the Gateway. This mode requires certificates + * to be specified in some way, such as populating the certificateRefs + * field. + * - Passthrough: The TLS session is NOT terminated by the Gateway. This + * implies that the Gateway can't decipher the TLS stream except for + * the ClientHello message of the TLS protocol. The certificateRefs field + * is ignored in this mode. + * + * + * Support: Core + * + * @schema GatewayV1Beta1SpecListenersTlsMode + */ +export enum GatewayV1Beta1SpecListenersTlsMode { + /** Terminate */ + TERMINATE = "Terminate", + /** Passthrough */ + PASSTHROUGH = "Passthrough", +} + +/** + * From indicates where Routes will be selected for this Gateway. Possible + * values are: + * + * + * * All: Routes in all namespaces may be used by this Gateway. + * * Selector: Routes in namespaces selected by the selector may be used by + * this Gateway. + * * Same: Only Routes in the same namespace may be used by this Gateway. + * + * + * Support: Core + * + * @schema GatewayV1Beta1SpecListenersAllowedRoutesNamespacesFrom + */ +export enum GatewayV1Beta1SpecListenersAllowedRoutesNamespacesFrom { + /** All */ + ALL = "All", + /** Selector */ + SELECTOR = "Selector", + /** Same */ + SAME = "Same", +} + +/** + * Selector must be specified when From is set to "Selector". In that case, + * only Routes in Namespaces matching this Selector will be selected by this + * Gateway. This field is ignored for other values of "From". + * + * + * Support: Core + * + * @schema GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelector + */ +export interface GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelector#matchExpressions + */ + readonly matchExpressions?: GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelectorMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + * map is equivalent to an element of matchExpressions, whose key field is "key", the + * operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelector(obj: GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelectorMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ObjectReference identifies an API object including its namespace. + * + * + * The API object must be valid in the cluster; the Group and Kind must + * be registered in the cluster for this reference to be valid. + * + * + * References to objects with invalid Group and Kind are not valid, and must + * be rejected by the implementation, with appropriate Conditions set + * on the containing object. + * + * @schema GatewayV1Beta1SpecListenersTlsFrontendValidationCaCertificateRefs + */ +export interface GatewayV1Beta1SpecListenersTlsFrontendValidationCaCertificateRefs { + /** + * Group is the group of the referent. For example, "gateway.networking.k8s.io". + * When unspecified or empty string, core API group is inferred. + * + * @schema GatewayV1Beta1SpecListenersTlsFrontendValidationCaCertificateRefs#group + */ + readonly group: string; + + /** + * Kind is kind of the referent. For example "ConfigMap" or "Service". + * + * @schema GatewayV1Beta1SpecListenersTlsFrontendValidationCaCertificateRefs#kind + */ + readonly kind: string; + + /** + * Name is the name of the referent. + * + * @schema GatewayV1Beta1SpecListenersTlsFrontendValidationCaCertificateRefs#name + */ + readonly name: string; + + /** + * Namespace is the namespace of the referenced object. When unspecified, the local + * namespace is inferred. + * + * + * Note that when a namespace different than the local namespace is specified, + * a ReferenceGrant object is required in the referent namespace to allow that + * namespace's owner to accept the reference. See the ReferenceGrant + * documentation for details. + * + * + * Support: Core + * + * @schema GatewayV1Beta1SpecListenersTlsFrontendValidationCaCertificateRefs#namespace + */ + readonly namespace?: string; + +} + +/** + * Converts an object of type 'GatewayV1Beta1SpecListenersTlsFrontendValidationCaCertificateRefs' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GatewayV1Beta1SpecListenersTlsFrontendValidationCaCertificateRefs(obj: GatewayV1Beta1SpecListenersTlsFrontendValidationCaCertificateRefs | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + 'namespace': obj.namespace, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that + * relates the key and values. + * + * @schema GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelectorMatchExpressions + */ +export interface GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelectorMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. + * Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelectorMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, + * the values array must be non-empty. If the operator is Exists or DoesNotExist, + * the values array must be empty. This array is replaced during a strategic + * merge patch. + * + * @schema GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelectorMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelectorMatchExpressions(obj: GatewayV1Beta1SpecListenersAllowedRoutesNamespacesSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + + +/** + * GatewayClass describes a class of Gateways available to the user for creating +Gateway resources. + + +It is recommended that this resource be used as a template for Gateways. This +means that a Gateway is based on the state of the GatewayClass at the time it +was created and changes to the GatewayClass or associated parameters are not +propagated down to existing Gateways. This recommendation is intended to +limit the blast radius of changes to GatewayClass or associated parameters. +If implementations choose to propagate GatewayClass changes to existing +Gateways, that MUST be clearly documented by the implementation. + + +Whenever one or more Gateways are using a GatewayClass, implementations SHOULD +add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the +associated GatewayClass. This ensures that a GatewayClass associated with a +Gateway is not deleted while in use. + + +GatewayClass is a Cluster level resource. + * + * @schema GatewayClass + */ +export class GatewayClass extends ApiObject { + /** + * Returns the apiVersion and kind for "GatewayClass" + */ + public static readonly GVK: GroupVersionKind = { + apiVersion: 'gateway.networking.k8s.io/v1', + kind: 'GatewayClass', + } + + /** + * Renders a Kubernetes manifest for "GatewayClass". + * + * This can be used to inline resource manifests inside other objects (e.g. as templates). + * + * @param props initialization props + */ + public static manifest(props: GatewayClassProps): any { + return { + ...GatewayClass.GVK, + ...toJson_GatewayClassProps(props), + }; + } + + /** + * Defines a "GatewayClass" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props + */ + public constructor(scope: Construct, id: string, props: GatewayClassProps) { + super(scope, id, { + ...GatewayClass.GVK, + ...props, + }); + } + + /** + * Renders the object to Kubernetes JSON. + */ + public toJson(): any { + const resolved = super.toJson(); + + return { + ...GatewayClass.GVK, + ...toJson_GatewayClassProps(resolved), + }; + } +} + +/** + * GatewayClass describes a class of Gateways available to the user for creating + * Gateway resources. + * + * + * It is recommended that this resource be used as a template for Gateways. This + * means that a Gateway is based on the state of the GatewayClass at the time it + * was created and changes to the GatewayClass or associated parameters are not + * propagated down to existing Gateways. This recommendation is intended to + * limit the blast radius of changes to GatewayClass or associated parameters. + * If implementations choose to propagate GatewayClass changes to existing + * Gateways, that MUST be clearly documented by the implementation. + * + * + * Whenever one or more Gateways are using a GatewayClass, implementations SHOULD + * add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the + * associated GatewayClass. This ensures that a GatewayClass associated with a + * Gateway is not deleted while in use. + * + * + * GatewayClass is a Cluster level resource. + * + * @schema GatewayClass + */ +export interface GatewayClassProps { + /** + * @schema GatewayClass#metadata + */ + readonly metadata?: ApiObjectMetadata; + + /** + * Spec defines the desired state of GatewayClass. + * + * @schema GatewayClass#spec + */ + readonly spec: GatewayClassSpec; + +} + +/** + * Converts an object of type 'GatewayClassProps' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GatewayClassProps(obj: GatewayClassProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': obj.metadata, + 'spec': toJson_GatewayClassSpec(obj.spec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Spec defines the desired state of GatewayClass. + * + * @schema GatewayClassSpec + */ +export interface GatewayClassSpec { + /** + * ControllerName is the name of the controller that is managing Gateways of + * this class. The value of this field MUST be a domain prefixed path. + * + * + * Example: "example.net/gateway-controller". + * + * + * This field is not mutable and cannot be empty. + * + * + * Support: Core + * + * @schema GatewayClassSpec#controllerName + */ + readonly controllerName: string; + + /** + * Description helps describe a GatewayClass with more details. + * + * @schema GatewayClassSpec#description + */ + readonly description?: string; + + /** + * ParametersRef is a reference to a resource that contains the configuration + * parameters corresponding to the GatewayClass. This is optional if the + * controller does not require any additional configuration. + * + * + * ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, + * or an implementation-specific custom resource. The resource can be + * cluster-scoped or namespace-scoped. + * + * + * If the referent cannot be found, the GatewayClass's "InvalidParameters" + * status condition will be true. + * + * + * A Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified, + * the merging behavior is implementation specific. + * It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway. + * + * + * Support: Implementation-specific + * + * @schema GatewayClassSpec#parametersRef + */ + readonly parametersRef?: GatewayClassSpecParametersRef; + +} + +/** + * Converts an object of type 'GatewayClassSpec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GatewayClassSpec(obj: GatewayClassSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'controllerName': obj.controllerName, + 'description': obj.description, + 'parametersRef': toJson_GatewayClassSpecParametersRef(obj.parametersRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ParametersRef is a reference to a resource that contains the configuration + * parameters corresponding to the GatewayClass. This is optional if the + * controller does not require any additional configuration. + * + * + * ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, + * or an implementation-specific custom resource. The resource can be + * cluster-scoped or namespace-scoped. + * + * + * If the referent cannot be found, the GatewayClass's "InvalidParameters" + * status condition will be true. + * + * + * A Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified, + * the merging behavior is implementation specific. + * It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway. + * + * + * Support: Implementation-specific + * + * @schema GatewayClassSpecParametersRef + */ +export interface GatewayClassSpecParametersRef { + /** + * Group is the group of the referent. + * + * @schema GatewayClassSpecParametersRef#group + */ + readonly group: string; + + /** + * Kind is kind of the referent. + * + * @schema GatewayClassSpecParametersRef#kind + */ + readonly kind: string; + + /** + * Name is the name of the referent. + * + * @schema GatewayClassSpecParametersRef#name + */ + readonly name: string; + + /** + * Namespace is the namespace of the referent. + * This field is required when referring to a Namespace-scoped resource and + * MUST be unset when referring to a Cluster-scoped resource. + * + * @schema GatewayClassSpecParametersRef#namespace + */ + readonly namespace?: string; + +} + +/** + * Converts an object of type 'GatewayClassSpecParametersRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GatewayClassSpecParametersRef(obj: GatewayClassSpecParametersRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + 'namespace': obj.namespace, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + + +/** + * GatewayClass describes a class of Gateways available to the user for creating +Gateway resources. + + +It is recommended that this resource be used as a template for Gateways. This +means that a Gateway is based on the state of the GatewayClass at the time it +was created and changes to the GatewayClass or associated parameters are not +propagated down to existing Gateways. This recommendation is intended to +limit the blast radius of changes to GatewayClass or associated parameters. +If implementations choose to propagate GatewayClass changes to existing +Gateways, that MUST be clearly documented by the implementation. + + +Whenever one or more Gateways are using a GatewayClass, implementations SHOULD +add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the +associated GatewayClass. This ensures that a GatewayClass associated with a +Gateway is not deleted while in use. + + +GatewayClass is a Cluster level resource. + * + * @schema GatewayClassV1Beta1 + */ +export class GatewayClassV1Beta1 extends ApiObject { + /** + * Returns the apiVersion and kind for "GatewayClassV1Beta1" + */ + public static readonly GVK: GroupVersionKind = { + apiVersion: 'gateway.networking.k8s.io/v1beta1', + kind: 'GatewayClass', + } + + /** + * Renders a Kubernetes manifest for "GatewayClassV1Beta1". + * + * This can be used to inline resource manifests inside other objects (e.g. as templates). + * + * @param props initialization props + */ + public static manifest(props: GatewayClassV1Beta1Props): any { + return { + ...GatewayClassV1Beta1.GVK, + ...toJson_GatewayClassV1Beta1Props(props), + }; + } + + /** + * Defines a "GatewayClassV1Beta1" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props + */ + public constructor(scope: Construct, id: string, props: GatewayClassV1Beta1Props) { + super(scope, id, { + ...GatewayClassV1Beta1.GVK, + ...props, + }); + } + + /** + * Renders the object to Kubernetes JSON. + */ + public toJson(): any { + const resolved = super.toJson(); + + return { + ...GatewayClassV1Beta1.GVK, + ...toJson_GatewayClassV1Beta1Props(resolved), + }; + } +} + +/** + * GatewayClass describes a class of Gateways available to the user for creating + * Gateway resources. + * + * + * It is recommended that this resource be used as a template for Gateways. This + * means that a Gateway is based on the state of the GatewayClass at the time it + * was created and changes to the GatewayClass or associated parameters are not + * propagated down to existing Gateways. This recommendation is intended to + * limit the blast radius of changes to GatewayClass or associated parameters. + * If implementations choose to propagate GatewayClass changes to existing + * Gateways, that MUST be clearly documented by the implementation. + * + * + * Whenever one or more Gateways are using a GatewayClass, implementations SHOULD + * add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the + * associated GatewayClass. This ensures that a GatewayClass associated with a + * Gateway is not deleted while in use. + * + * + * GatewayClass is a Cluster level resource. + * + * @schema GatewayClassV1Beta1 + */ +export interface GatewayClassV1Beta1Props { + /** + * @schema GatewayClassV1Beta1#metadata + */ + readonly metadata?: ApiObjectMetadata; + + /** + * Spec defines the desired state of GatewayClass. + * + * @schema GatewayClassV1Beta1#spec + */ + readonly spec: GatewayClassV1Beta1Spec; + +} + +/** + * Converts an object of type 'GatewayClassV1Beta1Props' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GatewayClassV1Beta1Props(obj: GatewayClassV1Beta1Props | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': obj.metadata, + 'spec': toJson_GatewayClassV1Beta1Spec(obj.spec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Spec defines the desired state of GatewayClass. + * + * @schema GatewayClassV1Beta1Spec + */ +export interface GatewayClassV1Beta1Spec { + /** + * ControllerName is the name of the controller that is managing Gateways of + * this class. The value of this field MUST be a domain prefixed path. + * + * + * Example: "example.net/gateway-controller". + * + * + * This field is not mutable and cannot be empty. + * + * + * Support: Core + * + * @schema GatewayClassV1Beta1Spec#controllerName + */ + readonly controllerName: string; + + /** + * Description helps describe a GatewayClass with more details. + * + * @schema GatewayClassV1Beta1Spec#description + */ + readonly description?: string; + + /** + * ParametersRef is a reference to a resource that contains the configuration + * parameters corresponding to the GatewayClass. This is optional if the + * controller does not require any additional configuration. + * + * + * ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, + * or an implementation-specific custom resource. The resource can be + * cluster-scoped or namespace-scoped. + * + * + * If the referent cannot be found, the GatewayClass's "InvalidParameters" + * status condition will be true. + * + * + * A Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified, + * the merging behavior is implementation specific. + * It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway. + * + * + * Support: Implementation-specific + * + * @schema GatewayClassV1Beta1Spec#parametersRef + */ + readonly parametersRef?: GatewayClassV1Beta1SpecParametersRef; + +} + +/** + * Converts an object of type 'GatewayClassV1Beta1Spec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GatewayClassV1Beta1Spec(obj: GatewayClassV1Beta1Spec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'controllerName': obj.controllerName, + 'description': obj.description, + 'parametersRef': toJson_GatewayClassV1Beta1SpecParametersRef(obj.parametersRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ParametersRef is a reference to a resource that contains the configuration + * parameters corresponding to the GatewayClass. This is optional if the + * controller does not require any additional configuration. + * + * + * ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, * or an implementation-specific custom resource. The resource can be * cluster-scoped or namespace-scoped. * * - * If the referent cannot be found, the GatewayClass's "InvalidParameters" - * status condition will be true. + * If the referent cannot be found, the GatewayClass's "InvalidParameters" + * status condition will be true. + * + * + * A Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified, + * the merging behavior is implementation specific. + * It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway. + * + * + * Support: Implementation-specific + * + * @schema GatewayClassV1Beta1SpecParametersRef + */ +export interface GatewayClassV1Beta1SpecParametersRef { + /** + * Group is the group of the referent. + * + * @schema GatewayClassV1Beta1SpecParametersRef#group + */ + readonly group: string; + + /** + * Kind is kind of the referent. + * + * @schema GatewayClassV1Beta1SpecParametersRef#kind + */ + readonly kind: string; + + /** + * Name is the name of the referent. + * + * @schema GatewayClassV1Beta1SpecParametersRef#name + */ + readonly name: string; + + /** + * Namespace is the namespace of the referent. + * This field is required when referring to a Namespace-scoped resource and + * MUST be unset when referring to a Cluster-scoped resource. + * + * @schema GatewayClassV1Beta1SpecParametersRef#namespace + */ + readonly namespace?: string; + +} + +/** + * Converts an object of type 'GatewayClassV1Beta1SpecParametersRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GatewayClassV1Beta1SpecParametersRef(obj: GatewayClassV1Beta1SpecParametersRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + 'namespace': obj.namespace, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + + +/** + * GRPCRoute provides a way to route gRPC requests. This includes the capability +to match requests by hostname, gRPC service, gRPC method, or HTTP/2 header. +Filters can be used to specify additional processing steps. Backends specify +where matching requests will be routed. + + +GRPCRoute falls under extended support within the Gateway API. Within the +following specification, the word "MUST" indicates that an implementation +supporting GRPCRoute must conform to the indicated requirement, but an +implementation not supporting this route type need not follow the requirement +unless explicitly indicated. + + +Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST +accept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via +ALPN. If the implementation does not support this, then it MUST set the +"Accepted" condition to "False" for the affected listener with a reason of +"UnsupportedProtocol". Implementations MAY also accept HTTP/2 connections +with an upgrade from HTTP/1. + + +Implementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST +support HTTP/2 over cleartext TCP (h2c, +https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial +upgrade from HTTP/1.1, i.e. with prior knowledge +(https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation +does not support this, then it MUST set the "Accepted" condition to "False" +for the affected listener with a reason of "UnsupportedProtocol". +Implementations MAY also accept HTTP/2 connections with an upgrade from +HTTP/1, i.e. without prior knowledge. + * + * @schema GRPCRoute + */ +export class GrpcRoute extends ApiObject { + /** + * Returns the apiVersion and kind for "GRPCRoute" + */ + public static readonly GVK: GroupVersionKind = { + apiVersion: 'gateway.networking.k8s.io/v1', + kind: 'GRPCRoute', + } + + /** + * Renders a Kubernetes manifest for "GRPCRoute". + * + * This can be used to inline resource manifests inside other objects (e.g. as templates). + * + * @param props initialization props + */ + public static manifest(props: GrpcRouteProps = {}): any { + return { + ...GrpcRoute.GVK, + ...toJson_GrpcRouteProps(props), + }; + } + + /** + * Defines a "GRPCRoute" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props + */ + public constructor(scope: Construct, id: string, props: GrpcRouteProps = {}) { + super(scope, id, { + ...GrpcRoute.GVK, + ...props, + }); + } + + /** + * Renders the object to Kubernetes JSON. + */ + public toJson(): any { + const resolved = super.toJson(); + + return { + ...GrpcRoute.GVK, + ...toJson_GrpcRouteProps(resolved), + }; + } +} + +/** + * GRPCRoute provides a way to route gRPC requests. This includes the capability + * to match requests by hostname, gRPC service, gRPC method, or HTTP/2 header. + * Filters can be used to specify additional processing steps. Backends specify + * where matching requests will be routed. + * + * + * GRPCRoute falls under extended support within the Gateway API. Within the + * following specification, the word "MUST" indicates that an implementation + * supporting GRPCRoute must conform to the indicated requirement, but an + * implementation not supporting this route type need not follow the requirement + * unless explicitly indicated. + * + * + * Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST + * accept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via + * ALPN. If the implementation does not support this, then it MUST set the + * "Accepted" condition to "False" for the affected listener with a reason of + * "UnsupportedProtocol". Implementations MAY also accept HTTP/2 connections + * with an upgrade from HTTP/1. + * + * + * Implementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST + * support HTTP/2 over cleartext TCP (h2c, + * https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial + * upgrade from HTTP/1.1, i.e. with prior knowledge + * (https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation + * does not support this, then it MUST set the "Accepted" condition to "False" + * for the affected listener with a reason of "UnsupportedProtocol". + * Implementations MAY also accept HTTP/2 connections with an upgrade from + * HTTP/1, i.e. without prior knowledge. + * + * @schema GRPCRoute + */ +export interface GrpcRouteProps { + /** + * @schema GRPCRoute#metadata + */ + readonly metadata?: ApiObjectMetadata; + + /** + * Spec defines the desired state of GRPCRoute. + * + * @schema GRPCRoute#spec + */ + readonly spec?: GrpcRouteSpec; + +} + +/** + * Converts an object of type 'GrpcRouteProps' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteProps(obj: GrpcRouteProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': obj.metadata, + 'spec': toJson_GrpcRouteSpec(obj.spec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Spec defines the desired state of GRPCRoute. + * + * @schema GrpcRouteSpec + */ +export interface GrpcRouteSpec { + /** + * Hostnames defines a set of hostnames to match against the GRPC + * Host header to select a GRPCRoute to process the request. This matches + * the RFC 1123 definition of a hostname with 2 notable exceptions: + * + * + * 1. IPs are not allowed. + * 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard + * label MUST appear by itself as the first label. + * + * + * If a hostname is specified by both the Listener and GRPCRoute, there + * MUST be at least one intersecting hostname for the GRPCRoute to be + * attached to the Listener. For example: + * + * + * * A Listener with `test.example.com` as the hostname matches GRPCRoutes + * that have either not specified any hostnames, or have specified at + * least one of `test.example.com` or `*.example.com`. + * * A Listener with `*.example.com` as the hostname matches GRPCRoutes + * that have either not specified any hostnames or have specified at least + * one hostname that matches the Listener hostname. For example, + * `test.example.com` and `*.example.com` would both match. On the other + * hand, `example.com` and `test.example.net` would not match. + * + * + * Hostnames that are prefixed with a wildcard label (`*.`) are interpreted + * as a suffix match. That means that a match for `*.example.com` would match + * both `test.example.com`, and `foo.test.example.com`, but not `example.com`. + * + * + * If both the Listener and GRPCRoute have specified hostnames, any + * GRPCRoute hostnames that do not match the Listener hostname MUST be + * ignored. For example, if a Listener specified `*.example.com`, and the + * GRPCRoute specified `test.example.com` and `test.example.net`, + * `test.example.net` MUST NOT be considered for a match. + * + * + * If both the Listener and GRPCRoute have specified hostnames, and none + * match with the criteria above, then the GRPCRoute MUST NOT be accepted by + * the implementation. The implementation MUST raise an 'Accepted' Condition + * with a status of `False` in the corresponding RouteParentStatus. + * + * + * If a Route (A) of type HTTPRoute or GRPCRoute is attached to a + * Listener and that listener already has another Route (B) of the other + * type attached and the intersection of the hostnames of A and B is + * non-empty, then the implementation MUST accept exactly one of these two + * routes, determined by the following criteria, in order: + * + * + * * The oldest Route based on creation timestamp. + * * The Route appearing first in alphabetical order by + * "{namespace}/{name}". + * + * + * The rejected Route MUST raise an 'Accepted' condition with a status of + * 'False' in the corresponding RouteParentStatus. + * + * + * Support: Core + * + * @schema GrpcRouteSpec#hostnames + */ + readonly hostnames?: string[]; + + /** + * ParentRefs references the resources (usually Gateways) that a Route wants + * to be attached to. Note that the referenced parent resource needs to + * allow this for the attachment to be complete. For Gateways, that means + * the Gateway needs to allow attachment from Routes of this kind and + * namespace. For Services, that means the Service must either be in the same + * namespace for a "producer" route, or the mesh implementation must support + * and allow "consumer" routes for the referenced Service. ReferenceGrant is + * not applicable for governing ParentRefs to Services - it is not possible to + * create a "producer" route for a Service in a different namespace from the + * Route. + * + * + * There are two kinds of parent resources with "Core" support: + * + * + * * Gateway (Gateway conformance profile) + * * Service (Mesh conformance profile, ClusterIP Services only) + * + * + * This API may be extended in the future to support additional kinds of parent + * resources. + * + * + * ParentRefs must be _distinct_. This means either that: + * + * + * * They select different objects. If this is the case, then parentRef + * entries are distinct. In terms of fields, this means that the + * multi-part key defined by `group`, `kind`, `namespace`, and `name` must + * be unique across all parentRef entries in the Route. + * * They do not select different objects, but for each optional field used, + * each ParentRef that selects the same object must set the same set of + * optional fields to different values. If one ParentRef sets a + * combination of optional fields, all must set the same combination. + * + * + * Some examples: + * + * + * * If one ParentRef sets `sectionName`, all ParentRefs referencing the + * same object must also set `sectionName`. + * * If one ParentRef sets `port`, all ParentRefs referencing the same + * object must also set `port`. + * * If one ParentRef sets `sectionName` and `port`, all ParentRefs + * referencing the same object must also set `sectionName` and `port`. + * + * + * It is possible to separately reference multiple distinct objects that may + * be collapsed by an implementation. For example, some implementations may + * choose to merge compatible Gateway Listeners together. If that is the + * case, the list of routes attached to those resources should also be + * merged. + * + * + * Note that for ParentRefs that cross namespace boundaries, there are specific + * rules. Cross-namespace references are only valid if they are explicitly + * allowed by something in the namespace they are referring to. For example, + * Gateway has the AllowedRoutes field, and ReferenceGrant provides a + * generic way to enable other kinds of cross-namespace reference. + * + * + * + * ParentRefs from a Route to a Service in the same namespace are "producer" + * routes, which apply default routing rules to inbound connections from + * any namespace to the Service. + * + * + * ParentRefs from a Route to a Service in a different namespace are + * "consumer" routes, and these routing rules are only applied to outbound + * connections originating from the same namespace as the Route, for which + * the intended destination of the connections are a Service targeted as a + * ParentRef of the Route. + * + * + * + * + * + * + * + * + * @schema GrpcRouteSpec#parentRefs + */ + readonly parentRefs?: GrpcRouteSpecParentRefs[]; + + /** + * Rules are a list of GRPC matchers, filters and actions. + * + * @schema GrpcRouteSpec#rules + */ + readonly rules?: GrpcRouteSpecRules[]; + +} + +/** + * Converts an object of type 'GrpcRouteSpec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteSpec(obj: GrpcRouteSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'hostnames': obj.hostnames?.map(y => y), + 'parentRefs': obj.parentRefs?.map(y => toJson_GrpcRouteSpecParentRefs(y)), + 'rules': obj.rules?.map(y => toJson_GrpcRouteSpecRules(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ParentReference identifies an API object (usually a Gateway) that can be considered + * a parent of this resource (usually a route). There are two kinds of parent resources + * with "Core" support: + * + * + * * Gateway (Gateway conformance profile) + * * Service (Mesh conformance profile, ClusterIP Services only) + * + * + * This API may be extended in the future to support additional kinds of parent + * resources. + * + * + * The API object must be valid in the cluster; the Group and Kind must + * be registered in the cluster for this reference to be valid. + * + * @schema GrpcRouteSpecParentRefs + */ +export interface GrpcRouteSpecParentRefs { + /** + * Group is the group of the referent. + * When unspecified, "gateway.networking.k8s.io" is inferred. + * To set the core API group (such as for a "Service" kind referent), + * Group must be explicitly set to "" (empty string). + * + * + * Support: Core + * + * @schema GrpcRouteSpecParentRefs#group + */ + readonly group?: string; + + /** + * Kind is kind of the referent. + * + * + * There are two kinds of parent resources with "Core" support: + * + * + * * Gateway (Gateway conformance profile) + * * Service (Mesh conformance profile, ClusterIP Services only) + * + * + * Support for other resources is Implementation-Specific. + * + * @schema GrpcRouteSpecParentRefs#kind + */ + readonly kind?: string; + + /** + * Name is the name of the referent. + * + * + * Support: Core + * + * @schema GrpcRouteSpecParentRefs#name + */ + readonly name: string; + + /** + * Namespace is the namespace of the referent. When unspecified, this refers + * to the local namespace of the Route. + * + * + * Note that there are specific rules for ParentRefs which cross namespace + * boundaries. Cross-namespace references are only valid if they are explicitly + * allowed by something in the namespace they are referring to. For example: + * Gateway has the AllowedRoutes field, and ReferenceGrant provides a + * generic way to enable any other kind of cross-namespace reference. + * + * + * + * ParentRefs from a Route to a Service in the same namespace are "producer" + * routes, which apply default routing rules to inbound connections from + * any namespace to the Service. + * + * + * ParentRefs from a Route to a Service in a different namespace are + * "consumer" routes, and these routing rules are only applied to outbound + * connections originating from the same namespace as the Route, for which + * the intended destination of the connections are a Service targeted as a + * ParentRef of the Route. + * + * + * + * Support: Core + * + * @schema GrpcRouteSpecParentRefs#namespace + */ + readonly namespace?: string; + + /** + * Port is the network port this Route targets. It can be interpreted + * differently based on the type of parent resource. + * + * + * When the parent resource is a Gateway, this targets all listeners + * listening on the specified port that also support this kind of Route(and + * select this Route). It's not recommended to set `Port` unless the + * networking behaviors specified in a Route must apply to a specific port + * as opposed to a listener(s) whose port(s) may be changed. When both Port + * and SectionName are specified, the name and port of the selected listener + * must match both specified values. + * + * + * + * When the parent resource is a Service, this targets a specific port in the + * Service spec. When both Port (experimental) and SectionName are specified, + * the name and port of the selected port must match both specified values. + * + * + * + * Implementations MAY choose to support other parent resources. + * Implementations supporting other types of parent resources MUST clearly + * document how/if Port is interpreted. + * + * + * For the purpose of status, an attachment is considered successful as + * long as the parent resource accepts it partially. For example, Gateway + * listeners can restrict which Routes can attach to them by Route kind, + * namespace, or hostname. If 1 of 2 Gateway listeners accept attachment + * from the referencing Route, the Route MUST be considered successfully + * attached. If no Gateway listeners accept attachment from this Route, + * the Route MUST be considered detached from the Gateway. + * + * + * Support: Extended + * + * @schema GrpcRouteSpecParentRefs#port + */ + readonly port?: number; + + /** + * SectionName is the name of a section within the target resource. In the + * following resources, SectionName is interpreted as the following: + * + * + * * Gateway: Listener name. When both Port (experimental) and SectionName + * are specified, the name and port of the selected listener must match + * both specified values. + * * Service: Port name. When both Port (experimental) and SectionName + * are specified, the name and port of the selected listener must match + * both specified values. + * + * + * Implementations MAY choose to support attaching Routes to other resources. + * If that is the case, they MUST clearly document how SectionName is + * interpreted. + * + * + * When unspecified (empty string), this will reference the entire resource. + * For the purpose of status, an attachment is considered successful if at + * least one section in the parent resource accepts it. For example, Gateway + * listeners can restrict which Routes can attach to them by Route kind, + * namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from + * the referencing Route, the Route MUST be considered successfully + * attached. If no Gateway listeners accept attachment from this Route, the + * Route MUST be considered detached from the Gateway. + * + * + * Support: Core + * + * @schema GrpcRouteSpecParentRefs#sectionName + */ + readonly sectionName?: string; + +} + +/** + * Converts an object of type 'GrpcRouteSpecParentRefs' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteSpecParentRefs(obj: GrpcRouteSpecParentRefs | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + 'namespace': obj.namespace, + 'port': obj.port, + 'sectionName': obj.sectionName, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * GRPCRouteRule defines the semantics for matching a gRPC request based on + * conditions (matches), processing it (filters), and forwarding the request to + * an API object (backendRefs). + * + * @schema GrpcRouteSpecRules + */ +export interface GrpcRouteSpecRules { + /** + * BackendRefs defines the backend(s) where matching requests should be + * sent. + * + * + * Failure behavior here depends on how many BackendRefs are specified and + * how many are invalid. + * + * + * If *all* entries in BackendRefs are invalid, and there are also no filters + * specified in this route rule, *all* traffic which matches this rule MUST + * receive an `UNAVAILABLE` status. + * + * + * See the GRPCBackendRef definition for the rules about what makes a single + * GRPCBackendRef invalid. + * + * + * When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for + * requests that would have otherwise been routed to an invalid backend. If + * multiple backends are specified, and some are invalid, the proportion of + * requests that would otherwise have been routed to an invalid backend + * MUST receive an `UNAVAILABLE` status. + * + * + * For example, if two backends are specified with equal weights, and one is + * invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. + * Implementations may choose how that 50 percent is determined. + * + * + * Support: Core for Kubernetes Service + * + * + * Support: Implementation-specific for any other resource + * + * + * Support for weight: Core + * + * @schema GrpcRouteSpecRules#backendRefs + */ + readonly backendRefs?: GrpcRouteSpecRulesBackendRefs[]; + + /** + * Filters define the filters that are applied to requests that match + * this rule. + * + * + * The effects of ordering of multiple behaviors are currently unspecified. + * This can change in the future based on feedback during the alpha stage. + * + * + * Conformance-levels at this level are defined based on the type of filter: + * + * + * - ALL core filters MUST be supported by all implementations that support + * GRPCRoute. + * - Implementers are encouraged to support extended filters. + * - Implementation-specific custom filters have no API guarantees across + * implementations. + * + * + * Specifying the same filter multiple times is not supported unless explicitly + * indicated in the filter. + * + * + * If an implementation can not support a combination of filters, it must clearly + * document that limitation. In cases where incompatible or unsupported + * filters are specified and cause the `Accepted` condition to be set to status + * `False`, implementations may use the `IncompatibleFilters` reason to specify + * this configuration error. + * + * + * Support: Core + * + * @schema GrpcRouteSpecRules#filters + */ + readonly filters?: GrpcRouteSpecRulesFilters[]; + + /** + * Matches define conditions used for matching the rule against incoming + * gRPC requests. Each match is independent, i.e. this rule will be matched + * if **any** one of the matches is satisfied. + * + * + * For example, take the following matches configuration: + * + * + * ``` + * matches: + * - method: + * service: foo.bar + * headers: + * values: + * version: 2 + * - method: + * service: foo.bar.v2 + * ``` + * + * + * For a request to match against this rule, it MUST satisfy + * EITHER of the two conditions: + * + * + * - service of foo.bar AND contains the header `version: 2` + * - service of foo.bar.v2 + * + * + * See the documentation for GRPCRouteMatch on how to specify multiple + * match conditions to be ANDed together. + * + * + * If no matches are specified, the implementation MUST match every gRPC request. + * + * + * Proxy or Load Balancer routing configuration generated from GRPCRoutes + * MUST prioritize rules based on the following criteria, continuing on + * ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. + * Precedence MUST be given to the rule with the largest number of: + * + * + * * Characters in a matching non-wildcard hostname. + * * Characters in a matching hostname. + * * Characters in a matching service. + * * Characters in a matching method. + * * Header matches. + * + * + * If ties still exist across multiple Routes, matching precedence MUST be + * determined in order of the following criteria, continuing on ties: + * + * + * * The oldest Route based on creation timestamp. + * * The Route appearing first in alphabetical order by + * "{namespace}/{name}". + * + * + * If ties still exist within the Route that has been given precedence, + * matching precedence MUST be granted to the first matching rule meeting + * the above criteria. + * + * @schema GrpcRouteSpecRules#matches + */ + readonly matches?: GrpcRouteSpecRulesMatches[]; + + /** + * SessionPersistence defines and configures session persistence + * for the route rule. + * + * + * Support: Extended + * + * + * + * + * @schema GrpcRouteSpecRules#sessionPersistence + */ + readonly sessionPersistence?: GrpcRouteSpecRulesSessionPersistence; + +} + +/** + * Converts an object of type 'GrpcRouteSpecRules' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteSpecRules(obj: GrpcRouteSpecRules | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'backendRefs': obj.backendRefs?.map(y => toJson_GrpcRouteSpecRulesBackendRefs(y)), + 'filters': obj.filters?.map(y => toJson_GrpcRouteSpecRulesFilters(y)), + 'matches': obj.matches?.map(y => toJson_GrpcRouteSpecRulesMatches(y)), + 'sessionPersistence': toJson_GrpcRouteSpecRulesSessionPersistence(obj.sessionPersistence), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * GRPCBackendRef defines how a GRPCRoute forwards a gRPC request. + * + * + * Note that when a namespace different than the local namespace is specified, a + * ReferenceGrant object is required in the referent namespace to allow that + * namespace's owner to accept the reference. See the ReferenceGrant + * documentation for details. + * + * + * + * + * + * When the BackendRef points to a Kubernetes Service, implementations SHOULD + * honor the appProtocol field if it is set for the target Service Port. + * + * + * Implementations supporting appProtocol SHOULD recognize the Kubernetes + * Standard Application Protocols defined in KEP-3726. + * + * + * If a Service appProtocol isn't specified, an implementation MAY infer the + * backend protocol through its own means. Implementations MAY infer the + * protocol from the Route type referring to the backend Service. + * + * + * If a Route is not able to send traffic to the backend using the specified + * protocol then the backend is considered invalid. Implementations MUST set the + * "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason. + * + * + * + * + * @schema GrpcRouteSpecRulesBackendRefs + */ +export interface GrpcRouteSpecRulesBackendRefs { + /** + * Filters defined at this level MUST be executed if and only if the + * request is being forwarded to the backend defined here. + * + * + * Support: Implementation-specific (For broader support of filters, use the + * Filters field in GRPCRouteRule.) + * + * @schema GrpcRouteSpecRulesBackendRefs#filters + */ + readonly filters?: GrpcRouteSpecRulesBackendRefsFilters[]; + + /** + * Group is the group of the referent. For example, "gateway.networking.k8s.io". + * When unspecified or empty string, core API group is inferred. + * + * @schema GrpcRouteSpecRulesBackendRefs#group + */ + readonly group?: string; + + /** + * Kind is the Kubernetes resource kind of the referent. For example + * "Service". + * + * + * Defaults to "Service" when not specified. + * + * + * ExternalName services can refer to CNAME DNS records that may live + * outside of the cluster and as such are difficult to reason about in + * terms of conformance. They also may not be safe to forward to (see + * CVE-2021-25740 for more information). Implementations SHOULD NOT + * support ExternalName Services. + * + * + * Support: Core (Services with a type other than ExternalName) + * + * + * Support: Implementation-specific (Services with type ExternalName) + * + * @default Service" when not specified. + * @schema GrpcRouteSpecRulesBackendRefs#kind + */ + readonly kind?: string; + + /** + * Name is the name of the referent. + * + * @schema GrpcRouteSpecRulesBackendRefs#name + */ + readonly name: string; + + /** + * Namespace is the namespace of the backend. When unspecified, the local + * namespace is inferred. + * + * + * Note that when a namespace different than the local namespace is specified, + * a ReferenceGrant object is required in the referent namespace to allow that + * namespace's owner to accept the reference. See the ReferenceGrant + * documentation for details. + * + * + * Support: Core + * + * @schema GrpcRouteSpecRulesBackendRefs#namespace + */ + readonly namespace?: string; + + /** + * Port specifies the destination port number to use for this resource. + * Port is required when the referent is a Kubernetes Service. In this + * case, the port number is the service port number, not the target port. + * For other resources, destination port might be derived from the referent + * resource or this field. + * + * @schema GrpcRouteSpecRulesBackendRefs#port + */ + readonly port?: number; + + /** + * Weight specifies the proportion of requests forwarded to the referenced + * backend. This is computed as weight/(sum of all weights in this + * BackendRefs list). For non-zero values, there may be some epsilon from + * the exact proportion defined here depending on the precision an + * implementation supports. Weight is not a percentage and the sum of + * weights does not need to equal 100. + * + * + * If only one backend is specified and it has a weight greater than 0, 100% + * of the traffic is forwarded to that backend. If weight is set to 0, no + * traffic should be forwarded for this entry. If unspecified, weight + * defaults to 1. + * + * + * Support for this field varies based on the context where used. + * + * @schema GrpcRouteSpecRulesBackendRefs#weight + */ + readonly weight?: number; + +} + +/** + * Converts an object of type 'GrpcRouteSpecRulesBackendRefs' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteSpecRulesBackendRefs(obj: GrpcRouteSpecRulesBackendRefs | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'filters': obj.filters?.map(y => toJson_GrpcRouteSpecRulesBackendRefsFilters(y)), + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + 'namespace': obj.namespace, + 'port': obj.port, + 'weight': obj.weight, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * GRPCRouteFilter defines processing steps that must be completed during the + * request or response lifecycle. GRPCRouteFilters are meant as an extension + * point to express processing that may be done in Gateway implementations. Some + * examples include request or response modification, implementing + * authentication strategies, rate-limiting, and traffic shaping. API + * guarantee/conformance is defined based on the type of the filter. + * + * @schema GrpcRouteSpecRulesFilters + */ +export interface GrpcRouteSpecRulesFilters { + /** + * ExtensionRef is an optional, implementation-specific extension to the + * "filter" behavior. For example, resource "myroutefilter" in group + * "networking.example.net"). ExtensionRef MUST NOT be used for core and + * extended filters. + * + * + * Support: Implementation-specific + * + * + * This filter can be used multiple times within the same rule. + * + * @schema GrpcRouteSpecRulesFilters#extensionRef + */ + readonly extensionRef?: GrpcRouteSpecRulesFiltersExtensionRef; + + /** + * RequestHeaderModifier defines a schema for a filter that modifies request + * headers. + * + * + * Support: Core + * + * @schema GrpcRouteSpecRulesFilters#requestHeaderModifier + */ + readonly requestHeaderModifier?: GrpcRouteSpecRulesFiltersRequestHeaderModifier; + + /** + * RequestMirror defines a schema for a filter that mirrors requests. + * Requests are sent to the specified destination, but responses from + * that destination are ignored. + * + * + * This filter can be used multiple times within the same rule. Note that + * not all implementations will be able to support mirroring to multiple + * backends. + * + * + * Support: Extended + * + * @schema GrpcRouteSpecRulesFilters#requestMirror + */ + readonly requestMirror?: GrpcRouteSpecRulesFiltersRequestMirror; + + /** + * ResponseHeaderModifier defines a schema for a filter that modifies response + * headers. + * + * + * Support: Extended + * + * @schema GrpcRouteSpecRulesFilters#responseHeaderModifier + */ + readonly responseHeaderModifier?: GrpcRouteSpecRulesFiltersResponseHeaderModifier; + + /** + * Type identifies the type of filter to apply. As with other API fields, + * types are classified into three conformance levels: + * + * + * - Core: Filter types and their corresponding configuration defined by + * "Support: Core" in this package, e.g. "RequestHeaderModifier". All + * implementations supporting GRPCRoute MUST support core filters. + * + * + * - Extended: Filter types and their corresponding configuration defined by + * "Support: Extended" in this package, e.g. "RequestMirror". Implementers + * are encouraged to support extended filters. + * + * + * - Implementation-specific: Filters that are defined and supported by specific vendors. + * In the future, filters showing convergence in behavior across multiple + * implementations will be considered for inclusion in extended or core + * conformance levels. Filter-specific configuration for such filters + * is specified using the ExtensionRef field. `Type` MUST be set to + * "ExtensionRef" for custom filters. + * + * + * Implementers are encouraged to define custom implementation types to + * extend the core API with implementation-specific behavior. + * + * + * If a reference to a custom filter type cannot be resolved, the filter + * MUST NOT be skipped. Instead, requests that would have been processed by + * that filter MUST receive a HTTP error response. + * + * + * + * + * @schema GrpcRouteSpecRulesFilters#type + */ + readonly type: GrpcRouteSpecRulesFiltersType; + +} + +/** + * Converts an object of type 'GrpcRouteSpecRulesFilters' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteSpecRulesFilters(obj: GrpcRouteSpecRulesFilters | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'extensionRef': toJson_GrpcRouteSpecRulesFiltersExtensionRef(obj.extensionRef), + 'requestHeaderModifier': toJson_GrpcRouteSpecRulesFiltersRequestHeaderModifier(obj.requestHeaderModifier), + 'requestMirror': toJson_GrpcRouteSpecRulesFiltersRequestMirror(obj.requestMirror), + 'responseHeaderModifier': toJson_GrpcRouteSpecRulesFiltersResponseHeaderModifier(obj.responseHeaderModifier), + 'type': obj.type, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * GRPCRouteMatch defines the predicate used to match requests to a given + * action. Multiple match types are ANDed together, i.e. the match will + * evaluate to true only if all conditions are satisfied. + * + * + * For example, the match below will match a gRPC request only if its service + * is `foo` AND it contains the `version: v1` header: + * + * + * ``` + * matches: + * - method: + * type: Exact + * service: "foo" + * headers: + * - name: "version" + * value "v1" + * + * + * ``` + * + * @schema GrpcRouteSpecRulesMatches + */ +export interface GrpcRouteSpecRulesMatches { + /** + * Headers specifies gRPC request header matchers. Multiple match values are + * ANDed together, meaning, a request MUST match all the specified headers + * to select the route. + * + * @schema GrpcRouteSpecRulesMatches#headers + */ + readonly headers?: GrpcRouteSpecRulesMatchesHeaders[]; + + /** + * Method specifies a gRPC request service/method matcher. If this field is + * not specified, all services and methods will match. + * + * @schema GrpcRouteSpecRulesMatches#method + */ + readonly method?: GrpcRouteSpecRulesMatchesMethod; + +} + +/** + * Converts an object of type 'GrpcRouteSpecRulesMatches' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteSpecRulesMatches(obj: GrpcRouteSpecRulesMatches | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'headers': obj.headers?.map(y => toJson_GrpcRouteSpecRulesMatchesHeaders(y)), + 'method': toJson_GrpcRouteSpecRulesMatchesMethod(obj.method), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * SessionPersistence defines and configures session persistence + * for the route rule. + * + * + * Support: Extended + * + * + * + * + * @schema GrpcRouteSpecRulesSessionPersistence + */ +export interface GrpcRouteSpecRulesSessionPersistence { + /** + * AbsoluteTimeout defines the absolute timeout of the persistent + * session. Once the AbsoluteTimeout duration has elapsed, the + * session becomes invalid. + * + * + * Support: Extended + * + * @schema GrpcRouteSpecRulesSessionPersistence#absoluteTimeout + */ + readonly absoluteTimeout?: string; + + /** + * CookieConfig provides configuration settings that are specific + * to cookie-based session persistence. + * + * + * Support: Core + * + * @schema GrpcRouteSpecRulesSessionPersistence#cookieConfig + */ + readonly cookieConfig?: GrpcRouteSpecRulesSessionPersistenceCookieConfig; + + /** + * IdleTimeout defines the idle timeout of the persistent session. + * Once the session has been idle for more than the specified + * IdleTimeout duration, the session becomes invalid. + * + * + * Support: Extended + * + * @schema GrpcRouteSpecRulesSessionPersistence#idleTimeout + */ + readonly idleTimeout?: string; + + /** + * SessionName defines the name of the persistent session token + * which may be reflected in the cookie or the header. Users + * should avoid reusing session names to prevent unintended + * consequences, such as rejection or unpredictable behavior. + * + * + * Support: Implementation-specific + * + * @schema GrpcRouteSpecRulesSessionPersistence#sessionName + */ + readonly sessionName?: string; + + /** + * Type defines the type of session persistence such as through + * the use a header or cookie. Defaults to cookie based session + * persistence. + * + * + * Support: Core for "Cookie" type + * + * + * Support: Extended for "Header" type + * + * @default cookie based session + * @schema GrpcRouteSpecRulesSessionPersistence#type + */ + readonly type?: GrpcRouteSpecRulesSessionPersistenceType; + +} + +/** + * Converts an object of type 'GrpcRouteSpecRulesSessionPersistence' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteSpecRulesSessionPersistence(obj: GrpcRouteSpecRulesSessionPersistence | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'absoluteTimeout': obj.absoluteTimeout, + 'cookieConfig': toJson_GrpcRouteSpecRulesSessionPersistenceCookieConfig(obj.cookieConfig), + 'idleTimeout': obj.idleTimeout, + 'sessionName': obj.sessionName, + 'type': obj.type, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * GRPCRouteFilter defines processing steps that must be completed during the + * request or response lifecycle. GRPCRouteFilters are meant as an extension + * point to express processing that may be done in Gateway implementations. Some + * examples include request or response modification, implementing + * authentication strategies, rate-limiting, and traffic shaping. API + * guarantee/conformance is defined based on the type of the filter. + * + * @schema GrpcRouteSpecRulesBackendRefsFilters + */ +export interface GrpcRouteSpecRulesBackendRefsFilters { + /** + * ExtensionRef is an optional, implementation-specific extension to the + * "filter" behavior. For example, resource "myroutefilter" in group + * "networking.example.net"). ExtensionRef MUST NOT be used for core and + * extended filters. + * + * + * Support: Implementation-specific + * + * + * This filter can be used multiple times within the same rule. + * + * @schema GrpcRouteSpecRulesBackendRefsFilters#extensionRef + */ + readonly extensionRef?: GrpcRouteSpecRulesBackendRefsFiltersExtensionRef; + + /** + * RequestHeaderModifier defines a schema for a filter that modifies request + * headers. + * + * + * Support: Core + * + * @schema GrpcRouteSpecRulesBackendRefsFilters#requestHeaderModifier + */ + readonly requestHeaderModifier?: GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifier; + + /** + * RequestMirror defines a schema for a filter that mirrors requests. + * Requests are sent to the specified destination, but responses from + * that destination are ignored. + * + * + * This filter can be used multiple times within the same rule. Note that + * not all implementations will be able to support mirroring to multiple + * backends. + * + * + * Support: Extended + * + * @schema GrpcRouteSpecRulesBackendRefsFilters#requestMirror + */ + readonly requestMirror?: GrpcRouteSpecRulesBackendRefsFiltersRequestMirror; + + /** + * ResponseHeaderModifier defines a schema for a filter that modifies response + * headers. + * + * + * Support: Extended + * + * @schema GrpcRouteSpecRulesBackendRefsFilters#responseHeaderModifier + */ + readonly responseHeaderModifier?: GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifier; + + /** + * Type identifies the type of filter to apply. As with other API fields, + * types are classified into three conformance levels: + * + * + * - Core: Filter types and their corresponding configuration defined by + * "Support: Core" in this package, e.g. "RequestHeaderModifier". All + * implementations supporting GRPCRoute MUST support core filters. + * + * + * - Extended: Filter types and their corresponding configuration defined by + * "Support: Extended" in this package, e.g. "RequestMirror". Implementers + * are encouraged to support extended filters. + * + * + * - Implementation-specific: Filters that are defined and supported by specific vendors. + * In the future, filters showing convergence in behavior across multiple + * implementations will be considered for inclusion in extended or core + * conformance levels. Filter-specific configuration for such filters + * is specified using the ExtensionRef field. `Type` MUST be set to + * "ExtensionRef" for custom filters. + * + * + * Implementers are encouraged to define custom implementation types to + * extend the core API with implementation-specific behavior. + * + * + * If a reference to a custom filter type cannot be resolved, the filter + * MUST NOT be skipped. Instead, requests that would have been processed by + * that filter MUST receive a HTTP error response. + * + * + * + * + * @schema GrpcRouteSpecRulesBackendRefsFilters#type + */ + readonly type: GrpcRouteSpecRulesBackendRefsFiltersType; + +} + +/** + * Converts an object of type 'GrpcRouteSpecRulesBackendRefsFilters' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteSpecRulesBackendRefsFilters(obj: GrpcRouteSpecRulesBackendRefsFilters | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'extensionRef': toJson_GrpcRouteSpecRulesBackendRefsFiltersExtensionRef(obj.extensionRef), + 'requestHeaderModifier': toJson_GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifier(obj.requestHeaderModifier), + 'requestMirror': toJson_GrpcRouteSpecRulesBackendRefsFiltersRequestMirror(obj.requestMirror), + 'responseHeaderModifier': toJson_GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifier(obj.responseHeaderModifier), + 'type': obj.type, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ExtensionRef is an optional, implementation-specific extension to the + * "filter" behavior. For example, resource "myroutefilter" in group + * "networking.example.net"). ExtensionRef MUST NOT be used for core and + * extended filters. + * + * + * Support: Implementation-specific + * + * + * This filter can be used multiple times within the same rule. + * + * @schema GrpcRouteSpecRulesFiltersExtensionRef + */ +export interface GrpcRouteSpecRulesFiltersExtensionRef { + /** + * Group is the group of the referent. For example, "gateway.networking.k8s.io". + * When unspecified or empty string, core API group is inferred. + * + * @schema GrpcRouteSpecRulesFiltersExtensionRef#group + */ + readonly group: string; + + /** + * Kind is kind of the referent. For example "HTTPRoute" or "Service". + * + * @schema GrpcRouteSpecRulesFiltersExtensionRef#kind + */ + readonly kind: string; + + /** + * Name is the name of the referent. + * + * @schema GrpcRouteSpecRulesFiltersExtensionRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'GrpcRouteSpecRulesFiltersExtensionRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteSpecRulesFiltersExtensionRef(obj: GrpcRouteSpecRulesFiltersExtensionRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * RequestHeaderModifier defines a schema for a filter that modifies request + * headers. + * + * + * Support: Core + * + * @schema GrpcRouteSpecRulesFiltersRequestHeaderModifier + */ +export interface GrpcRouteSpecRulesFiltersRequestHeaderModifier { + /** + * Add adds the given header(s) (name, value) to the request + * before the action. It appends to any existing values associated + * with the header name. + * + * + * Input: + * GET /foo HTTP/1.1 + * my-header: foo + * + * + * Config: + * add: + * - name: "my-header" + * value: "bar,baz" + * + * + * Output: + * GET /foo HTTP/1.1 + * my-header: foo,bar,baz + * + * @schema GrpcRouteSpecRulesFiltersRequestHeaderModifier#add + */ + readonly add?: GrpcRouteSpecRulesFiltersRequestHeaderModifierAdd[]; + + /** + * Remove the given header(s) from the HTTP request before the action. The + * value of Remove is a list of HTTP header names. Note that the header + * names are case-insensitive (see + * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + * + * + * Input: + * GET /foo HTTP/1.1 + * my-header1: foo + * my-header2: bar + * my-header3: baz + * + * + * Config: + * remove: ["my-header1", "my-header3"] + * + * + * Output: + * GET /foo HTTP/1.1 + * my-header2: bar + * + * @schema GrpcRouteSpecRulesFiltersRequestHeaderModifier#remove + */ + readonly remove?: string[]; + + /** + * Set overwrites the request with the given header (name, value) + * before the action. + * + * + * Input: + * GET /foo HTTP/1.1 + * my-header: foo + * + * + * Config: + * set: + * - name: "my-header" + * value: "bar" + * + * + * Output: + * GET /foo HTTP/1.1 + * my-header: bar + * + * @schema GrpcRouteSpecRulesFiltersRequestHeaderModifier#set + */ + readonly set?: GrpcRouteSpecRulesFiltersRequestHeaderModifierSet[]; + +} + +/** + * Converts an object of type 'GrpcRouteSpecRulesFiltersRequestHeaderModifier' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteSpecRulesFiltersRequestHeaderModifier(obj: GrpcRouteSpecRulesFiltersRequestHeaderModifier | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'add': obj.add?.map(y => toJson_GrpcRouteSpecRulesFiltersRequestHeaderModifierAdd(y)), + 'remove': obj.remove?.map(y => y), + 'set': obj.set?.map(y => toJson_GrpcRouteSpecRulesFiltersRequestHeaderModifierSet(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * RequestMirror defines a schema for a filter that mirrors requests. + * Requests are sent to the specified destination, but responses from + * that destination are ignored. + * + * + * This filter can be used multiple times within the same rule. Note that + * not all implementations will be able to support mirroring to multiple + * backends. + * + * + * Support: Extended + * + * @schema GrpcRouteSpecRulesFiltersRequestMirror + */ +export interface GrpcRouteSpecRulesFiltersRequestMirror { + /** + * BackendRef references a resource where mirrored requests are sent. + * + * + * Mirrored requests must be sent only to a single destination endpoint + * within this BackendRef, irrespective of how many endpoints are present + * within this BackendRef. + * + * + * If the referent cannot be found, this BackendRef is invalid and must be + * dropped from the Gateway. The controller must ensure the "ResolvedRefs" + * condition on the Route status is set to `status: False` and not configure + * this backend in the underlying implementation. + * + * + * If there is a cross-namespace reference to an *existing* object + * that is not allowed by a ReferenceGrant, the controller must ensure the + * "ResolvedRefs" condition on the Route is set to `status: False`, + * with the "RefNotPermitted" reason and not configure this backend in the + * underlying implementation. + * + * + * In either error case, the Message of the `ResolvedRefs` Condition + * should be used to provide more detail about the problem. + * + * + * Support: Extended for Kubernetes Service + * + * + * Support: Implementation-specific for any other resource + * + * @schema GrpcRouteSpecRulesFiltersRequestMirror#backendRef + */ + readonly backendRef: GrpcRouteSpecRulesFiltersRequestMirrorBackendRef; + +} + +/** + * Converts an object of type 'GrpcRouteSpecRulesFiltersRequestMirror' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteSpecRulesFiltersRequestMirror(obj: GrpcRouteSpecRulesFiltersRequestMirror | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'backendRef': toJson_GrpcRouteSpecRulesFiltersRequestMirrorBackendRef(obj.backendRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ResponseHeaderModifier defines a schema for a filter that modifies response + * headers. + * + * + * Support: Extended + * + * @schema GrpcRouteSpecRulesFiltersResponseHeaderModifier + */ +export interface GrpcRouteSpecRulesFiltersResponseHeaderModifier { + /** + * Add adds the given header(s) (name, value) to the request + * before the action. It appends to any existing values associated + * with the header name. + * + * + * Input: + * GET /foo HTTP/1.1 + * my-header: foo + * + * + * Config: + * add: + * - name: "my-header" + * value: "bar,baz" + * + * + * Output: + * GET /foo HTTP/1.1 + * my-header: foo,bar,baz + * + * @schema GrpcRouteSpecRulesFiltersResponseHeaderModifier#add + */ + readonly add?: GrpcRouteSpecRulesFiltersResponseHeaderModifierAdd[]; + + /** + * Remove the given header(s) from the HTTP request before the action. The + * value of Remove is a list of HTTP header names. Note that the header + * names are case-insensitive (see + * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + * + * + * Input: + * GET /foo HTTP/1.1 + * my-header1: foo + * my-header2: bar + * my-header3: baz + * + * + * Config: + * remove: ["my-header1", "my-header3"] + * + * + * Output: + * GET /foo HTTP/1.1 + * my-header2: bar + * + * @schema GrpcRouteSpecRulesFiltersResponseHeaderModifier#remove + */ + readonly remove?: string[]; + + /** + * Set overwrites the request with the given header (name, value) + * before the action. + * + * + * Input: + * GET /foo HTTP/1.1 + * my-header: foo + * + * + * Config: + * set: + * - name: "my-header" + * value: "bar" + * + * + * Output: + * GET /foo HTTP/1.1 + * my-header: bar + * + * @schema GrpcRouteSpecRulesFiltersResponseHeaderModifier#set + */ + readonly set?: GrpcRouteSpecRulesFiltersResponseHeaderModifierSet[]; + +} + +/** + * Converts an object of type 'GrpcRouteSpecRulesFiltersResponseHeaderModifier' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteSpecRulesFiltersResponseHeaderModifier(obj: GrpcRouteSpecRulesFiltersResponseHeaderModifier | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'add': obj.add?.map(y => toJson_GrpcRouteSpecRulesFiltersResponseHeaderModifierAdd(y)), + 'remove': obj.remove?.map(y => y), + 'set': obj.set?.map(y => toJson_GrpcRouteSpecRulesFiltersResponseHeaderModifierSet(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Type identifies the type of filter to apply. As with other API fields, + * types are classified into three conformance levels: + * + * + * - Core: Filter types and their corresponding configuration defined by + * "Support: Core" in this package, e.g. "RequestHeaderModifier". All + * implementations supporting GRPCRoute MUST support core filters. + * + * + * - Extended: Filter types and their corresponding configuration defined by + * "Support: Extended" in this package, e.g. "RequestMirror". Implementers + * are encouraged to support extended filters. + * + * + * - Implementation-specific: Filters that are defined and supported by specific vendors. + * In the future, filters showing convergence in behavior across multiple + * implementations will be considered for inclusion in extended or core + * conformance levels. Filter-specific configuration for such filters + * is specified using the ExtensionRef field. `Type` MUST be set to + * "ExtensionRef" for custom filters. + * + * + * Implementers are encouraged to define custom implementation types to + * extend the core API with implementation-specific behavior. + * + * + * If a reference to a custom filter type cannot be resolved, the filter + * MUST NOT be skipped. Instead, requests that would have been processed by + * that filter MUST receive a HTTP error response. * * - * A Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified, - * the merging behavior is implementation specific. - * It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway. * * - * Support: Implementation-specific + * @schema GrpcRouteSpecRulesFiltersType + */ +export enum GrpcRouteSpecRulesFiltersType { + /** ResponseHeaderModifier */ + RESPONSE_HEADER_MODIFIER = "ResponseHeaderModifier", + /** RequestHeaderModifier */ + REQUEST_HEADER_MODIFIER = "RequestHeaderModifier", + /** RequestMirror */ + REQUEST_MIRROR = "RequestMirror", + /** ExtensionRef */ + EXTENSION_REF = "ExtensionRef", +} + +/** + * GRPCHeaderMatch describes how to select a gRPC route by matching gRPC request + * headers. * - * @schema GatewayClassSpecParametersRef + * @schema GrpcRouteSpecRulesMatchesHeaders */ -export interface GatewayClassSpecParametersRef { +export interface GrpcRouteSpecRulesMatchesHeaders { /** - * Group is the group of the referent. + * Name is the name of the gRPC Header to be matched. * - * @schema GatewayClassSpecParametersRef#group - */ - readonly group: string; - - /** - * Kind is kind of the referent. * - * @schema GatewayClassSpecParametersRef#kind + * If multiple entries specify equivalent header names, only the first + * entry with an equivalent name MUST be considered for a match. Subsequent + * entries with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. + * + * @schema GrpcRouteSpecRulesMatchesHeaders#name */ - readonly kind: string; + readonly name: string; /** - * Name is the name of the referent. + * Type specifies how to match against the value of the header. * - * @schema GatewayClassSpecParametersRef#name + * @schema GrpcRouteSpecRulesMatchesHeaders#type */ - readonly name: string; + readonly type?: GrpcRouteSpecRulesMatchesHeadersType; /** - * Namespace is the namespace of the referent. - * This field is required when referring to a Namespace-scoped resource and - * MUST be unset when referring to a Cluster-scoped resource. + * Value is the value of the gRPC Header to be matched. * - * @schema GatewayClassSpecParametersRef#namespace + * @schema GrpcRouteSpecRulesMatchesHeaders#value */ - readonly namespace?: string; + readonly value: string; } /** - * Converts an object of type 'GatewayClassSpecParametersRef' to JSON representation. + * Converts an object of type 'GrpcRouteSpecRulesMatchesHeaders' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GatewayClassSpecParametersRef(obj: GatewayClassSpecParametersRef | undefined): Record | undefined { +export function toJson_GrpcRouteSpecRulesMatchesHeaders(obj: GrpcRouteSpecRulesMatchesHeaders | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'group': obj.group, - 'kind': obj.kind, 'name': obj.name, - 'namespace': obj.namespace, + 'type': obj.type, + 'value': obj.value, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ - /** - * GatewayClass describes a class of Gateways available to the user for creating -Gateway resources. - - -It is recommended that this resource be used as a template for Gateways. This -means that a Gateway is based on the state of the GatewayClass at the time it -was created and changes to the GatewayClass or associated parameters are not -propagated down to existing Gateways. This recommendation is intended to -limit the blast radius of changes to GatewayClass or associated parameters. -If implementations choose to propagate GatewayClass changes to existing -Gateways, that MUST be clearly documented by the implementation. - - -Whenever one or more Gateways are using a GatewayClass, implementations SHOULD -add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the -associated GatewayClass. This ensures that a GatewayClass associated with a -Gateway is not deleted while in use. - - -GatewayClass is a Cluster level resource. + * Method specifies a gRPC request service/method matcher. If this field is + * not specified, all services and methods will match. * - * @schema GatewayClassV1Beta1 + * @schema GrpcRouteSpecRulesMatchesMethod */ -export class GatewayClassV1Beta1 extends ApiObject { - /** - * Returns the apiVersion and kind for "GatewayClassV1Beta1" - */ - public static readonly GVK: GroupVersionKind = { - apiVersion: 'gateway.networking.k8s.io/v1beta1', - kind: 'GatewayClass', - } - +export interface GrpcRouteSpecRulesMatchesMethod { /** - * Renders a Kubernetes manifest for "GatewayClassV1Beta1". + * Value of the method to match against. If left empty or omitted, will + * match all services. * - * This can be used to inline resource manifests inside other objects (e.g. as templates). * - * @param props initialization props - */ - public static manifest(props: GatewayClassV1Beta1Props): any { - return { - ...GatewayClassV1Beta1.GVK, - ...toJson_GatewayClassV1Beta1Props(props), - }; - } - - /** - * Defines a "GatewayClassV1Beta1" API object - * @param scope the scope in which to define this object - * @param id a scope-local name for the object - * @param props initialization props - */ - public constructor(scope: Construct, id: string, props: GatewayClassV1Beta1Props) { - super(scope, id, { - ...GatewayClassV1Beta1.GVK, - ...props, - }); - } - - /** - * Renders the object to Kubernetes JSON. + * At least one of Service and Method MUST be a non-empty string. + * + * @schema GrpcRouteSpecRulesMatchesMethod#method */ - public toJson(): any { - const resolved = super.toJson(); - - return { - ...GatewayClassV1Beta1.GVK, - ...toJson_GatewayClassV1Beta1Props(resolved), - }; - } -} + readonly method?: string; -/** - * GatewayClass describes a class of Gateways available to the user for creating - * Gateway resources. - * - * - * It is recommended that this resource be used as a template for Gateways. This - * means that a Gateway is based on the state of the GatewayClass at the time it - * was created and changes to the GatewayClass or associated parameters are not - * propagated down to existing Gateways. This recommendation is intended to - * limit the blast radius of changes to GatewayClass or associated parameters. - * If implementations choose to propagate GatewayClass changes to existing - * Gateways, that MUST be clearly documented by the implementation. - * - * - * Whenever one or more Gateways are using a GatewayClass, implementations SHOULD - * add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the - * associated GatewayClass. This ensures that a GatewayClass associated with a - * Gateway is not deleted while in use. - * - * - * GatewayClass is a Cluster level resource. - * - * @schema GatewayClassV1Beta1 - */ -export interface GatewayClassV1Beta1Props { /** - * @schema GatewayClassV1Beta1#metadata + * Value of the service to match against. If left empty or omitted, will + * match any service. + * + * + * At least one of Service and Method MUST be a non-empty string. + * + * @schema GrpcRouteSpecRulesMatchesMethod#service */ - readonly metadata?: ApiObjectMetadata; + readonly service?: string; /** - * Spec defines the desired state of GatewayClass. + * Type specifies how to match against the service and/or method. + * Support: Core (Exact with service and method specified) * - * @schema GatewayClassV1Beta1#spec + * + * Support: Implementation-specific (Exact with method specified but no service specified) + * + * + * Support: Implementation-specific (RegularExpression) + * + * @schema GrpcRouteSpecRulesMatchesMethod#type */ - readonly spec: GatewayClassV1Beta1Spec; + readonly type?: GrpcRouteSpecRulesMatchesMethodType; } /** - * Converts an object of type 'GatewayClassV1Beta1Props' to JSON representation. + * Converts an object of type 'GrpcRouteSpecRulesMatchesMethod' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GatewayClassV1Beta1Props(obj: GatewayClassV1Beta1Props | undefined): Record | undefined { +export function toJson_GrpcRouteSpecRulesMatchesMethod(obj: GrpcRouteSpecRulesMatchesMethod | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'metadata': obj.metadata, - 'spec': toJson_GatewayClassV1Beta1Spec(obj.spec), + 'method': obj.method, + 'service': obj.service, + 'type': obj.type, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -2411,295 +5700,298 @@ export function toJson_GatewayClassV1Beta1Props(obj: GatewayClassV1Beta1Props | /* eslint-enable max-len, quote-props */ /** - * Spec defines the desired state of GatewayClass. + * CookieConfig provides configuration settings that are specific + * to cookie-based session persistence. * - * @schema GatewayClassV1Beta1Spec + * + * Support: Core + * + * @schema GrpcRouteSpecRulesSessionPersistenceCookieConfig */ -export interface GatewayClassV1Beta1Spec { - /** - * ControllerName is the name of the controller that is managing Gateways of - * this class. The value of this field MUST be a domain prefixed path. - * - * - * Example: "example.net/gateway-controller". - * - * - * This field is not mutable and cannot be empty. - * - * - * Support: Core - * - * @schema GatewayClassV1Beta1Spec#controllerName - */ - readonly controllerName: string; - - /** - * Description helps describe a GatewayClass with more details. - * - * @schema GatewayClassV1Beta1Spec#description - */ - readonly description?: string; - +export interface GrpcRouteSpecRulesSessionPersistenceCookieConfig { /** - * ParametersRef is a reference to a resource that contains the configuration - * parameters corresponding to the GatewayClass. This is optional if the - * controller does not require any additional configuration. + * LifetimeType specifies whether the cookie has a permanent or + * session-based lifetime. A permanent cookie persists until its + * specified expiry time, defined by the Expires or Max-Age cookie + * attributes, while a session cookie is deleted when the current + * session ends. * * - * ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, - * or an implementation-specific custom resource. The resource can be - * cluster-scoped or namespace-scoped. + * When set to "Permanent", AbsoluteTimeout indicates the + * cookie's lifetime via the Expires or Max-Age cookie attributes + * and is required. * * - * If the referent cannot be found, the GatewayClass's "InvalidParameters" - * status condition will be true. + * When set to "Session", AbsoluteTimeout indicates the + * absolute lifetime of the cookie tracked by the gateway and + * is optional. * * - * A Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified, - * the merging behavior is implementation specific. - * It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway. + * Support: Core for "Session" type * * - * Support: Implementation-specific + * Support: Extended for "Permanent" type * - * @schema GatewayClassV1Beta1Spec#parametersRef + * @schema GrpcRouteSpecRulesSessionPersistenceCookieConfig#lifetimeType */ - readonly parametersRef?: GatewayClassV1Beta1SpecParametersRef; + readonly lifetimeType?: GrpcRouteSpecRulesSessionPersistenceCookieConfigLifetimeType; } /** - * Converts an object of type 'GatewayClassV1Beta1Spec' to JSON representation. + * Converts an object of type 'GrpcRouteSpecRulesSessionPersistenceCookieConfig' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GatewayClassV1Beta1Spec(obj: GatewayClassV1Beta1Spec | undefined): Record | undefined { +export function toJson_GrpcRouteSpecRulesSessionPersistenceCookieConfig(obj: GrpcRouteSpecRulesSessionPersistenceCookieConfig | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'controllerName': obj.controllerName, - 'description': obj.description, - 'parametersRef': toJson_GatewayClassV1Beta1SpecParametersRef(obj.parametersRef), + 'lifetimeType': obj.lifetimeType, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ -/** - * ParametersRef is a reference to a resource that contains the configuration - * parameters corresponding to the GatewayClass. This is optional if the - * controller does not require any additional configuration. - * - * - * ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, - * or an implementation-specific custom resource. The resource can be - * cluster-scoped or namespace-scoped. +/** + * Type defines the type of session persistence such as through + * the use a header or cookie. Defaults to cookie based session + * persistence. * * - * If the referent cannot be found, the GatewayClass's "InvalidParameters" - * status condition will be true. + * Support: Core for "Cookie" type * * - * A Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified, - * the merging behavior is implementation specific. - * It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway. + * Support: Extended for "Header" type + * + * @default cookie based session + * @schema GrpcRouteSpecRulesSessionPersistenceType + */ +export enum GrpcRouteSpecRulesSessionPersistenceType { + /** Cookie */ + COOKIE = "Cookie", + /** Header */ + HEADER = "Header", +} + +/** + * ExtensionRef is an optional, implementation-specific extension to the + * "filter" behavior. For example, resource "myroutefilter" in group + * "networking.example.net"). ExtensionRef MUST NOT be used for core and + * extended filters. * * * Support: Implementation-specific * - * @schema GatewayClassV1Beta1SpecParametersRef + * + * This filter can be used multiple times within the same rule. + * + * @schema GrpcRouteSpecRulesBackendRefsFiltersExtensionRef */ -export interface GatewayClassV1Beta1SpecParametersRef { +export interface GrpcRouteSpecRulesBackendRefsFiltersExtensionRef { /** - * Group is the group of the referent. + * Group is the group of the referent. For example, "gateway.networking.k8s.io". + * When unspecified or empty string, core API group is inferred. * - * @schema GatewayClassV1Beta1SpecParametersRef#group + * @schema GrpcRouteSpecRulesBackendRefsFiltersExtensionRef#group */ readonly group: string; /** - * Kind is kind of the referent. + * Kind is kind of the referent. For example "HTTPRoute" or "Service". * - * @schema GatewayClassV1Beta1SpecParametersRef#kind + * @schema GrpcRouteSpecRulesBackendRefsFiltersExtensionRef#kind */ readonly kind: string; /** * Name is the name of the referent. * - * @schema GatewayClassV1Beta1SpecParametersRef#name + * @schema GrpcRouteSpecRulesBackendRefsFiltersExtensionRef#name */ readonly name: string; - /** - * Namespace is the namespace of the referent. - * This field is required when referring to a Namespace-scoped resource and - * MUST be unset when referring to a Cluster-scoped resource. - * - * @schema GatewayClassV1Beta1SpecParametersRef#namespace - */ - readonly namespace?: string; - } /** - * Converts an object of type 'GatewayClassV1Beta1SpecParametersRef' to JSON representation. + * Converts an object of type 'GrpcRouteSpecRulesBackendRefsFiltersExtensionRef' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GatewayClassV1Beta1SpecParametersRef(obj: GatewayClassV1Beta1SpecParametersRef | undefined): Record | undefined { +export function toJson_GrpcRouteSpecRulesBackendRefsFiltersExtensionRef(obj: GrpcRouteSpecRulesBackendRefsFiltersExtensionRef | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { 'group': obj.group, 'kind': obj.kind, 'name': obj.name, - 'namespace': obj.namespace, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ - /** - * GRPCRoute provides a way to route gRPC requests. This includes the capability -to match requests by hostname, gRPC service, gRPC method, or HTTP/2 header. -Filters can be used to specify additional processing steps. Backends specify -where matching requests will be routed. - - -GRPCRoute falls under extended support within the Gateway API. Within the -following specification, the word "MUST" indicates that an implementation -supporting GRPCRoute must conform to the indicated requirement, but an -implementation not supporting this route type need not follow the requirement -unless explicitly indicated. - - -Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST -accept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via -ALPN. If the implementation does not support this, then it MUST set the -"Accepted" condition to "False" for the affected listener with a reason of -"UnsupportedProtocol". Implementations MAY also accept HTTP/2 connections -with an upgrade from HTTP/1. - - -Implementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST -support HTTP/2 over cleartext TCP (h2c, -https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial -upgrade from HTTP/1.1, i.e. with prior knowledge -(https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation -does not support this, then it MUST set the "Accepted" condition to "False" -for the affected listener with a reason of "UnsupportedProtocol". -Implementations MAY also accept HTTP/2 connections with an upgrade from -HTTP/1, i.e. without prior knowledge. + * RequestHeaderModifier defines a schema for a filter that modifies request + * headers. * - * @schema GRPCRoute + * + * Support: Core + * + * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifier */ -export class GrpcRoute extends ApiObject { +export interface GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifier { /** - * Returns the apiVersion and kind for "GRPCRoute" + * Add adds the given header(s) (name, value) to the request + * before the action. It appends to any existing values associated + * with the header name. + * + * + * Input: + * GET /foo HTTP/1.1 + * my-header: foo + * + * + * Config: + * add: + * - name: "my-header" + * value: "bar,baz" + * + * + * Output: + * GET /foo HTTP/1.1 + * my-header: foo,bar,baz + * + * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifier#add */ - public static readonly GVK: GroupVersionKind = { - apiVersion: 'gateway.networking.k8s.io/v1', - kind: 'GRPCRoute', - } + readonly add?: GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd[]; /** - * Renders a Kubernetes manifest for "GRPCRoute". + * Remove the given header(s) from the HTTP request before the action. The + * value of Remove is a list of HTTP header names. Note that the header + * names are case-insensitive (see + * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). * - * This can be used to inline resource manifests inside other objects (e.g. as templates). * - * @param props initialization props + * Input: + * GET /foo HTTP/1.1 + * my-header1: foo + * my-header2: bar + * my-header3: baz + * + * + * Config: + * remove: ["my-header1", "my-header3"] + * + * + * Output: + * GET /foo HTTP/1.1 + * my-header2: bar + * + * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifier#remove */ - public static manifest(props: GrpcRouteProps = {}): any { - return { - ...GrpcRoute.GVK, - ...toJson_GrpcRouteProps(props), - }; - } + readonly remove?: string[]; /** - * Defines a "GRPCRoute" API object - * @param scope the scope in which to define this object - * @param id a scope-local name for the object - * @param props initialization props + * Set overwrites the request with the given header (name, value) + * before the action. + * + * + * Input: + * GET /foo HTTP/1.1 + * my-header: foo + * + * + * Config: + * set: + * - name: "my-header" + * value: "bar" + * + * + * Output: + * GET /foo HTTP/1.1 + * my-header: bar + * + * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifier#set */ - public constructor(scope: Construct, id: string, props: GrpcRouteProps = {}) { - super(scope, id, { - ...GrpcRoute.GVK, - ...props, - }); - } + readonly set?: GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet[]; - /** - * Renders the object to Kubernetes JSON. - */ - public toJson(): any { - const resolved = super.toJson(); +} - return { - ...GrpcRoute.GVK, - ...toJson_GrpcRouteProps(resolved), - }; - } +/** + * Converts an object of type 'GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifier' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifier(obj: GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifier | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'add': obj.add?.map(y => toJson_GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd(y)), + 'remove': obj.remove?.map(y => y), + 'set': obj.set?.map(y => toJson_GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } +/* eslint-enable max-len, quote-props */ /** - * GRPCRoute provides a way to route gRPC requests. This includes the capability - * to match requests by hostname, gRPC service, gRPC method, or HTTP/2 header. - * Filters can be used to specify additional processing steps. Backends specify - * where matching requests will be routed. - * - * - * GRPCRoute falls under extended support within the Gateway API. Within the - * following specification, the word "MUST" indicates that an implementation - * supporting GRPCRoute must conform to the indicated requirement, but an - * implementation not supporting this route type need not follow the requirement - * unless explicitly indicated. + * RequestMirror defines a schema for a filter that mirrors requests. + * Requests are sent to the specified destination, but responses from + * that destination are ignored. * * - * Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST - * accept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via - * ALPN. If the implementation does not support this, then it MUST set the - * "Accepted" condition to "False" for the affected listener with a reason of - * "UnsupportedProtocol". Implementations MAY also accept HTTP/2 connections - * with an upgrade from HTTP/1. + * This filter can be used multiple times within the same rule. Note that + * not all implementations will be able to support mirroring to multiple + * backends. * * - * Implementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST - * support HTTP/2 over cleartext TCP (h2c, - * https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial - * upgrade from HTTP/1.1, i.e. with prior knowledge - * (https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation - * does not support this, then it MUST set the "Accepted" condition to "False" - * for the affected listener with a reason of "UnsupportedProtocol". - * Implementations MAY also accept HTTP/2 connections with an upgrade from - * HTTP/1, i.e. without prior knowledge. + * Support: Extended * - * @schema GRPCRoute + * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestMirror */ -export interface GrpcRouteProps { - /** - * @schema GRPCRoute#metadata - */ - readonly metadata?: ApiObjectMetadata; - +export interface GrpcRouteSpecRulesBackendRefsFiltersRequestMirror { /** - * Spec defines the desired state of GRPCRoute. + * BackendRef references a resource where mirrored requests are sent. + * + * + * Mirrored requests must be sent only to a single destination endpoint + * within this BackendRef, irrespective of how many endpoints are present + * within this BackendRef. + * + * + * If the referent cannot be found, this BackendRef is invalid and must be + * dropped from the Gateway. The controller must ensure the "ResolvedRefs" + * condition on the Route status is set to `status: False` and not configure + * this backend in the underlying implementation. + * * - * @schema GRPCRoute#spec + * If there is a cross-namespace reference to an *existing* object + * that is not allowed by a ReferenceGrant, the controller must ensure the + * "ResolvedRefs" condition on the Route is set to `status: False`, + * with the "RefNotPermitted" reason and not configure this backend in the + * underlying implementation. + * + * + * In either error case, the Message of the `ResolvedRefs` Condition + * should be used to provide more detail about the problem. + * + * + * Support: Extended for Kubernetes Service + * + * + * Support: Implementation-specific for any other resource + * + * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestMirror#backendRef */ - readonly spec?: GrpcRouteSpec; + readonly backendRef: GrpcRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef; } /** - * Converts an object of type 'GrpcRouteProps' to JSON representation. + * Converts an object of type 'GrpcRouteSpecRulesBackendRefsFiltersRequestMirror' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteProps(obj: GrpcRouteProps | undefined): Record | undefined { +export function toJson_GrpcRouteSpecRulesBackendRefsFiltersRequestMirror(obj: GrpcRouteSpecRulesBackendRefsFiltersRequestMirror | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'metadata': obj.metadata, - 'spec': toJson_GrpcRouteSpec(obj.spec), + 'backendRef': toJson_GrpcRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef(obj.backendRef), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -2707,170 +5999,239 @@ export function toJson_GrpcRouteProps(obj: GrpcRouteProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'add': obj.add?.map(y => toJson_GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd(y)), + 'remove': obj.remove?.map(y => y), + 'set': obj.set?.map(y => toJson_GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Type identifies the type of filter to apply. As with other API fields, + * types are classified into three conformance levels: + * + * + * - Core: Filter types and their corresponding configuration defined by + * "Support: Core" in this package, e.g. "RequestHeaderModifier". All + * implementations supporting GRPCRoute MUST support core filters. + * + * + * - Extended: Filter types and their corresponding configuration defined by + * "Support: Extended" in this package, e.g. "RequestMirror". Implementers + * are encouraged to support extended filters. + * + * + * - Implementation-specific: Filters that are defined and supported by specific vendors. + * In the future, filters showing convergence in behavior across multiple + * implementations will be considered for inclusion in extended or core + * conformance levels. Filter-specific configuration for such filters + * is specified using the ExtensionRef field. `Type` MUST be set to + * "ExtensionRef" for custom filters. + * + * + * Implementers are encouraged to define custom implementation types to + * extend the core API with implementation-specific behavior. + * + * + * If a reference to a custom filter type cannot be resolved, the filter + * MUST NOT be skipped. Instead, requests that would have been processed by + * that filter MUST receive a HTTP error response. + * + * + * + * + * @schema GrpcRouteSpecRulesBackendRefsFiltersType + */ +export enum GrpcRouteSpecRulesBackendRefsFiltersType { + /** ResponseHeaderModifier */ + RESPONSE_HEADER_MODIFIER = "ResponseHeaderModifier", + /** RequestHeaderModifier */ + REQUEST_HEADER_MODIFIER = "RequestHeaderModifier", + /** RequestMirror */ + REQUEST_MIRROR = "RequestMirror", + /** ExtensionRef */ + EXTENSION_REF = "ExtensionRef", +} + +/** + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * + * @schema GrpcRouteSpecRulesFiltersRequestHeaderModifierAdd + */ +export interface GrpcRouteSpecRulesFiltersRequestHeaderModifierAdd { + /** + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * * + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * + * @schema GrpcRouteSpecRulesFiltersRequestHeaderModifierAdd#name + */ + readonly name: string; + + /** + * Value is the value of HTTP Header to be matched. * + * @schema GrpcRouteSpecRulesFiltersRequestHeaderModifierAdd#value + */ + readonly value: string; + +} + +/** + * Converts an object of type 'GrpcRouteSpecRulesFiltersRequestHeaderModifierAdd' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteSpecRulesFiltersRequestHeaderModifierAdd(obj: GrpcRouteSpecRulesFiltersRequestHeaderModifierAdd | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * + * @schema GrpcRouteSpecRulesFiltersRequestHeaderModifierSet + */ +export interface GrpcRouteSpecRulesFiltersRequestHeaderModifierSet { + /** + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * * + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * - * @schema GrpcRouteSpec#parentRefs + * @schema GrpcRouteSpecRulesFiltersRequestHeaderModifierSet#name */ - readonly parentRefs?: GrpcRouteSpecParentRefs[]; + readonly name: string; /** - * Rules are a list of GRPC matchers, filters and actions. + * Value is the value of HTTP Header to be matched. * - * @schema GrpcRouteSpec#rules + * @schema GrpcRouteSpecRulesFiltersRequestHeaderModifierSet#value */ - readonly rules?: GrpcRouteSpecRules[]; + readonly value: string; } /** - * Converts an object of type 'GrpcRouteSpec' to JSON representation. + * Converts an object of type 'GrpcRouteSpecRulesFiltersRequestHeaderModifierSet' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpec(obj: GrpcRouteSpec | undefined): Record | undefined { +export function toJson_GrpcRouteSpecRulesFiltersRequestHeaderModifierSet(obj: GrpcRouteSpecRulesFiltersRequestHeaderModifierSet | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'hostnames': obj.hostnames?.map(y => y), - 'parentRefs': obj.parentRefs?.map(y => toJson_GrpcRouteSpecParentRefs(y)), - 'rules': obj.rules?.map(y => toJson_GrpcRouteSpecRules(y)), + 'name': obj.name, + 'value': obj.value, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -2878,172 +6239,166 @@ export function toJson_GrpcRouteSpec(obj: GrpcRouteSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + 'namespace': obj.namespace, + 'port': obj.port, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * + * @schema GrpcRouteSpecRulesFiltersResponseHeaderModifierAdd + */ +export interface GrpcRouteSpecRulesFiltersResponseHeaderModifierAdd { /** - * SectionName is the name of a section within the target resource. In the - * following resources, SectionName is interpreted as the following: - * - * - * * Gateway: Listener name. When both Port (experimental) and SectionName - * are specified, the name and port of the selected listener must match - * both specified values. - * * Service: Port name. When both Port (experimental) and SectionName - * are specified, the name and port of the selected listener must match - * both specified values. - * - * - * Implementations MAY choose to support attaching Routes to other resources. - * If that is the case, they MUST clearly document how SectionName is - * interpreted. - * + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * - * When unspecified (empty string), this will reference the entire resource. - * For the purpose of status, an attachment is considered successful if at - * least one section in the parent resource accepts it. For example, Gateway - * listeners can restrict which Routes can attach to them by Route kind, - * namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from - * the referencing Route, the Route MUST be considered successfully - * attached. If no Gateway listeners accept attachment from this Route, the - * Route MUST be considered detached from the Gateway. * + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * - * Support: Core + * @schema GrpcRouteSpecRulesFiltersResponseHeaderModifierAdd#name + */ + readonly name: string; + + /** + * Value is the value of HTTP Header to be matched. * - * @schema GrpcRouteSpecParentRefs#sectionName + * @schema GrpcRouteSpecRulesFiltersResponseHeaderModifierAdd#value */ - readonly sectionName?: string; + readonly value: string; } /** - * Converts an object of type 'GrpcRouteSpecParentRefs' to JSON representation. + * Converts an object of type 'GrpcRouteSpecRulesFiltersResponseHeaderModifierAdd' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecParentRefs(obj: GrpcRouteSpecParentRefs | undefined): Record | undefined { +export function toJson_GrpcRouteSpecRulesFiltersResponseHeaderModifierAdd(obj: GrpcRouteSpecRulesFiltersResponseHeaderModifierAdd | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'group': obj.group, - 'kind': obj.kind, 'name': obj.name, - 'namespace': obj.namespace, - 'port': obj.port, - 'sectionName': obj.sectionName, + 'value': obj.value, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -3051,169 +6406,197 @@ export function toJson_GrpcRouteSpecParentRefs(obj: GrpcRouteSpecParentRefs | un /* eslint-enable max-len, quote-props */ /** - * GRPCRouteRule defines the semantics for matching a gRPC request based on - * conditions (matches), processing it (filters), and forwarding the request to - * an API object (backendRefs). + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. * - * @schema GrpcRouteSpecRules + * @schema GrpcRouteSpecRulesFiltersResponseHeaderModifierSet */ -export interface GrpcRouteSpecRules { +export interface GrpcRouteSpecRulesFiltersResponseHeaderModifierSet { /** - * BackendRefs defines the backend(s) where matching requests should be - * sent. - * - * - * Failure behavior here depends on how many BackendRefs are specified and - * how many are invalid. - * - * - * If *all* entries in BackendRefs are invalid, and there are also no filters - * specified in this route rule, *all* traffic which matches this rule MUST - * receive an `UNAVAILABLE` status. - * - * - * See the GRPCBackendRef definition for the rules about what makes a single - * GRPCBackendRef invalid. - * - * - * When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for - * requests that would have otherwise been routed to an invalid backend. If - * multiple backends are specified, and some are invalid, the proportion of - * requests that would otherwise have been routed to an invalid backend - * MUST receive an `UNAVAILABLE` status. - * - * - * For example, if two backends are specified with equal weights, and one is - * invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. - * Implementations may choose how that 50 percent is determined. - * - * - * Support: Core for Kubernetes Service - * - * - * Support: Implementation-specific for any other resource + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * * - * Support for weight: Core + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * - * @schema GrpcRouteSpecRules#backendRefs + * @schema GrpcRouteSpecRulesFiltersResponseHeaderModifierSet#name */ - readonly backendRefs?: GrpcRouteSpecRulesBackendRefs[]; + readonly name: string; /** - * Filters define the filters that are applied to requests that match - * this rule. - * - * - * The effects of ordering of multiple behaviors are currently unspecified. - * This can change in the future based on feedback during the alpha stage. - * - * - * Conformance-levels at this level are defined based on the type of filter: - * - * - * - ALL core filters MUST be supported by all implementations that support - * GRPCRoute. - * - Implementers are encouraged to support extended filters. - * - Implementation-specific custom filters have no API guarantees across - * implementations. - * - * - * Specifying the same filter multiple times is not supported unless explicitly - * indicated in the filter. - * - * - * If an implementation can not support a combination of filters, it must clearly - * document that limitation. In cases where incompatible or unsupported - * filters are specified and cause the `Accepted` condition to be set to status - * `False`, implementations may use the `IncompatibleFilters` reason to specify - * this configuration error. - * - * - * Support: Core + * Value is the value of HTTP Header to be matched. * - * @schema GrpcRouteSpecRules#filters + * @schema GrpcRouteSpecRulesFiltersResponseHeaderModifierSet#value */ - readonly filters?: GrpcRouteSpecRulesFilters[]; + readonly value: string; + +} + +/** + * Converts an object of type 'GrpcRouteSpecRulesFiltersResponseHeaderModifierSet' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteSpecRulesFiltersResponseHeaderModifierSet(obj: GrpcRouteSpecRulesFiltersResponseHeaderModifierSet | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Type specifies how to match against the value of the header. + * + * @schema GrpcRouteSpecRulesMatchesHeadersType + */ +export enum GrpcRouteSpecRulesMatchesHeadersType { + /** Exact */ + EXACT = "Exact", + /** RegularExpression */ + REGULAR_EXPRESSION = "RegularExpression", +} + +/** + * Type specifies how to match against the service and/or method. + * Support: Core (Exact with service and method specified) + * + * + * Support: Implementation-specific (Exact with method specified but no service specified) + * + * + * Support: Implementation-specific (RegularExpression) + * + * @schema GrpcRouteSpecRulesMatchesMethodType + */ +export enum GrpcRouteSpecRulesMatchesMethodType { + /** Exact */ + EXACT = "Exact", + /** RegularExpression */ + REGULAR_EXPRESSION = "RegularExpression", +} +/** + * LifetimeType specifies whether the cookie has a permanent or + * session-based lifetime. A permanent cookie persists until its + * specified expiry time, defined by the Expires or Max-Age cookie + * attributes, while a session cookie is deleted when the current + * session ends. + * + * + * When set to "Permanent", AbsoluteTimeout indicates the + * cookie's lifetime via the Expires or Max-Age cookie attributes + * and is required. + * + * + * When set to "Session", AbsoluteTimeout indicates the + * absolute lifetime of the cookie tracked by the gateway and + * is optional. + * + * + * Support: Core for "Session" type + * + * + * Support: Extended for "Permanent" type + * + * @schema GrpcRouteSpecRulesSessionPersistenceCookieConfigLifetimeType + */ +export enum GrpcRouteSpecRulesSessionPersistenceCookieConfigLifetimeType { + /** Permanent */ + PERMANENT = "Permanent", + /** Session */ + SESSION = "Session", +} + +/** + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * + * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd + */ +export interface GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd { /** - * Matches define conditions used for matching the rule against incoming - * gRPC requests. Each match is independent, i.e. this rule will be matched - * if **any** one of the matches is satisfied. - * - * - * For example, take the following matches configuration: - * - * - * ``` - * matches: - * - method: - * service: foo.bar - * headers: - * values: - * version: 2 - * - method: - * service: foo.bar.v2 - * ``` - * - * - * For a request to match against this rule, it MUST satisfy - * EITHER of the two conditions: - * - * - * - service of foo.bar AND contains the header `version: 2` - * - service of foo.bar.v2 - * - * - * See the documentation for GRPCRouteMatch on how to specify multiple - * match conditions to be ANDed together. - * - * - * If no matches are specified, the implementation MUST match every gRPC request. - * - * - * Proxy or Load Balancer routing configuration generated from GRPCRoutes - * MUST prioritize rules based on the following criteria, continuing on - * ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. - * Precedence MUST be given to the rule with the largest number of: - * + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * - * * Characters in a matching non-wildcard hostname. - * * Characters in a matching hostname. - * * Characters in a matching service. - * * Characters in a matching method. - * * Header matches. * + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * - * If ties still exist across multiple Routes, matching precedence MUST be - * determined in order of the following criteria, continuing on ties: + * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd#name + */ + readonly name: string; + + /** + * Value is the value of HTTP Header to be matched. * + * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd#value + */ + readonly value: string; + +} + +/** + * Converts an object of type 'GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd(obj: GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * + * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet + */ +export interface GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet { + /** + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * - * * The oldest Route based on creation timestamp. - * * The Route appearing first in alphabetical order by - * "{namespace}/{name}". * + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * - * If ties still exist within the Route that has been given precedence, - * matching precedence MUST be granted to the first matching rule meeting - * the above criteria. + * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet#name + */ + readonly name: string; + + /** + * Value is the value of HTTP Header to be matched. * - * @schema GrpcRouteSpecRules#matches + * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet#value */ - readonly matches?: GrpcRouteSpecRulesMatches[]; + readonly value: string; } /** - * Converts an object of type 'GrpcRouteSpecRules' to JSON representation. + * Converts an object of type 'GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecRules(obj: GrpcRouteSpecRules | undefined): Record | undefined { +export function toJson_GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet(obj: GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'backendRefs': obj.backendRefs?.map(y => toJson_GrpcRouteSpecRulesBackendRefs(y)), - 'filters': obj.filters?.map(y => toJson_GrpcRouteSpecRulesFilters(y)), - 'matches': obj.matches?.map(y => toJson_GrpcRouteSpecRulesMatches(y)), + 'name': obj.name, + 'value': obj.value, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -3221,58 +6604,44 @@ export function toJson_GrpcRouteSpecRules(obj: GrpcRouteSpecRules | undefined): /* eslint-enable max-len, quote-props */ /** - * GRPCBackendRef defines how a GRPCRoute forwards a gRPC request. - * - * - * Note that when a namespace different than the local namespace is specified, a - * ReferenceGrant object is required in the referent namespace to allow that - * namespace's owner to accept the reference. See the ReferenceGrant - * documentation for details. + * BackendRef references a resource where mirrored requests are sent. * * - * + * Mirrored requests must be sent only to a single destination endpoint + * within this BackendRef, irrespective of how many endpoints are present + * within this BackendRef. * * - * When the BackendRef points to a Kubernetes Service, implementations SHOULD - * honor the appProtocol field if it is set for the target Service Port. + * If the referent cannot be found, this BackendRef is invalid and must be + * dropped from the Gateway. The controller must ensure the "ResolvedRefs" + * condition on the Route status is set to `status: False` and not configure + * this backend in the underlying implementation. * * - * Implementations supporting appProtocol SHOULD recognize the Kubernetes - * Standard Application Protocols defined in KEP-3726. + * If there is a cross-namespace reference to an *existing* object + * that is not allowed by a ReferenceGrant, the controller must ensure the + * "ResolvedRefs" condition on the Route is set to `status: False`, + * with the "RefNotPermitted" reason and not configure this backend in the + * underlying implementation. * * - * If a Service appProtocol isn't specified, an implementation MAY infer the - * backend protocol through its own means. Implementations MAY infer the - * protocol from the Route type referring to the backend Service. + * In either error case, the Message of the `ResolvedRefs` Condition + * should be used to provide more detail about the problem. * * - * If a Route is not able to send traffic to the backend using the specified - * protocol then the backend is considered invalid. Implementations MUST set the - * "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason. + * Support: Extended for Kubernetes Service * * - * + * Support: Implementation-specific for any other resource * - * @schema GrpcRouteSpecRulesBackendRefs + * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef */ -export interface GrpcRouteSpecRulesBackendRefs { - /** - * Filters defined at this level MUST be executed if and only if the - * request is being forwarded to the backend defined here. - * - * - * Support: Implementation-specific (For broader support of filters, use the - * Filters field in GRPCRouteRule.) - * - * @schema GrpcRouteSpecRulesBackendRefs#filters - */ - readonly filters?: GrpcRouteSpecRulesBackendRefsFilters[]; - +export interface GrpcRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef { /** * Group is the group of the referent. For example, "gateway.networking.k8s.io". * When unspecified or empty string, core API group is inferred. * - * @schema GrpcRouteSpecRulesBackendRefs#group + * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef#group */ readonly group?: string; @@ -3297,14 +6666,14 @@ export interface GrpcRouteSpecRulesBackendRefs { * Support: Implementation-specific (Services with type ExternalName) * * @default Service" when not specified. - * @schema GrpcRouteSpecRulesBackendRefs#kind + * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef#kind */ readonly kind?: string; /** * Name is the name of the referent. * - * @schema GrpcRouteSpecRulesBackendRefs#name + * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef#name */ readonly name: string; @@ -3321,182 +6690,35 @@ export interface GrpcRouteSpecRulesBackendRefs { * * Support: Core * - * @schema GrpcRouteSpecRulesBackendRefs#namespace + * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef#namespace */ readonly namespace?: string; - /** - * Port specifies the destination port number to use for this resource. - * Port is required when the referent is a Kubernetes Service. In this - * case, the port number is the service port number, not the target port. - * For other resources, destination port might be derived from the referent - * resource or this field. - * - * @schema GrpcRouteSpecRulesBackendRefs#port - */ - readonly port?: number; - - /** - * Weight specifies the proportion of requests forwarded to the referenced - * backend. This is computed as weight/(sum of all weights in this - * BackendRefs list). For non-zero values, there may be some epsilon from - * the exact proportion defined here depending on the precision an - * implementation supports. Weight is not a percentage and the sum of - * weights does not need to equal 100. - * - * - * If only one backend is specified and it has a weight greater than 0, 100% - * of the traffic is forwarded to that backend. If weight is set to 0, no - * traffic should be forwarded for this entry. If unspecified, weight - * defaults to 1. - * - * - * Support for this field varies based on the context where used. - * - * @schema GrpcRouteSpecRulesBackendRefs#weight - */ - readonly weight?: number; - -} - -/** - * Converts an object of type 'GrpcRouteSpecRulesBackendRefs' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecRulesBackendRefs(obj: GrpcRouteSpecRulesBackendRefs | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'filters': obj.filters?.map(y => toJson_GrpcRouteSpecRulesBackendRefsFilters(y)), - 'group': obj.group, - 'kind': obj.kind, - 'name': obj.name, - 'namespace': obj.namespace, - 'port': obj.port, - 'weight': obj.weight, - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ - -/** - * GRPCRouteFilter defines processing steps that must be completed during the - * request or response lifecycle. GRPCRouteFilters are meant as an extension - * point to express processing that may be done in Gateway implementations. Some - * examples include request or response modification, implementing - * authentication strategies, rate-limiting, and traffic shaping. API - * guarantee/conformance is defined based on the type of the filter. - * - * @schema GrpcRouteSpecRulesFilters - */ -export interface GrpcRouteSpecRulesFilters { - /** - * ExtensionRef is an optional, implementation-specific extension to the - * "filter" behavior. For example, resource "myroutefilter" in group - * "networking.example.net"). ExtensionRef MUST NOT be used for core and - * extended filters. - * - * - * Support: Implementation-specific - * - * - * This filter can be used multiple times within the same rule. - * - * @schema GrpcRouteSpecRulesFilters#extensionRef - */ - readonly extensionRef?: GrpcRouteSpecRulesFiltersExtensionRef; - - /** - * RequestHeaderModifier defines a schema for a filter that modifies request - * headers. - * - * - * Support: Core - * - * @schema GrpcRouteSpecRulesFilters#requestHeaderModifier - */ - readonly requestHeaderModifier?: GrpcRouteSpecRulesFiltersRequestHeaderModifier; - - /** - * RequestMirror defines a schema for a filter that mirrors requests. - * Requests are sent to the specified destination, but responses from - * that destination are ignored. - * - * - * This filter can be used multiple times within the same rule. Note that - * not all implementations will be able to support mirroring to multiple - * backends. - * - * - * Support: Extended - * - * @schema GrpcRouteSpecRulesFilters#requestMirror - */ - readonly requestMirror?: GrpcRouteSpecRulesFiltersRequestMirror; - - /** - * ResponseHeaderModifier defines a schema for a filter that modifies response - * headers. - * - * - * Support: Extended - * - * @schema GrpcRouteSpecRulesFilters#responseHeaderModifier - */ - readonly responseHeaderModifier?: GrpcRouteSpecRulesFiltersResponseHeaderModifier; - - /** - * Type identifies the type of filter to apply. As with other API fields, - * types are classified into three conformance levels: - * - * - * - Core: Filter types and their corresponding configuration defined by - * "Support: Core" in this package, e.g. "RequestHeaderModifier". All - * implementations supporting GRPCRoute MUST support core filters. - * - * - * - Extended: Filter types and their corresponding configuration defined by - * "Support: Extended" in this package, e.g. "RequestMirror". Implementers - * are encouraged to support extended filters. - * - * - * - Implementation-specific: Filters that are defined and supported by specific vendors. - * In the future, filters showing convergence in behavior across multiple - * implementations will be considered for inclusion in extended or core - * conformance levels. Filter-specific configuration for such filters - * is specified using the ExtensionRef field. `Type` MUST be set to - * "ExtensionRef" for custom filters. - * - * - * Implementers are encouraged to define custom implementation types to - * extend the core API with implementation-specific behavior. - * - * - * If a reference to a custom filter type cannot be resolved, the filter - * MUST NOT be skipped. Instead, requests that would have been processed by - * that filter MUST receive a HTTP error response. - * - * - * + /** + * Port specifies the destination port number to use for this resource. + * Port is required when the referent is a Kubernetes Service. In this + * case, the port number is the service port number, not the target port. + * For other resources, destination port might be derived from the referent + * resource or this field. * - * @schema GrpcRouteSpecRulesFilters#type + * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef#port */ - readonly type: GrpcRouteSpecRulesFiltersType; + readonly port?: number; } /** - * Converts an object of type 'GrpcRouteSpecRulesFilters' to JSON representation. + * Converts an object of type 'GrpcRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecRulesFilters(obj: GrpcRouteSpecRulesFilters | undefined): Record | undefined { +export function toJson_GrpcRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef(obj: GrpcRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'extensionRef': toJson_GrpcRouteSpecRulesFiltersExtensionRef(obj.extensionRef), - 'requestHeaderModifier': toJson_GrpcRouteSpecRulesFiltersRequestHeaderModifier(obj.requestHeaderModifier), - 'requestMirror': toJson_GrpcRouteSpecRulesFiltersRequestMirror(obj.requestMirror), - 'responseHeaderModifier': toJson_GrpcRouteSpecRulesFiltersResponseHeaderModifier(obj.responseHeaderModifier), - 'type': obj.type, + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + 'namespace': obj.namespace, + 'port': obj.port, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -3504,58 +6726,44 @@ export function toJson_GrpcRouteSpecRulesFilters(obj: GrpcRouteSpecRulesFilters /* eslint-enable max-len, quote-props */ /** - * GRPCRouteMatch defines the predicate used to match requests to a given - * action. Multiple match types are ANDed together, i.e. the match will - * evaluate to true only if all conditions are satisfied. - * - * - * For example, the match below will match a gRPC request only if its service - * is `foo` AND it contains the `version: v1` header: - * - * - * ``` - * matches: - * - method: - * type: Exact - * service: "foo" - * headers: - * - name: "version" - * value "v1" - * - * - * ``` + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. * - * @schema GrpcRouteSpecRulesMatches + * @schema GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd */ -export interface GrpcRouteSpecRulesMatches { +export interface GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd { /** - * Headers specifies gRPC request header matchers. Multiple match values are - * ANDed together, meaning, a request MUST match all the specified headers - * to select the route. + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * - * @schema GrpcRouteSpecRulesMatches#headers + * + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. + * + * @schema GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd#name */ - readonly headers?: GrpcRouteSpecRulesMatchesHeaders[]; + readonly name: string; /** - * Method specifies a gRPC request service/method matcher. If this field is - * not specified, all services and methods will match. + * Value is the value of HTTP Header to be matched. * - * @schema GrpcRouteSpecRulesMatches#method + * @schema GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd#value */ - readonly method?: GrpcRouteSpecRulesMatchesMethod; + readonly value: string; } /** - * Converts an object of type 'GrpcRouteSpecRulesMatches' to JSON representation. + * Converts an object of type 'GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecRulesMatches(obj: GrpcRouteSpecRulesMatches | undefined): Record | undefined { +export function toJson_GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd(obj: GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'headers': obj.headers?.map(y => toJson_GrpcRouteSpecRulesMatchesHeaders(y)), - 'method': toJson_GrpcRouteSpecRulesMatchesMethod(obj.method), + 'name': obj.name, + 'value': obj.value, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -3563,178 +6771,192 @@ export function toJson_GrpcRouteSpecRulesMatches(obj: GrpcRouteSpecRulesMatches /* eslint-enable max-len, quote-props */ /** - * GRPCRouteFilter defines processing steps that must be completed during the - * request or response lifecycle. GRPCRouteFilters are meant as an extension - * point to express processing that may be done in Gateway implementations. Some - * examples include request or response modification, implementing - * authentication strategies, rate-limiting, and traffic shaping. API - * guarantee/conformance is defined based on the type of the filter. + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. * - * @schema GrpcRouteSpecRulesBackendRefsFilters + * @schema GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet */ -export interface GrpcRouteSpecRulesBackendRefsFilters { +export interface GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet { /** - * ExtensionRef is an optional, implementation-specific extension to the - * "filter" behavior. For example, resource "myroutefilter" in group - * "networking.example.net"). ExtensionRef MUST NOT be used for core and - * extended filters. - * - * - * Support: Implementation-specific + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * * - * This filter can be used multiple times within the same rule. + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * - * @schema GrpcRouteSpecRulesBackendRefsFilters#extensionRef + * @schema GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet#name */ - readonly extensionRef?: GrpcRouteSpecRulesBackendRefsFiltersExtensionRef; + readonly name: string; /** - * RequestHeaderModifier defines a schema for a filter that modifies request - * headers. - * - * - * Support: Core + * Value is the value of HTTP Header to be matched. * - * @schema GrpcRouteSpecRulesBackendRefsFilters#requestHeaderModifier + * @schema GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet#value */ - readonly requestHeaderModifier?: GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifier; + readonly value: string; + +} + +/** + * Converts an object of type 'GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet(obj: GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + + +/** + * GRPCRoute provides a way to route gRPC requests. This includes the capability +to match requests by hostname, gRPC service, gRPC method, or HTTP/2 header. +Filters can be used to specify additional processing steps. Backends specify +where matching requests will be routed. + + +GRPCRoute falls under extended support within the Gateway API. Within the +following specification, the word "MUST" indicates that an implementation +supporting GRPCRoute must conform to the indicated requirement, but an +implementation not supporting this route type need not follow the requirement +unless explicitly indicated. + + +Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST +accept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via +ALPN. If the implementation does not support this, then it MUST set the +"Accepted" condition to "False" for the affected listener with a reason of +"UnsupportedProtocol". Implementations MAY also accept HTTP/2 connections +with an upgrade from HTTP/1. + +Implementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST +support HTTP/2 over cleartext TCP (h2c, +https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial +upgrade from HTTP/1.1, i.e. with prior knowledge +(https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation +does not support this, then it MUST set the "Accepted" condition to "False" +for the affected listener with a reason of "UnsupportedProtocol". +Implementations MAY also accept HTTP/2 connections with an upgrade from +HTTP/1, i.e. without prior knowledge. + * + * @schema GRPCRouteV1Alpha2 + */ +export class GrpcRouteV1Alpha2 extends ApiObject { /** - * RequestMirror defines a schema for a filter that mirrors requests. - * Requests are sent to the specified destination, but responses from - * that destination are ignored. - * - * - * This filter can be used multiple times within the same rule. Note that - * not all implementations will be able to support mirroring to multiple - * backends. - * - * - * Support: Extended - * - * @schema GrpcRouteSpecRulesBackendRefsFilters#requestMirror + * Returns the apiVersion and kind for "GRPCRouteV1Alpha2" */ - readonly requestMirror?: GrpcRouteSpecRulesBackendRefsFiltersRequestMirror; + public static readonly GVK: GroupVersionKind = { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'GRPCRoute', + } /** - * ResponseHeaderModifier defines a schema for a filter that modifies response - * headers. - * + * Renders a Kubernetes manifest for "GRPCRouteV1Alpha2". * - * Support: Extended + * This can be used to inline resource manifests inside other objects (e.g. as templates). * - * @schema GrpcRouteSpecRulesBackendRefsFilters#responseHeaderModifier + * @param props initialization props */ - readonly responseHeaderModifier?: GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifier; + public static manifest(props: GrpcRouteV1Alpha2Props = {}): any { + return { + ...GrpcRouteV1Alpha2.GVK, + ...toJson_GrpcRouteV1Alpha2Props(props), + }; + } /** - * Type identifies the type of filter to apply. As with other API fields, - * types are classified into three conformance levels: - * - * - * - Core: Filter types and their corresponding configuration defined by - * "Support: Core" in this package, e.g. "RequestHeaderModifier". All - * implementations supporting GRPCRoute MUST support core filters. - * - * - * - Extended: Filter types and their corresponding configuration defined by - * "Support: Extended" in this package, e.g. "RequestMirror". Implementers - * are encouraged to support extended filters. - * - * - * - Implementation-specific: Filters that are defined and supported by specific vendors. - * In the future, filters showing convergence in behavior across multiple - * implementations will be considered for inclusion in extended or core - * conformance levels. Filter-specific configuration for such filters - * is specified using the ExtensionRef field. `Type` MUST be set to - * "ExtensionRef" for custom filters. - * - * - * Implementers are encouraged to define custom implementation types to - * extend the core API with implementation-specific behavior. - * - * - * If a reference to a custom filter type cannot be resolved, the filter - * MUST NOT be skipped. Instead, requests that would have been processed by - * that filter MUST receive a HTTP error response. - * - * - * - * - * @schema GrpcRouteSpecRulesBackendRefsFilters#type + * Defines a "GRPCRouteV1Alpha2" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props */ - readonly type: GrpcRouteSpecRulesBackendRefsFiltersType; + public constructor(scope: Construct, id: string, props: GrpcRouteV1Alpha2Props = {}) { + super(scope, id, { + ...GrpcRouteV1Alpha2.GVK, + ...props, + }); + } -} + /** + * Renders the object to Kubernetes JSON. + */ + public toJson(): any { + const resolved = super.toJson(); -/** - * Converts an object of type 'GrpcRouteSpecRulesBackendRefsFilters' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecRulesBackendRefsFilters(obj: GrpcRouteSpecRulesBackendRefsFilters | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'extensionRef': toJson_GrpcRouteSpecRulesBackendRefsFiltersExtensionRef(obj.extensionRef), - 'requestHeaderModifier': toJson_GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifier(obj.requestHeaderModifier), - 'requestMirror': toJson_GrpcRouteSpecRulesBackendRefsFiltersRequestMirror(obj.requestMirror), - 'responseHeaderModifier': toJson_GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifier(obj.responseHeaderModifier), - 'type': obj.type, - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); + return { + ...GrpcRouteV1Alpha2.GVK, + ...toJson_GrpcRouteV1Alpha2Props(resolved), + }; + } } -/* eslint-enable max-len, quote-props */ /** - * ExtensionRef is an optional, implementation-specific extension to the - * "filter" behavior. For example, resource "myroutefilter" in group - * "networking.example.net"). ExtensionRef MUST NOT be used for core and - * extended filters. + * GRPCRoute provides a way to route gRPC requests. This includes the capability + * to match requests by hostname, gRPC service, gRPC method, or HTTP/2 header. + * Filters can be used to specify additional processing steps. Backends specify + * where matching requests will be routed. * * - * Support: Implementation-specific + * GRPCRoute falls under extended support within the Gateway API. Within the + * following specification, the word "MUST" indicates that an implementation + * supporting GRPCRoute must conform to the indicated requirement, but an + * implementation not supporting this route type need not follow the requirement + * unless explicitly indicated. * * - * This filter can be used multiple times within the same rule. + * Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST + * accept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via + * ALPN. If the implementation does not support this, then it MUST set the + * "Accepted" condition to "False" for the affected listener with a reason of + * "UnsupportedProtocol". Implementations MAY also accept HTTP/2 connections + * with an upgrade from HTTP/1. * - * @schema GrpcRouteSpecRulesFiltersExtensionRef + * + * Implementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST + * support HTTP/2 over cleartext TCP (h2c, + * https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial + * upgrade from HTTP/1.1, i.e. with prior knowledge + * (https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation + * does not support this, then it MUST set the "Accepted" condition to "False" + * for the affected listener with a reason of "UnsupportedProtocol". + * Implementations MAY also accept HTTP/2 connections with an upgrade from + * HTTP/1, i.e. without prior knowledge. + * + * @schema GRPCRouteV1Alpha2 */ -export interface GrpcRouteSpecRulesFiltersExtensionRef { - /** - * Group is the group of the referent. For example, "gateway.networking.k8s.io". - * When unspecified or empty string, core API group is inferred. - * - * @schema GrpcRouteSpecRulesFiltersExtensionRef#group - */ - readonly group: string; - +export interface GrpcRouteV1Alpha2Props { /** - * Kind is kind of the referent. For example "HTTPRoute" or "Service". - * - * @schema GrpcRouteSpecRulesFiltersExtensionRef#kind + * @schema GRPCRouteV1Alpha2#metadata */ - readonly kind: string; + readonly metadata?: ApiObjectMetadata; /** - * Name is the name of the referent. + * Spec defines the desired state of GRPCRoute. * - * @schema GrpcRouteSpecRulesFiltersExtensionRef#name + * @schema GRPCRouteV1Alpha2#spec */ - readonly name: string; + readonly spec?: GrpcRouteV1Alpha2Spec; } /** - * Converts an object of type 'GrpcRouteSpecRulesFiltersExtensionRef' to JSON representation. + * Converts an object of type 'GrpcRouteV1Alpha2Props' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecRulesFiltersExtensionRef(obj: GrpcRouteSpecRulesFiltersExtensionRef | undefined): Record | undefined { +export function toJson_GrpcRouteV1Alpha2Props(obj: GrpcRouteV1Alpha2Props | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'group': obj.group, - 'kind': obj.kind, - 'name': obj.name, + 'metadata': obj.metadata, + 'spec': toJson_GrpcRouteV1Alpha2Spec(obj.spec), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -3742,169 +6964,181 @@ export function toJson_GrpcRouteSpecRulesFiltersExtensionRef(obj: GrpcRouteSpecR /* eslint-enable max-len, quote-props */ /** - * RequestHeaderModifier defines a schema for a filter that modifies request - * headers. - * - * - * Support: Core + * Spec defines the desired state of GRPCRoute. * - * @schema GrpcRouteSpecRulesFiltersRequestHeaderModifier + * @schema GrpcRouteV1Alpha2Spec */ -export interface GrpcRouteSpecRulesFiltersRequestHeaderModifier { +export interface GrpcRouteV1Alpha2Spec { /** - * Add adds the given header(s) (name, value) to the request - * before the action. It appends to any existing values associated - * with the header name. + * Hostnames defines a set of hostnames to match against the GRPC + * Host header to select a GRPCRoute to process the request. This matches + * the RFC 1123 definition of a hostname with 2 notable exceptions: * * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo + * 1. IPs are not allowed. + * 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard + * label MUST appear by itself as the first label. * * - * Config: - * add: - * - name: "my-header" - * value: "bar,baz" + * If a hostname is specified by both the Listener and GRPCRoute, there + * MUST be at least one intersecting hostname for the GRPCRoute to be + * attached to the Listener. For example: * * - * Output: - * GET /foo HTTP/1.1 - * my-header: foo,bar,baz + * * A Listener with `test.example.com` as the hostname matches GRPCRoutes + * that have either not specified any hostnames, or have specified at + * least one of `test.example.com` or `*.example.com`. + * * A Listener with `*.example.com` as the hostname matches GRPCRoutes + * that have either not specified any hostnames or have specified at least + * one hostname that matches the Listener hostname. For example, + * `test.example.com` and `*.example.com` would both match. On the other + * hand, `example.com` and `test.example.net` would not match. * - * @schema GrpcRouteSpecRulesFiltersRequestHeaderModifier#add - */ - readonly add?: GrpcRouteSpecRulesFiltersRequestHeaderModifierAdd[]; - - /** - * Remove the given header(s) from the HTTP request before the action. The - * value of Remove is a list of HTTP header names. Note that the header - * names are case-insensitive (see - * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). * + * Hostnames that are prefixed with a wildcard label (`*.`) are interpreted + * as a suffix match. That means that a match for `*.example.com` would match + * both `test.example.com`, and `foo.test.example.com`, but not `example.com`. * - * Input: - * GET /foo HTTP/1.1 - * my-header1: foo - * my-header2: bar - * my-header3: baz * + * If both the Listener and GRPCRoute have specified hostnames, any + * GRPCRoute hostnames that do not match the Listener hostname MUST be + * ignored. For example, if a Listener specified `*.example.com`, and the + * GRPCRoute specified `test.example.com` and `test.example.net`, + * `test.example.net` MUST NOT be considered for a match. * - * Config: - * remove: ["my-header1", "my-header3"] * + * If both the Listener and GRPCRoute have specified hostnames, and none + * match with the criteria above, then the GRPCRoute MUST NOT be accepted by + * the implementation. The implementation MUST raise an 'Accepted' Condition + * with a status of `False` in the corresponding RouteParentStatus. * - * Output: - * GET /foo HTTP/1.1 - * my-header2: bar * - * @schema GrpcRouteSpecRulesFiltersRequestHeaderModifier#remove - */ - readonly remove?: string[]; - - /** - * Set overwrites the request with the given header (name, value) - * before the action. + * If a Route (A) of type HTTPRoute or GRPCRoute is attached to a + * Listener and that listener already has another Route (B) of the other + * type attached and the intersection of the hostnames of A and B is + * non-empty, then the implementation MUST accept exactly one of these two + * routes, determined by the following criteria, in order: * * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo + * * The oldest Route based on creation timestamp. + * * The Route appearing first in alphabetical order by + * "{namespace}/{name}". * * - * Config: - * set: - * - name: "my-header" - * value: "bar" + * The rejected Route MUST raise an 'Accepted' condition with a status of + * 'False' in the corresponding RouteParentStatus. * * - * Output: - * GET /foo HTTP/1.1 - * my-header: bar + * Support: Core * - * @schema GrpcRouteSpecRulesFiltersRequestHeaderModifier#set + * @schema GrpcRouteV1Alpha2Spec#hostnames */ - readonly set?: GrpcRouteSpecRulesFiltersRequestHeaderModifierSet[]; - -} - -/** - * Converts an object of type 'GrpcRouteSpecRulesFiltersRequestHeaderModifier' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecRulesFiltersRequestHeaderModifier(obj: GrpcRouteSpecRulesFiltersRequestHeaderModifier | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'add': obj.add?.map(y => toJson_GrpcRouteSpecRulesFiltersRequestHeaderModifierAdd(y)), - 'remove': obj.remove?.map(y => y), - 'set': obj.set?.map(y => toJson_GrpcRouteSpecRulesFiltersRequestHeaderModifierSet(y)), - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ + readonly hostnames?: string[]; -/** - * RequestMirror defines a schema for a filter that mirrors requests. - * Requests are sent to the specified destination, but responses from - * that destination are ignored. - * - * - * This filter can be used multiple times within the same rule. Note that - * not all implementations will be able to support mirroring to multiple - * backends. - * - * - * Support: Extended - * - * @schema GrpcRouteSpecRulesFiltersRequestMirror - */ -export interface GrpcRouteSpecRulesFiltersRequestMirror { /** - * BackendRef references a resource where mirrored requests are sent. + * ParentRefs references the resources (usually Gateways) that a Route wants + * to be attached to. Note that the referenced parent resource needs to + * allow this for the attachment to be complete. For Gateways, that means + * the Gateway needs to allow attachment from Routes of this kind and + * namespace. For Services, that means the Service must either be in the same + * namespace for a "producer" route, or the mesh implementation must support + * and allow "consumer" routes for the referenced Service. ReferenceGrant is + * not applicable for governing ParentRefs to Services - it is not possible to + * create a "producer" route for a Service in a different namespace from the + * Route. + * + * + * There are two kinds of parent resources with "Core" support: + * + * + * * Gateway (Gateway conformance profile) + * * Service (Mesh conformance profile, ClusterIP Services only) + * + * + * This API may be extended in the future to support additional kinds of parent + * resources. + * + * + * ParentRefs must be _distinct_. This means either that: + * + * + * * They select different objects. If this is the case, then parentRef + * entries are distinct. In terms of fields, this means that the + * multi-part key defined by `group`, `kind`, `namespace`, and `name` must + * be unique across all parentRef entries in the Route. + * * They do not select different objects, but for each optional field used, + * each ParentRef that selects the same object must set the same set of + * optional fields to different values. If one ParentRef sets a + * combination of optional fields, all must set the same combination. * * - * Mirrored requests must be sent only to a single destination endpoint - * within this BackendRef, irrespective of how many endpoints are present - * within this BackendRef. + * Some examples: * * - * If the referent cannot be found, this BackendRef is invalid and must be - * dropped from the Gateway. The controller must ensure the "ResolvedRefs" - * condition on the Route status is set to `status: False` and not configure - * this backend in the underlying implementation. + * * If one ParentRef sets `sectionName`, all ParentRefs referencing the + * same object must also set `sectionName`. + * * If one ParentRef sets `port`, all ParentRefs referencing the same + * object must also set `port`. + * * If one ParentRef sets `sectionName` and `port`, all ParentRefs + * referencing the same object must also set `sectionName` and `port`. * * - * If there is a cross-namespace reference to an *existing* object - * that is not allowed by a ReferenceGrant, the controller must ensure the - * "ResolvedRefs" condition on the Route is set to `status: False`, - * with the "RefNotPermitted" reason and not configure this backend in the - * underlying implementation. + * It is possible to separately reference multiple distinct objects that may + * be collapsed by an implementation. For example, some implementations may + * choose to merge compatible Gateway Listeners together. If that is the + * case, the list of routes attached to those resources should also be + * merged. * * - * In either error case, the Message of the `ResolvedRefs` Condition - * should be used to provide more detail about the problem. + * Note that for ParentRefs that cross namespace boundaries, there are specific + * rules. Cross-namespace references are only valid if they are explicitly + * allowed by something in the namespace they are referring to. For example, + * Gateway has the AllowedRoutes field, and ReferenceGrant provides a + * generic way to enable other kinds of cross-namespace reference. * * - * Support: Extended for Kubernetes Service * + * ParentRefs from a Route to a Service in the same namespace are "producer" + * routes, which apply default routing rules to inbound connections from + * any namespace to the Service. * - * Support: Implementation-specific for any other resource * - * @schema GrpcRouteSpecRulesFiltersRequestMirror#backendRef + * ParentRefs from a Route to a Service in a different namespace are + * "consumer" routes, and these routing rules are only applied to outbound + * connections originating from the same namespace as the Route, for which + * the intended destination of the connections are a Service targeted as a + * ParentRef of the Route. + * + * + * + * + * + * + * + * + * @schema GrpcRouteV1Alpha2Spec#parentRefs */ - readonly backendRef: GrpcRouteSpecRulesFiltersRequestMirrorBackendRef; + readonly parentRefs?: GrpcRouteV1Alpha2SpecParentRefs[]; + + /** + * Rules are a list of GRPC matchers, filters and actions. + * + * @schema GrpcRouteV1Alpha2Spec#rules + */ + readonly rules?: GrpcRouteV1Alpha2SpecRules[]; } /** - * Converts an object of type 'GrpcRouteSpecRulesFiltersRequestMirror' to JSON representation. + * Converts an object of type 'GrpcRouteV1Alpha2Spec' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecRulesFiltersRequestMirror(obj: GrpcRouteSpecRulesFiltersRequestMirror | undefined): Record | undefined { +export function toJson_GrpcRouteV1Alpha2Spec(obj: GrpcRouteV1Alpha2Spec | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'backendRef': toJson_GrpcRouteSpecRulesFiltersRequestMirrorBackendRef(obj.backendRef), + 'hostnames': obj.hostnames?.map(y => y), + 'parentRefs': obj.parentRefs?.map(y => toJson_GrpcRouteV1Alpha2SpecParentRefs(y)), + 'rules': obj.rules?.map(y => toJson_GrpcRouteV1Alpha2SpecRules(y)), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -3912,202 +7146,187 @@ export function toJson_GrpcRouteSpecRulesFiltersRequestMirror(obj: GrpcRouteSpec /* eslint-enable max-len, quote-props */ /** - * ResponseHeaderModifier defines a schema for a filter that modifies response - * headers. + * ParentReference identifies an API object (usually a Gateway) that can be considered + * a parent of this resource (usually a route). There are two kinds of parent resources + * with "Core" support: * * - * Support: Extended + * * Gateway (Gateway conformance profile) + * * Service (Mesh conformance profile, ClusterIP Services only) * - * @schema GrpcRouteSpecRulesFiltersResponseHeaderModifier + * + * This API may be extended in the future to support additional kinds of parent + * resources. + * + * + * The API object must be valid in the cluster; the Group and Kind must + * be registered in the cluster for this reference to be valid. + * + * @schema GrpcRouteV1Alpha2SpecParentRefs */ -export interface GrpcRouteSpecRulesFiltersResponseHeaderModifier { +export interface GrpcRouteV1Alpha2SpecParentRefs { /** - * Add adds the given header(s) (name, value) to the request - * before the action. It appends to any existing values associated - * with the header name. + * Group is the group of the referent. + * When unspecified, "gateway.networking.k8s.io" is inferred. + * To set the core API group (such as for a "Service" kind referent), + * Group must be explicitly set to "" (empty string). * * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo + * Support: Core + * + * @schema GrpcRouteV1Alpha2SpecParentRefs#group + */ + readonly group?: string; + + /** + * Kind is kind of the referent. * * - * Config: - * add: - * - name: "my-header" - * value: "bar,baz" + * There are two kinds of parent resources with "Core" support: * * - * Output: - * GET /foo HTTP/1.1 - * my-header: foo,bar,baz + * * Gateway (Gateway conformance profile) + * * Service (Mesh conformance profile, ClusterIP Services only) * - * @schema GrpcRouteSpecRulesFiltersResponseHeaderModifier#add + * + * Support for other resources is Implementation-Specific. + * + * @schema GrpcRouteV1Alpha2SpecParentRefs#kind */ - readonly add?: GrpcRouteSpecRulesFiltersResponseHeaderModifierAdd[]; + readonly kind?: string; /** - * Remove the given header(s) from the HTTP request before the action. The - * value of Remove is a list of HTTP header names. Note that the header - * names are case-insensitive (see - * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + * Name is the name of the referent. * * - * Input: - * GET /foo HTTP/1.1 - * my-header1: foo - * my-header2: bar - * my-header3: baz + * Support: Core * + * @schema GrpcRouteV1Alpha2SpecParentRefs#name + */ + readonly name: string; + + /** + * Namespace is the namespace of the referent. When unspecified, this refers + * to the local namespace of the Route. * - * Config: - * remove: ["my-header1", "my-header3"] * + * Note that there are specific rules for ParentRefs which cross namespace + * boundaries. Cross-namespace references are only valid if they are explicitly + * allowed by something in the namespace they are referring to. For example: + * Gateway has the AllowedRoutes field, and ReferenceGrant provides a + * generic way to enable any other kind of cross-namespace reference. * - * Output: - * GET /foo HTTP/1.1 - * my-header2: bar * - * @schema GrpcRouteSpecRulesFiltersResponseHeaderModifier#remove - */ - readonly remove?: string[]; - - /** - * Set overwrites the request with the given header (name, value) - * before the action. * + * ParentRefs from a Route to a Service in the same namespace are "producer" + * routes, which apply default routing rules to inbound connections from + * any namespace to the Service. * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo * + * ParentRefs from a Route to a Service in a different namespace are + * "consumer" routes, and these routing rules are only applied to outbound + * connections originating from the same namespace as the Route, for which + * the intended destination of the connections are a Service targeted as a + * ParentRef of the Route. * - * Config: - * set: - * - name: "my-header" - * value: "bar" * * - * Output: - * GET /foo HTTP/1.1 - * my-header: bar + * Support: Core * - * @schema GrpcRouteSpecRulesFiltersResponseHeaderModifier#set + * @schema GrpcRouteV1Alpha2SpecParentRefs#namespace */ - readonly set?: GrpcRouteSpecRulesFiltersResponseHeaderModifierSet[]; - -} - -/** - * Converts an object of type 'GrpcRouteSpecRulesFiltersResponseHeaderModifier' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecRulesFiltersResponseHeaderModifier(obj: GrpcRouteSpecRulesFiltersResponseHeaderModifier | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'add': obj.add?.map(y => toJson_GrpcRouteSpecRulesFiltersResponseHeaderModifierAdd(y)), - 'remove': obj.remove?.map(y => y), - 'set': obj.set?.map(y => toJson_GrpcRouteSpecRulesFiltersResponseHeaderModifierSet(y)), - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ - -/** - * Type identifies the type of filter to apply. As with other API fields, - * types are classified into three conformance levels: - * - * - * - Core: Filter types and their corresponding configuration defined by - * "Support: Core" in this package, e.g. "RequestHeaderModifier". All - * implementations supporting GRPCRoute MUST support core filters. - * - * - * - Extended: Filter types and their corresponding configuration defined by - * "Support: Extended" in this package, e.g. "RequestMirror". Implementers - * are encouraged to support extended filters. - * - * - * - Implementation-specific: Filters that are defined and supported by specific vendors. - * In the future, filters showing convergence in behavior across multiple - * implementations will be considered for inclusion in extended or core - * conformance levels. Filter-specific configuration for such filters - * is specified using the ExtensionRef field. `Type` MUST be set to - * "ExtensionRef" for custom filters. - * - * - * Implementers are encouraged to define custom implementation types to - * extend the core API with implementation-specific behavior. - * - * - * If a reference to a custom filter type cannot be resolved, the filter - * MUST NOT be skipped. Instead, requests that would have been processed by - * that filter MUST receive a HTTP error response. - * - * - * - * - * @schema GrpcRouteSpecRulesFiltersType - */ -export enum GrpcRouteSpecRulesFiltersType { - /** ResponseHeaderModifier */ - RESPONSE_HEADER_MODIFIER = "ResponseHeaderModifier", - /** RequestHeaderModifier */ - REQUEST_HEADER_MODIFIER = "RequestHeaderModifier", - /** RequestMirror */ - REQUEST_MIRROR = "RequestMirror", - /** ExtensionRef */ - EXTENSION_REF = "ExtensionRef", -} + readonly namespace?: string; -/** - * GRPCHeaderMatch describes how to select a gRPC route by matching gRPC request - * headers. - * - * @schema GrpcRouteSpecRulesMatchesHeaders - */ -export interface GrpcRouteSpecRulesMatchesHeaders { /** - * Name is the name of the gRPC Header to be matched. + * Port is the network port this Route targets. It can be interpreted + * differently based on the type of parent resource. + * + * + * When the parent resource is a Gateway, this targets all listeners + * listening on the specified port that also support this kind of Route(and + * select this Route). It's not recommended to set `Port` unless the + * networking behaviors specified in a Route must apply to a specific port + * as opposed to a listener(s) whose port(s) may be changed. When both Port + * and SectionName are specified, the name and port of the selected listener + * must match both specified values. + * + * + * + * When the parent resource is a Service, this targets a specific port in the + * Service spec. When both Port (experimental) and SectionName are specified, + * the name and port of the selected port must match both specified values. * * - * If multiple entries specify equivalent header names, only the first - * entry with an equivalent name MUST be considered for a match. Subsequent - * entries with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. * - * @schema GrpcRouteSpecRulesMatchesHeaders#name - */ - readonly name: string; - - /** - * Type specifies how to match against the value of the header. + * Implementations MAY choose to support other parent resources. + * Implementations supporting other types of parent resources MUST clearly + * document how/if Port is interpreted. * - * @schema GrpcRouteSpecRulesMatchesHeaders#type + * + * For the purpose of status, an attachment is considered successful as + * long as the parent resource accepts it partially. For example, Gateway + * listeners can restrict which Routes can attach to them by Route kind, + * namespace, or hostname. If 1 of 2 Gateway listeners accept attachment + * from the referencing Route, the Route MUST be considered successfully + * attached. If no Gateway listeners accept attachment from this Route, + * the Route MUST be considered detached from the Gateway. + * + * + * Support: Extended + * + * @schema GrpcRouteV1Alpha2SpecParentRefs#port */ - readonly type?: GrpcRouteSpecRulesMatchesHeadersType; + readonly port?: number; /** - * Value is the value of the gRPC Header to be matched. + * SectionName is the name of a section within the target resource. In the + * following resources, SectionName is interpreted as the following: * - * @schema GrpcRouteSpecRulesMatchesHeaders#value + * + * * Gateway: Listener name. When both Port (experimental) and SectionName + * are specified, the name and port of the selected listener must match + * both specified values. + * * Service: Port name. When both Port (experimental) and SectionName + * are specified, the name and port of the selected listener must match + * both specified values. + * + * + * Implementations MAY choose to support attaching Routes to other resources. + * If that is the case, they MUST clearly document how SectionName is + * interpreted. + * + * + * When unspecified (empty string), this will reference the entire resource. + * For the purpose of status, an attachment is considered successful if at + * least one section in the parent resource accepts it. For example, Gateway + * listeners can restrict which Routes can attach to them by Route kind, + * namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from + * the referencing Route, the Route MUST be considered successfully + * attached. If no Gateway listeners accept attachment from this Route, the + * Route MUST be considered detached from the Gateway. + * + * + * Support: Core + * + * @schema GrpcRouteV1Alpha2SpecParentRefs#sectionName */ - readonly value: string; + readonly sectionName?: string; } /** - * Converts an object of type 'GrpcRouteSpecRulesMatchesHeaders' to JSON representation. + * Converts an object of type 'GrpcRouteV1Alpha2SpecParentRefs' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecRulesMatchesHeaders(obj: GrpcRouteSpecRulesMatchesHeaders | undefined): Record | undefined { +export function toJson_GrpcRouteV1Alpha2SpecParentRefs(obj: GrpcRouteV1Alpha2SpecParentRefs | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { + 'group': obj.group, + 'kind': obj.kind, 'name': obj.name, - 'type': obj.type, - 'value': obj.value, + 'namespace': obj.namespace, + 'port': obj.port, + 'sectionName': obj.sectionName, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -4115,218 +7334,184 @@ export function toJson_GrpcRouteSpecRulesMatchesHeaders(obj: GrpcRouteSpecRulesM /* eslint-enable max-len, quote-props */ /** - * Method specifies a gRPC request service/method matcher. If this field is - * not specified, all services and methods will match. + * GRPCRouteRule defines the semantics for matching a gRPC request based on + * conditions (matches), processing it (filters), and forwarding the request to + * an API object (backendRefs). * - * @schema GrpcRouteSpecRulesMatchesMethod + * @schema GrpcRouteV1Alpha2SpecRules */ -export interface GrpcRouteSpecRulesMatchesMethod { +export interface GrpcRouteV1Alpha2SpecRules { /** - * Value of the method to match against. If left empty or omitted, will - * match all services. + * BackendRefs defines the backend(s) where matching requests should be + * sent. * * - * At least one of Service and Method MUST be a non-empty string. + * Failure behavior here depends on how many BackendRefs are specified and + * how many are invalid. * - * @schema GrpcRouteSpecRulesMatchesMethod#method - */ - readonly method?: string; - - /** - * Value of the service to match against. If left empty or omitted, will - * match any service. * + * If *all* entries in BackendRefs are invalid, and there are also no filters + * specified in this route rule, *all* traffic which matches this rule MUST + * receive an `UNAVAILABLE` status. * - * At least one of Service and Method MUST be a non-empty string. * - * @schema GrpcRouteSpecRulesMatchesMethod#service - */ - readonly service?: string; - - /** - * Type specifies how to match against the service and/or method. - * Support: Core (Exact with service and method specified) + * See the GRPCBackendRef definition for the rules about what makes a single + * GRPCBackendRef invalid. * * - * Support: Implementation-specific (Exact with method specified but no service specified) + * When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for + * requests that would have otherwise been routed to an invalid backend. If + * multiple backends are specified, and some are invalid, the proportion of + * requests that would otherwise have been routed to an invalid backend + * MUST receive an `UNAVAILABLE` status. * * - * Support: Implementation-specific (RegularExpression) + * For example, if two backends are specified with equal weights, and one is + * invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. + * Implementations may choose how that 50 percent is determined. * - * @schema GrpcRouteSpecRulesMatchesMethod#type - */ - readonly type?: GrpcRouteSpecRulesMatchesMethodType; - -} - -/** - * Converts an object of type 'GrpcRouteSpecRulesMatchesMethod' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecRulesMatchesMethod(obj: GrpcRouteSpecRulesMatchesMethod | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'method': obj.method, - 'service': obj.service, - 'type': obj.type, - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ - -/** - * ExtensionRef is an optional, implementation-specific extension to the - * "filter" behavior. For example, resource "myroutefilter" in group - * "networking.example.net"). ExtensionRef MUST NOT be used for core and - * extended filters. - * - * - * Support: Implementation-specific - * - * - * This filter can be used multiple times within the same rule. - * - * @schema GrpcRouteSpecRulesBackendRefsFiltersExtensionRef - */ -export interface GrpcRouteSpecRulesBackendRefsFiltersExtensionRef { - /** - * Group is the group of the referent. For example, "gateway.networking.k8s.io". - * When unspecified or empty string, core API group is inferred. * - * @schema GrpcRouteSpecRulesBackendRefsFiltersExtensionRef#group - */ - readonly group: string; - - /** - * Kind is kind of the referent. For example "HTTPRoute" or "Service". + * Support: Core for Kubernetes Service * - * @schema GrpcRouteSpecRulesBackendRefsFiltersExtensionRef#kind + * + * Support: Implementation-specific for any other resource + * + * + * Support for weight: Core + * + * @schema GrpcRouteV1Alpha2SpecRules#backendRefs */ - readonly kind: string; + readonly backendRefs?: GrpcRouteV1Alpha2SpecRulesBackendRefs[]; /** - * Name is the name of the referent. + * Filters define the filters that are applied to requests that match + * this rule. * - * @schema GrpcRouteSpecRulesBackendRefsFiltersExtensionRef#name + * + * The effects of ordering of multiple behaviors are currently unspecified. + * This can change in the future based on feedback during the alpha stage. + * + * + * Conformance-levels at this level are defined based on the type of filter: + * + * + * - ALL core filters MUST be supported by all implementations that support + * GRPCRoute. + * - Implementers are encouraged to support extended filters. + * - Implementation-specific custom filters have no API guarantees across + * implementations. + * + * + * Specifying the same filter multiple times is not supported unless explicitly + * indicated in the filter. + * + * + * If an implementation can not support a combination of filters, it must clearly + * document that limitation. In cases where incompatible or unsupported + * filters are specified and cause the `Accepted` condition to be set to status + * `False`, implementations may use the `IncompatibleFilters` reason to specify + * this configuration error. + * + * + * Support: Core + * + * @schema GrpcRouteV1Alpha2SpecRules#filters */ - readonly name: string; - -} - -/** - * Converts an object of type 'GrpcRouteSpecRulesBackendRefsFiltersExtensionRef' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecRulesBackendRefsFiltersExtensionRef(obj: GrpcRouteSpecRulesBackendRefsFiltersExtensionRef | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'group': obj.group, - 'kind': obj.kind, - 'name': obj.name, - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ + readonly filters?: GrpcRouteV1Alpha2SpecRulesFilters[]; -/** - * RequestHeaderModifier defines a schema for a filter that modifies request - * headers. - * - * - * Support: Core - * - * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifier - */ -export interface GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifier { /** - * Add adds the given header(s) (name, value) to the request - * before the action. It appends to any existing values associated - * with the header name. + * Matches define conditions used for matching the rule against incoming + * gRPC requests. Each match is independent, i.e. this rule will be matched + * if **any** one of the matches is satisfied. + * + * + * For example, take the following matches configuration: + * + * + * ``` + * matches: + * - method: + * service: foo.bar + * headers: + * values: + * version: 2 + * - method: + * service: foo.bar.v2 + * ``` * * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo + * For a request to match against this rule, it MUST satisfy + * EITHER of the two conditions: * * - * Config: - * add: - * - name: "my-header" - * value: "bar,baz" + * - service of foo.bar AND contains the header `version: 2` + * - service of foo.bar.v2 * * - * Output: - * GET /foo HTTP/1.1 - * my-header: foo,bar,baz + * See the documentation for GRPCRouteMatch on how to specify multiple + * match conditions to be ANDed together. * - * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifier#add - */ - readonly add?: GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd[]; - - /** - * Remove the given header(s) from the HTTP request before the action. The - * value of Remove is a list of HTTP header names. Note that the header - * names are case-insensitive (see - * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). * + * If no matches are specified, the implementation MUST match every gRPC request. * - * Input: - * GET /foo HTTP/1.1 - * my-header1: foo - * my-header2: bar - * my-header3: baz * + * Proxy or Load Balancer routing configuration generated from GRPCRoutes + * MUST prioritize rules based on the following criteria, continuing on + * ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. + * Precedence MUST be given to the rule with the largest number of: * - * Config: - * remove: ["my-header1", "my-header3"] * + * * Characters in a matching non-wildcard hostname. + * * Characters in a matching hostname. + * * Characters in a matching service. + * * Characters in a matching method. + * * Header matches. * - * Output: - * GET /foo HTTP/1.1 - * my-header2: bar * - * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifier#remove + * If ties still exist across multiple Routes, matching precedence MUST be + * determined in order of the following criteria, continuing on ties: + * + * + * * The oldest Route based on creation timestamp. + * * The Route appearing first in alphabetical order by + * "{namespace}/{name}". + * + * + * If ties still exist within the Route that has been given precedence, + * matching precedence MUST be granted to the first matching rule meeting + * the above criteria. + * + * @schema GrpcRouteV1Alpha2SpecRules#matches */ - readonly remove?: string[]; + readonly matches?: GrpcRouteV1Alpha2SpecRulesMatches[]; /** - * Set overwrites the request with the given header (name, value) - * before the action. - * + * SessionPersistence defines and configures session persistence + * for the route rule. * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo * + * Support: Extended * - * Config: - * set: - * - name: "my-header" - * value: "bar" * * - * Output: - * GET /foo HTTP/1.1 - * my-header: bar * - * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifier#set + * @schema GrpcRouteV1Alpha2SpecRules#sessionPersistence */ - readonly set?: GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet[]; + readonly sessionPersistence?: GrpcRouteV1Alpha2SpecRulesSessionPersistence; } /** - * Converts an object of type 'GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifier' to JSON representation. + * Converts an object of type 'GrpcRouteV1Alpha2SpecRules' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifier(obj: GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifier | undefined): Record | undefined { +export function toJson_GrpcRouteV1Alpha2SpecRules(obj: GrpcRouteV1Alpha2SpecRules | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'add': obj.add?.map(y => toJson_GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd(y)), - 'remove': obj.remove?.map(y => y), - 'set': obj.set?.map(y => toJson_GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet(y)), + 'backendRefs': obj.backendRefs?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesBackendRefs(y)), + 'filters': obj.filters?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesFilters(y)), + 'matches': obj.matches?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesMatches(y)), + 'sessionPersistence': toJson_GrpcRouteV1Alpha2SpecRulesSessionPersistence(obj.sessionPersistence), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -4334,66 +7519,158 @@ export function toJson_GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifier /* eslint-enable max-len, quote-props */ /** - * RequestMirror defines a schema for a filter that mirrors requests. - * Requests are sent to the specified destination, but responses from - * that destination are ignored. + * GRPCBackendRef defines how a GRPCRoute forwards a gRPC request. * * - * This filter can be used multiple times within the same rule. Note that - * not all implementations will be able to support mirroring to multiple - * backends. + * Note that when a namespace different than the local namespace is specified, a + * ReferenceGrant object is required in the referent namespace to allow that + * namespace's owner to accept the reference. See the ReferenceGrant + * documentation for details. * * - * Support: Extended + * * - * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestMirror + * + * When the BackendRef points to a Kubernetes Service, implementations SHOULD + * honor the appProtocol field if it is set for the target Service Port. + * + * + * Implementations supporting appProtocol SHOULD recognize the Kubernetes + * Standard Application Protocols defined in KEP-3726. + * + * + * If a Service appProtocol isn't specified, an implementation MAY infer the + * backend protocol through its own means. Implementations MAY infer the + * protocol from the Route type referring to the backend Service. + * + * + * If a Route is not able to send traffic to the backend using the specified + * protocol then the backend is considered invalid. Implementations MUST set the + * "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason. + * + * + * + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefs */ -export interface GrpcRouteSpecRulesBackendRefsFiltersRequestMirror { +export interface GrpcRouteV1Alpha2SpecRulesBackendRefs { /** - * BackendRef references a resource where mirrored requests are sent. + * Filters defined at this level MUST be executed if and only if the + * request is being forwarded to the backend defined here. * * - * Mirrored requests must be sent only to a single destination endpoint - * within this BackendRef, irrespective of how many endpoints are present - * within this BackendRef. + * Support: Implementation-specific (For broader support of filters, use the + * Filters field in GRPCRouteRule.) * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefs#filters + */ + readonly filters?: GrpcRouteV1Alpha2SpecRulesBackendRefsFilters[]; + + /** + * Group is the group of the referent. For example, "gateway.networking.k8s.io". + * When unspecified or empty string, core API group is inferred. * - * If the referent cannot be found, this BackendRef is invalid and must be - * dropped from the Gateway. The controller must ensure the "ResolvedRefs" - * condition on the Route status is set to `status: False` and not configure - * this backend in the underlying implementation. + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefs#group + */ + readonly group?: string; + + /** + * Kind is the Kubernetes resource kind of the referent. For example + * "Service". * * - * If there is a cross-namespace reference to an *existing* object - * that is not allowed by a ReferenceGrant, the controller must ensure the - * "ResolvedRefs" condition on the Route is set to `status: False`, - * with the "RefNotPermitted" reason and not configure this backend in the - * underlying implementation. + * Defaults to "Service" when not specified. * * - * In either error case, the Message of the `ResolvedRefs` Condition - * should be used to provide more detail about the problem. + * ExternalName services can refer to CNAME DNS records that may live + * outside of the cluster and as such are difficult to reason about in + * terms of conformance. They also may not be safe to forward to (see + * CVE-2021-25740 for more information). Implementations SHOULD NOT + * support ExternalName Services. * * - * Support: Extended for Kubernetes Service + * Support: Core (Services with a type other than ExternalName) * * - * Support: Implementation-specific for any other resource + * Support: Implementation-specific (Services with type ExternalName) * - * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestMirror#backendRef + * @default Service" when not specified. + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefs#kind */ - readonly backendRef: GrpcRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef; + readonly kind?: string; + + /** + * Name is the name of the referent. + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefs#name + */ + readonly name: string; + + /** + * Namespace is the namespace of the backend. When unspecified, the local + * namespace is inferred. + * + * + * Note that when a namespace different than the local namespace is specified, + * a ReferenceGrant object is required in the referent namespace to allow that + * namespace's owner to accept the reference. See the ReferenceGrant + * documentation for details. + * + * + * Support: Core + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefs#namespace + */ + readonly namespace?: string; + + /** + * Port specifies the destination port number to use for this resource. + * Port is required when the referent is a Kubernetes Service. In this + * case, the port number is the service port number, not the target port. + * For other resources, destination port might be derived from the referent + * resource or this field. + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefs#port + */ + readonly port?: number; + + /** + * Weight specifies the proportion of requests forwarded to the referenced + * backend. This is computed as weight/(sum of all weights in this + * BackendRefs list). For non-zero values, there may be some epsilon from + * the exact proportion defined here depending on the precision an + * implementation supports. Weight is not a percentage and the sum of + * weights does not need to equal 100. + * + * + * If only one backend is specified and it has a weight greater than 0, 100% + * of the traffic is forwarded to that backend. If weight is set to 0, no + * traffic should be forwarded for this entry. If unspecified, weight + * defaults to 1. + * + * + * Support for this field varies based on the context where used. + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefs#weight + */ + readonly weight?: number; } /** - * Converts an object of type 'GrpcRouteSpecRulesBackendRefsFiltersRequestMirror' to JSON representation. + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesBackendRefs' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecRulesBackendRefsFiltersRequestMirror(obj: GrpcRouteSpecRulesBackendRefsFiltersRequestMirror | undefined): Record | undefined { +export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefs(obj: GrpcRouteV1Alpha2SpecRulesBackendRefs | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'backendRef': toJson_GrpcRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef(obj.backendRef), + 'filters': obj.filters?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFilters(y)), + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + 'namespace': obj.namespace, + 'port': obj.port, + 'weight': obj.weight, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -4401,102 +7678,123 @@ export function toJson_GrpcRouteSpecRulesBackendRefsFiltersRequestMirror(obj: Gr /* eslint-enable max-len, quote-props */ /** - * ResponseHeaderModifier defines a schema for a filter that modifies response - * headers. - * - * - * Support: Extended + * GRPCRouteFilter defines processing steps that must be completed during the + * request or response lifecycle. GRPCRouteFilters are meant as an extension + * point to express processing that may be done in Gateway implementations. Some + * examples include request or response modification, implementing + * authentication strategies, rate-limiting, and traffic shaping. API + * guarantee/conformance is defined based on the type of the filter. * - * @schema GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifier + * @schema GrpcRouteV1Alpha2SpecRulesFilters */ -export interface GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifier { +export interface GrpcRouteV1Alpha2SpecRulesFilters { /** - * Add adds the given header(s) (name, value) to the request - * before the action. It appends to any existing values associated - * with the header name. + * ExtensionRef is an optional, implementation-specific extension to the + * "filter" behavior. For example, resource "myroutefilter" in group + * "networking.example.net"). ExtensionRef MUST NOT be used for core and + * extended filters. * * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo + * Support: Implementation-specific * * - * Config: - * add: - * - name: "my-header" - * value: "bar,baz" + * This filter can be used multiple times within the same rule. * + * @schema GrpcRouteV1Alpha2SpecRulesFilters#extensionRef + */ + readonly extensionRef?: GrpcRouteV1Alpha2SpecRulesFiltersExtensionRef; + + /** + * RequestHeaderModifier defines a schema for a filter that modifies request + * headers. * - * Output: - * GET /foo HTTP/1.1 - * my-header: foo,bar,baz * - * @schema GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifier#add + * Support: Core + * + * @schema GrpcRouteV1Alpha2SpecRulesFilters#requestHeaderModifier */ - readonly add?: GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd[]; + readonly requestHeaderModifier?: GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifier; /** - * Remove the given header(s) from the HTTP request before the action. The - * value of Remove is a list of HTTP header names. Note that the header - * names are case-insensitive (see - * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + * RequestMirror defines a schema for a filter that mirrors requests. + * Requests are sent to the specified destination, but responses from + * that destination are ignored. * * - * Input: - * GET /foo HTTP/1.1 - * my-header1: foo - * my-header2: bar - * my-header3: baz + * This filter can be used multiple times within the same rule. Note that + * not all implementations will be able to support mirroring to multiple + * backends. * * - * Config: - * remove: ["my-header1", "my-header3"] + * Support: Extended * + * @schema GrpcRouteV1Alpha2SpecRulesFilters#requestMirror + */ + readonly requestMirror?: GrpcRouteV1Alpha2SpecRulesFiltersRequestMirror; + + /** + * ResponseHeaderModifier defines a schema for a filter that modifies response + * headers. * - * Output: - * GET /foo HTTP/1.1 - * my-header2: bar * - * @schema GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifier#remove + * Support: Extended + * + * @schema GrpcRouteV1Alpha2SpecRulesFilters#responseHeaderModifier */ - readonly remove?: string[]; + readonly responseHeaderModifier?: GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifier; /** - * Set overwrites the request with the given header (name, value) - * before the action. + * Type identifies the type of filter to apply. As with other API fields, + * types are classified into three conformance levels: * * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo + * - Core: Filter types and their corresponding configuration defined by + * "Support: Core" in this package, e.g. "RequestHeaderModifier". All + * implementations supporting GRPCRoute MUST support core filters. * * - * Config: - * set: - * - name: "my-header" - * value: "bar" + * - Extended: Filter types and their corresponding configuration defined by + * "Support: Extended" in this package, e.g. "RequestMirror". Implementers + * are encouraged to support extended filters. * * - * Output: - * GET /foo HTTP/1.1 - * my-header: bar + * - Implementation-specific: Filters that are defined and supported by specific vendors. + * In the future, filters showing convergence in behavior across multiple + * implementations will be considered for inclusion in extended or core + * conformance levels. Filter-specific configuration for such filters + * is specified using the ExtensionRef field. `Type` MUST be set to + * "ExtensionRef" for custom filters. * - * @schema GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifier#set + * + * Implementers are encouraged to define custom implementation types to + * extend the core API with implementation-specific behavior. + * + * + * If a reference to a custom filter type cannot be resolved, the filter + * MUST NOT be skipped. Instead, requests that would have been processed by + * that filter MUST receive a HTTP error response. + * + * + * + * + * @schema GrpcRouteV1Alpha2SpecRulesFilters#type */ - readonly set?: GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet[]; + readonly type: GrpcRouteV1Alpha2SpecRulesFiltersType; } /** - * Converts an object of type 'GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifier' to JSON representation. + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesFilters' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifier(obj: GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifier | undefined): Record | undefined { +export function toJson_GrpcRouteV1Alpha2SpecRulesFilters(obj: GrpcRouteV1Alpha2SpecRulesFilters | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'add': obj.add?.map(y => toJson_GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd(y)), - 'remove': obj.remove?.map(y => y), - 'set': obj.set?.map(y => toJson_GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet(y)), + 'extensionRef': toJson_GrpcRouteV1Alpha2SpecRulesFiltersExtensionRef(obj.extensionRef), + 'requestHeaderModifier': toJson_GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifier(obj.requestHeaderModifier), + 'requestMirror': toJson_GrpcRouteV1Alpha2SpecRulesFiltersRequestMirror(obj.requestMirror), + 'responseHeaderModifier': toJson_GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifier(obj.responseHeaderModifier), + 'type': obj.type, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -4504,136 +7802,58 @@ export function toJson_GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifie /* eslint-enable max-len, quote-props */ /** - * Type identifies the type of filter to apply. As with other API fields, - * types are classified into three conformance levels: - * - * - * - Core: Filter types and their corresponding configuration defined by - * "Support: Core" in this package, e.g. "RequestHeaderModifier". All - * implementations supporting GRPCRoute MUST support core filters. - * - * - * - Extended: Filter types and their corresponding configuration defined by - * "Support: Extended" in this package, e.g. "RequestMirror". Implementers - * are encouraged to support extended filters. - * - * - * - Implementation-specific: Filters that are defined and supported by specific vendors. - * In the future, filters showing convergence in behavior across multiple - * implementations will be considered for inclusion in extended or core - * conformance levels. Filter-specific configuration for such filters - * is specified using the ExtensionRef field. `Type` MUST be set to - * "ExtensionRef" for custom filters. - * - * - * Implementers are encouraged to define custom implementation types to - * extend the core API with implementation-specific behavior. - * + * GRPCRouteMatch defines the predicate used to match requests to a given + * action. Multiple match types are ANDed together, i.e. the match will + * evaluate to true only if all conditions are satisfied. * - * If a reference to a custom filter type cannot be resolved, the filter - * MUST NOT be skipped. Instead, requests that would have been processed by - * that filter MUST receive a HTTP error response. * + * For example, the match below will match a gRPC request only if its service + * is `foo` AND it contains the `version: v1` header: * * + * ``` + * matches: + * - method: + * type: Exact + * service: "foo" + * headers: + * - name: "version" + * value "v1" * - * @schema GrpcRouteSpecRulesBackendRefsFiltersType - */ -export enum GrpcRouteSpecRulesBackendRefsFiltersType { - /** ResponseHeaderModifier */ - RESPONSE_HEADER_MODIFIER = "ResponseHeaderModifier", - /** RequestHeaderModifier */ - REQUEST_HEADER_MODIFIER = "RequestHeaderModifier", - /** RequestMirror */ - REQUEST_MIRROR = "RequestMirror", - /** ExtensionRef */ - EXTENSION_REF = "ExtensionRef", -} - -/** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. * - * @schema GrpcRouteSpecRulesFiltersRequestHeaderModifierAdd - */ -export interface GrpcRouteSpecRulesFiltersRequestHeaderModifierAdd { - /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). - * - * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. - * - * @schema GrpcRouteSpecRulesFiltersRequestHeaderModifierAdd#name - */ - readonly name: string; - - /** - * Value is the value of HTTP Header to be matched. - * - * @schema GrpcRouteSpecRulesFiltersRequestHeaderModifierAdd#value - */ - readonly value: string; - -} - -/** - * Converts an object of type 'GrpcRouteSpecRulesFiltersRequestHeaderModifierAdd' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecRulesFiltersRequestHeaderModifierAdd(obj: GrpcRouteSpecRulesFiltersRequestHeaderModifierAdd | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'name': obj.name, - 'value': obj.value, - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ - -/** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * ``` * - * @schema GrpcRouteSpecRulesFiltersRequestHeaderModifierSet + * @schema GrpcRouteV1Alpha2SpecRulesMatches */ -export interface GrpcRouteSpecRulesFiltersRequestHeaderModifierSet { +export interface GrpcRouteV1Alpha2SpecRulesMatches { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). - * - * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * Headers specifies gRPC request header matchers. Multiple match values are + * ANDed together, meaning, a request MUST match all the specified headers + * to select the route. * - * @schema GrpcRouteSpecRulesFiltersRequestHeaderModifierSet#name + * @schema GrpcRouteV1Alpha2SpecRulesMatches#headers */ - readonly name: string; + readonly headers?: GrpcRouteV1Alpha2SpecRulesMatchesHeaders[]; /** - * Value is the value of HTTP Header to be matched. + * Method specifies a gRPC request service/method matcher. If this field is + * not specified, all services and methods will match. * - * @schema GrpcRouteSpecRulesFiltersRequestHeaderModifierSet#value + * @schema GrpcRouteV1Alpha2SpecRulesMatches#method */ - readonly value: string; + readonly method?: GrpcRouteV1Alpha2SpecRulesMatchesMethod; } /** - * Converts an object of type 'GrpcRouteSpecRulesFiltersRequestHeaderModifierSet' to JSON representation. + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesMatches' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecRulesFiltersRequestHeaderModifierSet(obj: GrpcRouteSpecRulesFiltersRequestHeaderModifierSet | undefined): Record | undefined { +export function toJson_GrpcRouteV1Alpha2SpecRulesMatches(obj: GrpcRouteV1Alpha2SpecRulesMatches | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'name': obj.name, - 'value': obj.value, + 'headers': obj.headers?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesMatchesHeaders(y)), + 'method': toJson_GrpcRouteV1Alpha2SpecRulesMatchesMethod(obj.method), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -4641,121 +7861,96 @@ export function toJson_GrpcRouteSpecRulesFiltersRequestHeaderModifierSet(obj: Gr /* eslint-enable max-len, quote-props */ /** - * BackendRef references a resource where mirrored requests are sent. - * - * - * Mirrored requests must be sent only to a single destination endpoint - * within this BackendRef, irrespective of how many endpoints are present - * within this BackendRef. - * - * - * If the referent cannot be found, this BackendRef is invalid and must be - * dropped from the Gateway. The controller must ensure the "ResolvedRefs" - * condition on the Route status is set to `status: False` and not configure - * this backend in the underlying implementation. - * - * - * If there is a cross-namespace reference to an *existing* object - * that is not allowed by a ReferenceGrant, the controller must ensure the - * "ResolvedRefs" condition on the Route is set to `status: False`, - * with the "RefNotPermitted" reason and not configure this backend in the - * underlying implementation. - * + * SessionPersistence defines and configures session persistence + * for the route rule. * - * In either error case, the Message of the `ResolvedRefs` Condition - * should be used to provide more detail about the problem. * + * Support: Extended * - * Support: Extended for Kubernetes Service * * - * Support: Implementation-specific for any other resource * - * @schema GrpcRouteSpecRulesFiltersRequestMirrorBackendRef + * @schema GrpcRouteV1Alpha2SpecRulesSessionPersistence */ -export interface GrpcRouteSpecRulesFiltersRequestMirrorBackendRef { +export interface GrpcRouteV1Alpha2SpecRulesSessionPersistence { /** - * Group is the group of the referent. For example, "gateway.networking.k8s.io". - * When unspecified or empty string, core API group is inferred. + * AbsoluteTimeout defines the absolute timeout of the persistent + * session. Once the AbsoluteTimeout duration has elapsed, the + * session becomes invalid. * - * @schema GrpcRouteSpecRulesFiltersRequestMirrorBackendRef#group + * + * Support: Extended + * + * @schema GrpcRouteV1Alpha2SpecRulesSessionPersistence#absoluteTimeout */ - readonly group?: string; + readonly absoluteTimeout?: string; /** - * Kind is the Kubernetes resource kind of the referent. For example - * "Service". - * - * - * Defaults to "Service" when not specified. - * + * CookieConfig provides configuration settings that are specific + * to cookie-based session persistence. * - * ExternalName services can refer to CNAME DNS records that may live - * outside of the cluster and as such are difficult to reason about in - * terms of conformance. They also may not be safe to forward to (see - * CVE-2021-25740 for more information). Implementations SHOULD NOT - * support ExternalName Services. * + * Support: Core * - * Support: Core (Services with a type other than ExternalName) + * @schema GrpcRouteV1Alpha2SpecRulesSessionPersistence#cookieConfig + */ + readonly cookieConfig?: GrpcRouteV1Alpha2SpecRulesSessionPersistenceCookieConfig; + + /** + * IdleTimeout defines the idle timeout of the persistent session. + * Once the session has been idle for more than the specified + * IdleTimeout duration, the session becomes invalid. * * - * Support: Implementation-specific (Services with type ExternalName) + * Support: Extended * - * @default Service" when not specified. - * @schema GrpcRouteSpecRulesFiltersRequestMirrorBackendRef#kind + * @schema GrpcRouteV1Alpha2SpecRulesSessionPersistence#idleTimeout */ - readonly kind?: string; + readonly idleTimeout?: string; /** - * Name is the name of the referent. + * SessionName defines the name of the persistent session token + * which may be reflected in the cookie or the header. Users + * should avoid reusing session names to prevent unintended + * consequences, such as rejection or unpredictable behavior. * - * @schema GrpcRouteSpecRulesFiltersRequestMirrorBackendRef#name + * + * Support: Implementation-specific + * + * @schema GrpcRouteV1Alpha2SpecRulesSessionPersistence#sessionName */ - readonly name: string; + readonly sessionName?: string; /** - * Namespace is the namespace of the backend. When unspecified, the local - * namespace is inferred. - * + * Type defines the type of session persistence such as through + * the use a header or cookie. Defaults to cookie based session + * persistence. * - * Note that when a namespace different than the local namespace is specified, - * a ReferenceGrant object is required in the referent namespace to allow that - * namespace's owner to accept the reference. See the ReferenceGrant - * documentation for details. * + * Support: Core for "Cookie" type * - * Support: Core * - * @schema GrpcRouteSpecRulesFiltersRequestMirrorBackendRef#namespace - */ - readonly namespace?: string; - - /** - * Port specifies the destination port number to use for this resource. - * Port is required when the referent is a Kubernetes Service. In this - * case, the port number is the service port number, not the target port. - * For other resources, destination port might be derived from the referent - * resource or this field. + * Support: Extended for "Header" type * - * @schema GrpcRouteSpecRulesFiltersRequestMirrorBackendRef#port + * @default cookie based session + * @schema GrpcRouteV1Alpha2SpecRulesSessionPersistence#type */ - readonly port?: number; + readonly type?: GrpcRouteV1Alpha2SpecRulesSessionPersistenceType; } /** - * Converts an object of type 'GrpcRouteSpecRulesFiltersRequestMirrorBackendRef' to JSON representation. + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesSessionPersistence' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecRulesFiltersRequestMirrorBackendRef(obj: GrpcRouteSpecRulesFiltersRequestMirrorBackendRef | undefined): Record | undefined { +export function toJson_GrpcRouteV1Alpha2SpecRulesSessionPersistence(obj: GrpcRouteV1Alpha2SpecRulesSessionPersistence | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'group': obj.group, - 'kind': obj.kind, - 'name': obj.name, - 'namespace': obj.namespace, - 'port': obj.port, + 'absoluteTimeout': obj.absoluteTimeout, + 'cookieConfig': toJson_GrpcRouteV1Alpha2SpecRulesSessionPersistenceCookieConfig(obj.cookieConfig), + 'idleTimeout': obj.idleTimeout, + 'sessionName': obj.sessionName, + 'type': obj.type, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -4763,44 +7958,123 @@ export function toJson_GrpcRouteSpecRulesFiltersRequestMirrorBackendRef(obj: Grp /* eslint-enable max-len, quote-props */ /** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * GRPCRouteFilter defines processing steps that must be completed during the + * request or response lifecycle. GRPCRouteFilters are meant as an extension + * point to express processing that may be done in Gateway implementations. Some + * examples include request or response modification, implementing + * authentication strategies, rate-limiting, and traffic shaping. API + * guarantee/conformance is defined based on the type of the filter. * - * @schema GrpcRouteSpecRulesFiltersResponseHeaderModifierAdd + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFilters */ -export interface GrpcRouteSpecRulesFiltersResponseHeaderModifierAdd { +export interface GrpcRouteV1Alpha2SpecRulesBackendRefsFilters { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + * ExtensionRef is an optional, implementation-specific extension to the + * "filter" behavior. For example, resource "myroutefilter" in group + * "networking.example.net"). ExtensionRef MUST NOT be used for core and + * extended filters. * * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * Support: Implementation-specific * - * @schema GrpcRouteSpecRulesFiltersResponseHeaderModifierAdd#name + * + * This filter can be used multiple times within the same rule. + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFilters#extensionRef */ - readonly name: string; + readonly extensionRef?: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersExtensionRef; /** - * Value is the value of HTTP Header to be matched. + * RequestHeaderModifier defines a schema for a filter that modifies request + * headers. * - * @schema GrpcRouteSpecRulesFiltersResponseHeaderModifierAdd#value + * + * Support: Core + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFilters#requestHeaderModifier */ - readonly value: string; + readonly requestHeaderModifier?: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifier; + + /** + * RequestMirror defines a schema for a filter that mirrors requests. + * Requests are sent to the specified destination, but responses from + * that destination are ignored. + * + * + * This filter can be used multiple times within the same rule. Note that + * not all implementations will be able to support mirroring to multiple + * backends. + * + * + * Support: Extended + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFilters#requestMirror + */ + readonly requestMirror?: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirror; + + /** + * ResponseHeaderModifier defines a schema for a filter that modifies response + * headers. + * + * + * Support: Extended + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFilters#responseHeaderModifier + */ + readonly responseHeaderModifier?: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifier; + + /** + * Type identifies the type of filter to apply. As with other API fields, + * types are classified into three conformance levels: + * + * + * - Core: Filter types and their corresponding configuration defined by + * "Support: Core" in this package, e.g. "RequestHeaderModifier". All + * implementations supporting GRPCRoute MUST support core filters. + * + * + * - Extended: Filter types and their corresponding configuration defined by + * "Support: Extended" in this package, e.g. "RequestMirror". Implementers + * are encouraged to support extended filters. + * + * + * - Implementation-specific: Filters that are defined and supported by specific vendors. + * In the future, filters showing convergence in behavior across multiple + * implementations will be considered for inclusion in extended or core + * conformance levels. Filter-specific configuration for such filters + * is specified using the ExtensionRef field. `Type` MUST be set to + * "ExtensionRef" for custom filters. + * + * + * Implementers are encouraged to define custom implementation types to + * extend the core API with implementation-specific behavior. + * + * + * If a reference to a custom filter type cannot be resolved, the filter + * MUST NOT be skipped. Instead, requests that would have been processed by + * that filter MUST receive a HTTP error response. + * + * + * + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFilters#type + */ + readonly type: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersType; } /** - * Converts an object of type 'GrpcRouteSpecRulesFiltersResponseHeaderModifierAdd' to JSON representation. + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesBackendRefsFilters' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecRulesFiltersResponseHeaderModifierAdd(obj: GrpcRouteSpecRulesFiltersResponseHeaderModifierAdd | undefined): Record | undefined { +export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFilters(obj: GrpcRouteV1Alpha2SpecRulesBackendRefsFilters | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'name': obj.name, - 'value': obj.value, + 'extensionRef': toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersExtensionRef(obj.extensionRef), + 'requestHeaderModifier': toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifier(obj.requestHeaderModifier), + 'requestMirror': toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirror(obj.requestMirror), + 'responseHeaderModifier': toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifier(obj.responseHeaderModifier), + 'type': obj.type, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -4808,44 +8082,54 @@ export function toJson_GrpcRouteSpecRulesFiltersResponseHeaderModifierAdd(obj: G /* eslint-enable max-len, quote-props */ /** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * ExtensionRef is an optional, implementation-specific extension to the + * "filter" behavior. For example, resource "myroutefilter" in group + * "networking.example.net"). ExtensionRef MUST NOT be used for core and + * extended filters. * - * @schema GrpcRouteSpecRulesFiltersResponseHeaderModifierSet + * + * Support: Implementation-specific + * + * + * This filter can be used multiple times within the same rule. + * + * @schema GrpcRouteV1Alpha2SpecRulesFiltersExtensionRef */ -export interface GrpcRouteSpecRulesFiltersResponseHeaderModifierSet { +export interface GrpcRouteV1Alpha2SpecRulesFiltersExtensionRef { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). - * + * Group is the group of the referent. For example, "gateway.networking.k8s.io". + * When unspecified or empty string, core API group is inferred. * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * @schema GrpcRouteV1Alpha2SpecRulesFiltersExtensionRef#group + */ + readonly group: string; + + /** + * Kind is kind of the referent. For example "HTTPRoute" or "Service". * - * @schema GrpcRouteSpecRulesFiltersResponseHeaderModifierSet#name + * @schema GrpcRouteV1Alpha2SpecRulesFiltersExtensionRef#kind */ - readonly name: string; + readonly kind: string; /** - * Value is the value of HTTP Header to be matched. + * Name is the name of the referent. * - * @schema GrpcRouteSpecRulesFiltersResponseHeaderModifierSet#value + * @schema GrpcRouteV1Alpha2SpecRulesFiltersExtensionRef#name */ - readonly value: string; + readonly name: string; } /** - * Converts an object of type 'GrpcRouteSpecRulesFiltersResponseHeaderModifierSet' to JSON representation. + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesFiltersExtensionRef' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecRulesFiltersResponseHeaderModifierSet(obj: GrpcRouteSpecRulesFiltersResponseHeaderModifierSet | undefined): Record | undefined { +export function toJson_GrpcRouteV1Alpha2SpecRulesFiltersExtensionRef(obj: GrpcRouteV1Alpha2SpecRulesFiltersExtensionRef | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { + 'group': obj.group, + 'kind': obj.kind, 'name': obj.name, - 'value': obj.value, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -4853,75 +8137,102 @@ export function toJson_GrpcRouteSpecRulesFiltersResponseHeaderModifierSet(obj: G /* eslint-enable max-len, quote-props */ /** - * Type specifies how to match against the value of the header. - * - * @schema GrpcRouteSpecRulesMatchesHeadersType - */ -export enum GrpcRouteSpecRulesMatchesHeadersType { - /** Exact */ - EXACT = "Exact", - /** RegularExpression */ - REGULAR_EXPRESSION = "RegularExpression", -} - -/** - * Type specifies how to match against the service and/or method. - * Support: Core (Exact with service and method specified) - * - * - * Support: Implementation-specific (Exact with method specified but no service specified) + * RequestHeaderModifier defines a schema for a filter that modifies request + * headers. * * - * Support: Implementation-specific (RegularExpression) + * Support: Core * - * @schema GrpcRouteSpecRulesMatchesMethodType + * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifier */ -export enum GrpcRouteSpecRulesMatchesMethodType { - /** Exact */ - EXACT = "Exact", - /** RegularExpression */ - REGULAR_EXPRESSION = "RegularExpression", -} +export interface GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifier { + /** + * Add adds the given header(s) (name, value) to the request + * before the action. It appends to any existing values associated + * with the header name. + * + * + * Input: + * GET /foo HTTP/1.1 + * my-header: foo + * + * + * Config: + * add: + * - name: "my-header" + * value: "bar,baz" + * + * + * Output: + * GET /foo HTTP/1.1 + * my-header: foo,bar,baz + * + * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifier#add + */ + readonly add?: GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierAdd[]; -/** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. - * - * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd - */ -export interface GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + * Remove the given header(s) from the HTTP request before the action. The + * value of Remove is a list of HTTP header names. Note that the header + * names are case-insensitive (see + * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). * * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * Input: + * GET /foo HTTP/1.1 + * my-header1: foo + * my-header2: bar + * my-header3: baz * - * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd#name + * + * Config: + * remove: ["my-header1", "my-header3"] + * + * + * Output: + * GET /foo HTTP/1.1 + * my-header2: bar + * + * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifier#remove */ - readonly name: string; + readonly remove?: string[]; /** - * Value is the value of HTTP Header to be matched. + * Set overwrites the request with the given header (name, value) + * before the action. * - * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd#value + * + * Input: + * GET /foo HTTP/1.1 + * my-header: foo + * + * + * Config: + * set: + * - name: "my-header" + * value: "bar" + * + * + * Output: + * GET /foo HTTP/1.1 + * my-header: bar + * + * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifier#set */ - readonly value: string; + readonly set?: GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierSet[]; } /** - * Converts an object of type 'GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd' to JSON representation. + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifier' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd(obj: GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd | undefined): Record | undefined { +export function toJson_GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifier(obj: GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifier | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'name': obj.name, - 'value': obj.value, + 'add': obj.add?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierAdd(y)), + 'remove': obj.remove?.map(y => y), + 'set': obj.set?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierSet(y)), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -4929,44 +8240,66 @@ export function toJson_GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifier /* eslint-enable max-len, quote-props */ /** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * RequestMirror defines a schema for a filter that mirrors requests. + * Requests are sent to the specified destination, but responses from + * that destination are ignored. * - * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet + * + * This filter can be used multiple times within the same rule. Note that + * not all implementations will be able to support mirroring to multiple + * backends. + * + * + * Support: Extended + * + * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestMirror */ -export interface GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet { +export interface GrpcRouteV1Alpha2SpecRulesFiltersRequestMirror { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + * BackendRef references a resource where mirrored requests are sent. * * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * Mirrored requests must be sent only to a single destination endpoint + * within this BackendRef, irrespective of how many endpoints are present + * within this BackendRef. * - * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet#name - */ - readonly name: string; - - /** - * Value is the value of HTTP Header to be matched. * - * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet#value + * If the referent cannot be found, this BackendRef is invalid and must be + * dropped from the Gateway. The controller must ensure the "ResolvedRefs" + * condition on the Route status is set to `status: False` and not configure + * this backend in the underlying implementation. + * + * + * If there is a cross-namespace reference to an *existing* object + * that is not allowed by a ReferenceGrant, the controller must ensure the + * "ResolvedRefs" condition on the Route is set to `status: False`, + * with the "RefNotPermitted" reason and not configure this backend in the + * underlying implementation. + * + * + * In either error case, the Message of the `ResolvedRefs` Condition + * should be used to provide more detail about the problem. + * + * + * Support: Extended for Kubernetes Service + * + * + * Support: Implementation-specific for any other resource + * + * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestMirror#backendRef */ - readonly value: string; + readonly backendRef: GrpcRouteV1Alpha2SpecRulesFiltersRequestMirrorBackendRef; } /** - * Converts an object of type 'GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet' to JSON representation. + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesFiltersRequestMirror' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet(obj: GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet | undefined): Record | undefined { +export function toJson_GrpcRouteV1Alpha2SpecRulesFiltersRequestMirror(obj: GrpcRouteV1Alpha2SpecRulesFiltersRequestMirror | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'name': obj.name, - 'value': obj.value, + 'backendRef': toJson_GrpcRouteV1Alpha2SpecRulesFiltersRequestMirrorBackendRef(obj.backendRef), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -4974,121 +8307,102 @@ export function toJson_GrpcRouteSpecRulesBackendRefsFiltersRequestHeaderModifier /* eslint-enable max-len, quote-props */ /** - * BackendRef references a resource where mirrored requests are sent. - * - * - * Mirrored requests must be sent only to a single destination endpoint - * within this BackendRef, irrespective of how many endpoints are present - * within this BackendRef. - * - * - * If the referent cannot be found, this BackendRef is invalid and must be - * dropped from the Gateway. The controller must ensure the "ResolvedRefs" - * condition on the Route status is set to `status: False` and not configure - * this backend in the underlying implementation. - * - * - * If there is a cross-namespace reference to an *existing* object - * that is not allowed by a ReferenceGrant, the controller must ensure the - * "ResolvedRefs" condition on the Route is set to `status: False`, - * with the "RefNotPermitted" reason and not configure this backend in the - * underlying implementation. - * - * - * In either error case, the Message of the `ResolvedRefs` Condition - * should be used to provide more detail about the problem. - * - * - * Support: Extended for Kubernetes Service + * ResponseHeaderModifier defines a schema for a filter that modifies response + * headers. * * - * Support: Implementation-specific for any other resource + * Support: Extended * - * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef + * @schema GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifier */ -export interface GrpcRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef { +export interface GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifier { /** - * Group is the group of the referent. For example, "gateway.networking.k8s.io". - * When unspecified or empty string, core API group is inferred. + * Add adds the given header(s) (name, value) to the request + * before the action. It appends to any existing values associated + * with the header name. * - * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef#group - */ - readonly group?: string; - - /** - * Kind is the Kubernetes resource kind of the referent. For example - * "Service". + * + * Input: + * GET /foo HTTP/1.1 + * my-header: foo * * - * Defaults to "Service" when not specified. + * Config: + * add: + * - name: "my-header" + * value: "bar,baz" + * + * + * Output: + * GET /foo HTTP/1.1 + * my-header: foo,bar,baz + * + * @schema GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifier#add + */ + readonly add?: GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierAdd[]; + + /** + * Remove the given header(s) from the HTTP request before the action. The + * value of Remove is a list of HTTP header names. Note that the header + * names are case-insensitive (see + * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). * * - * ExternalName services can refer to CNAME DNS records that may live - * outside of the cluster and as such are difficult to reason about in - * terms of conformance. They also may not be safe to forward to (see - * CVE-2021-25740 for more information). Implementations SHOULD NOT - * support ExternalName Services. + * Input: + * GET /foo HTTP/1.1 + * my-header1: foo + * my-header2: bar + * my-header3: baz * * - * Support: Core (Services with a type other than ExternalName) + * Config: + * remove: ["my-header1", "my-header3"] * * - * Support: Implementation-specific (Services with type ExternalName) + * Output: + * GET /foo HTTP/1.1 + * my-header2: bar * - * @default Service" when not specified. - * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef#kind + * @schema GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifier#remove */ - readonly kind?: string; + readonly remove?: string[]; /** - * Name is the name of the referent. + * Set overwrites the request with the given header (name, value) + * before the action. * - * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef#name - */ - readonly name: string; - - /** - * Namespace is the namespace of the backend. When unspecified, the local - * namespace is inferred. * + * Input: + * GET /foo HTTP/1.1 + * my-header: foo * - * Note that when a namespace different than the local namespace is specified, - * a ReferenceGrant object is required in the referent namespace to allow that - * namespace's owner to accept the reference. See the ReferenceGrant - * documentation for details. * + * Config: + * set: + * - name: "my-header" + * value: "bar" * - * Support: Core * - * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef#namespace - */ - readonly namespace?: string; - - /** - * Port specifies the destination port number to use for this resource. - * Port is required when the referent is a Kubernetes Service. In this - * case, the port number is the service port number, not the target port. - * For other resources, destination port might be derived from the referent - * resource or this field. + * Output: + * GET /foo HTTP/1.1 + * my-header: bar * - * @schema GrpcRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef#port + * @schema GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifier#set */ - readonly port?: number; + readonly set?: GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierSet[]; } /** - * Converts an object of type 'GrpcRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef' to JSON representation. + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifier' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef(obj: GrpcRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef | undefined): Record | undefined { +export function toJson_GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifier(obj: GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifier | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'group': obj.group, - 'kind': obj.kind, - 'name': obj.name, - 'namespace': obj.namespace, - 'port': obj.port, + 'add': obj.add?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierAdd(y)), + 'remove': obj.remove?.map(y => y), + 'set': obj.set?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierSet(y)), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -5096,43 +8410,98 @@ export function toJson_GrpcRouteSpecRulesBackendRefsFiltersRequestMirrorBackendR /* eslint-enable max-len, quote-props */ /** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * Type identifies the type of filter to apply. As with other API fields, + * types are classified into three conformance levels: * - * @schema GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd + * + * - Core: Filter types and their corresponding configuration defined by + * "Support: Core" in this package, e.g. "RequestHeaderModifier". All + * implementations supporting GRPCRoute MUST support core filters. + * + * + * - Extended: Filter types and their corresponding configuration defined by + * "Support: Extended" in this package, e.g. "RequestMirror". Implementers + * are encouraged to support extended filters. + * + * + * - Implementation-specific: Filters that are defined and supported by specific vendors. + * In the future, filters showing convergence in behavior across multiple + * implementations will be considered for inclusion in extended or core + * conformance levels. Filter-specific configuration for such filters + * is specified using the ExtensionRef field. `Type` MUST be set to + * "ExtensionRef" for custom filters. + * + * + * Implementers are encouraged to define custom implementation types to + * extend the core API with implementation-specific behavior. + * + * + * If a reference to a custom filter type cannot be resolved, the filter + * MUST NOT be skipped. Instead, requests that would have been processed by + * that filter MUST receive a HTTP error response. + * + * + * + * + * @schema GrpcRouteV1Alpha2SpecRulesFiltersType */ -export interface GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd { +export enum GrpcRouteV1Alpha2SpecRulesFiltersType { + /** ResponseHeaderModifier */ + RESPONSE_HEADER_MODIFIER = "ResponseHeaderModifier", + /** RequestHeaderModifier */ + REQUEST_HEADER_MODIFIER = "RequestHeaderModifier", + /** RequestMirror */ + REQUEST_MIRROR = "RequestMirror", + /** ExtensionRef */ + EXTENSION_REF = "ExtensionRef", +} + +/** + * GRPCHeaderMatch describes how to select a gRPC route by matching gRPC request + * headers. + * + * @schema GrpcRouteV1Alpha2SpecRulesMatchesHeaders + */ +export interface GrpcRouteV1Alpha2SpecRulesMatchesHeaders { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + * Name is the name of the gRPC Header to be matched. * * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the + * If multiple entries specify equivalent header names, only the first + * entry with an equivalent name MUST be considered for a match. Subsequent + * entries with an equivalent header name MUST be ignored. Due to the * case-insensitivity of header names, "foo" and "Foo" are considered * equivalent. * - * @schema GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd#name + * @schema GrpcRouteV1Alpha2SpecRulesMatchesHeaders#name */ readonly name: string; /** - * Value is the value of HTTP Header to be matched. + * Type specifies how to match against the value of the header. * - * @schema GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd#value + * @schema GrpcRouteV1Alpha2SpecRulesMatchesHeaders#type + */ + readonly type?: GrpcRouteV1Alpha2SpecRulesMatchesHeadersType; + + /** + * Value is the value of the gRPC Header to be matched. + * + * @schema GrpcRouteV1Alpha2SpecRulesMatchesHeaders#value */ readonly value: string; } /** - * Converts an object of type 'GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd' to JSON representation. + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesMatchesHeaders' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd(obj: GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd | undefined): Record | undefined { +export function toJson_GrpcRouteV1Alpha2SpecRulesMatchesHeaders(obj: GrpcRouteV1Alpha2SpecRulesMatchesHeaders | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { 'name': obj.name, + 'type': obj.type, 'value': obj.value, }; // filter undefined values @@ -5141,192 +8510,189 @@ export function toJson_GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifie /* eslint-enable max-len, quote-props */ /** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * Method specifies a gRPC request service/method matcher. If this field is + * not specified, all services and methods will match. * - * @schema GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet + * @schema GrpcRouteV1Alpha2SpecRulesMatchesMethod */ -export interface GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet { +export interface GrpcRouteV1Alpha2SpecRulesMatchesMethod { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + * Value of the method to match against. If left empty or omitted, will + * match all services. * * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * At least one of Service and Method MUST be a non-empty string. * - * @schema GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet#name + * @schema GrpcRouteV1Alpha2SpecRulesMatchesMethod#method */ - readonly name: string; + readonly method?: string; /** - * Value is the value of HTTP Header to be matched. + * Value of the service to match against. If left empty or omitted, will + * match any service. * - * @schema GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet#value + * + * At least one of Service and Method MUST be a non-empty string. + * + * @schema GrpcRouteV1Alpha2SpecRulesMatchesMethod#service */ - readonly value: string; + readonly service?: string; + + /** + * Type specifies how to match against the service and/or method. + * Support: Core (Exact with service and method specified) + * + * + * Support: Implementation-specific (Exact with method specified but no service specified) + * + * + * Support: Implementation-specific (RegularExpression) + * + * @schema GrpcRouteV1Alpha2SpecRulesMatchesMethod#type + */ + readonly type?: GrpcRouteV1Alpha2SpecRulesMatchesMethodType; } /** - * Converts an object of type 'GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet' to JSON representation. + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesMatchesMethod' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet(obj: GrpcRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet | undefined): Record | undefined { +export function toJson_GrpcRouteV1Alpha2SpecRulesMatchesMethod(obj: GrpcRouteV1Alpha2SpecRulesMatchesMethod | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'name': obj.name, - 'value': obj.value, + 'method': obj.method, + 'service': obj.service, + 'type': obj.type, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ - /** - * GRPCRoute provides a way to route gRPC requests. This includes the capability -to match requests by hostname, gRPC service, gRPC method, or HTTP/2 header. -Filters can be used to specify additional processing steps. Backends specify -where matching requests will be routed. - - -GRPCRoute falls under extended support within the Gateway API. Within the -following specification, the word "MUST" indicates that an implementation -supporting GRPCRoute must conform to the indicated requirement, but an -implementation not supporting this route type need not follow the requirement -unless explicitly indicated. - - -Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST -accept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via -ALPN. If the implementation does not support this, then it MUST set the -"Accepted" condition to "False" for the affected listener with a reason of -"UnsupportedProtocol". Implementations MAY also accept HTTP/2 connections -with an upgrade from HTTP/1. - - -Implementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST -support HTTP/2 over cleartext TCP (h2c, -https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial -upgrade from HTTP/1.1, i.e. with prior knowledge -(https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation -does not support this, then it MUST set the "Accepted" condition to "False" -for the affected listener with a reason of "UnsupportedProtocol". -Implementations MAY also accept HTTP/2 connections with an upgrade from -HTTP/1, i.e. without prior knowledge. + * CookieConfig provides configuration settings that are specific + * to cookie-based session persistence. * - * @schema GRPCRouteV1Alpha2 - */ -export class GrpcRouteV1Alpha2 extends ApiObject { - /** - * Returns the apiVersion and kind for "GRPCRouteV1Alpha2" - */ - public static readonly GVK: GroupVersionKind = { - apiVersion: 'gateway.networking.k8s.io/v1alpha2', - kind: 'GRPCRoute', - } - + * + * Support: Core + * + * @schema GrpcRouteV1Alpha2SpecRulesSessionPersistenceCookieConfig + */ +export interface GrpcRouteV1Alpha2SpecRulesSessionPersistenceCookieConfig { /** - * Renders a Kubernetes manifest for "GRPCRouteV1Alpha2". + * LifetimeType specifies whether the cookie has a permanent or + * session-based lifetime. A permanent cookie persists until its + * specified expiry time, defined by the Expires or Max-Age cookie + * attributes, while a session cookie is deleted when the current + * session ends. * - * This can be used to inline resource manifests inside other objects (e.g. as templates). * - * @param props initialization props - */ - public static manifest(props: GrpcRouteV1Alpha2Props = {}): any { - return { - ...GrpcRouteV1Alpha2.GVK, - ...toJson_GrpcRouteV1Alpha2Props(props), - }; - } - - /** - * Defines a "GRPCRouteV1Alpha2" API object - * @param scope the scope in which to define this object - * @param id a scope-local name for the object - * @param props initialization props + * When set to "Permanent", AbsoluteTimeout indicates the + * cookie's lifetime via the Expires or Max-Age cookie attributes + * and is required. + * + * + * When set to "Session", AbsoluteTimeout indicates the + * absolute lifetime of the cookie tracked by the gateway and + * is optional. + * + * + * Support: Core for "Session" type + * + * + * Support: Extended for "Permanent" type + * + * @schema GrpcRouteV1Alpha2SpecRulesSessionPersistenceCookieConfig#lifetimeType */ - public constructor(scope: Construct, id: string, props: GrpcRouteV1Alpha2Props = {}) { - super(scope, id, { - ...GrpcRouteV1Alpha2.GVK, - ...props, - }); - } + readonly lifetimeType?: GrpcRouteV1Alpha2SpecRulesSessionPersistenceCookieConfigLifetimeType; - /** - * Renders the object to Kubernetes JSON. - */ - public toJson(): any { - const resolved = super.toJson(); +} - return { - ...GrpcRouteV1Alpha2.GVK, - ...toJson_GrpcRouteV1Alpha2Props(resolved), - }; - } +/** + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesSessionPersistenceCookieConfig' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteV1Alpha2SpecRulesSessionPersistenceCookieConfig(obj: GrpcRouteV1Alpha2SpecRulesSessionPersistenceCookieConfig | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'lifetimeType': obj.lifetimeType, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } +/* eslint-enable max-len, quote-props */ /** - * GRPCRoute provides a way to route gRPC requests. This includes the capability - * to match requests by hostname, gRPC service, gRPC method, or HTTP/2 header. - * Filters can be used to specify additional processing steps. Backends specify - * where matching requests will be routed. + * Type defines the type of session persistence such as through + * the use a header or cookie. Defaults to cookie based session + * persistence. * * - * GRPCRoute falls under extended support within the Gateway API. Within the - * following specification, the word "MUST" indicates that an implementation - * supporting GRPCRoute must conform to the indicated requirement, but an - * implementation not supporting this route type need not follow the requirement - * unless explicitly indicated. + * Support: Core for "Cookie" type * * - * Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST - * accept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via - * ALPN. If the implementation does not support this, then it MUST set the - * "Accepted" condition to "False" for the affected listener with a reason of - * "UnsupportedProtocol". Implementations MAY also accept HTTP/2 connections - * with an upgrade from HTTP/1. + * Support: Extended for "Header" type * + * @default cookie based session + * @schema GrpcRouteV1Alpha2SpecRulesSessionPersistenceType + */ +export enum GrpcRouteV1Alpha2SpecRulesSessionPersistenceType { + /** Cookie */ + COOKIE = "Cookie", + /** Header */ + HEADER = "Header", +} + +/** + * ExtensionRef is an optional, implementation-specific extension to the + * "filter" behavior. For example, resource "myroutefilter" in group + * "networking.example.net"). ExtensionRef MUST NOT be used for core and + * extended filters. * - * Implementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST - * support HTTP/2 over cleartext TCP (h2c, - * https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial - * upgrade from HTTP/1.1, i.e. with prior knowledge - * (https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation - * does not support this, then it MUST set the "Accepted" condition to "False" - * for the affected listener with a reason of "UnsupportedProtocol". - * Implementations MAY also accept HTTP/2 connections with an upgrade from - * HTTP/1, i.e. without prior knowledge. * - * @schema GRPCRouteV1Alpha2 + * Support: Implementation-specific + * + * + * This filter can be used multiple times within the same rule. + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersExtensionRef */ -export interface GrpcRouteV1Alpha2Props { +export interface GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersExtensionRef { /** - * @schema GRPCRouteV1Alpha2#metadata + * Group is the group of the referent. For example, "gateway.networking.k8s.io". + * When unspecified or empty string, core API group is inferred. + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersExtensionRef#group */ - readonly metadata?: ApiObjectMetadata; + readonly group: string; /** - * Spec defines the desired state of GRPCRoute. + * Kind is kind of the referent. For example "HTTPRoute" or "Service". * - * @schema GRPCRouteV1Alpha2#spec + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersExtensionRef#kind */ - readonly spec?: GrpcRouteV1Alpha2Spec; + readonly kind: string; + + /** + * Name is the name of the referent. + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersExtensionRef#name + */ + readonly name: string; } /** - * Converts an object of type 'GrpcRouteV1Alpha2Props' to JSON representation. + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersExtensionRef' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2Props(obj: GrpcRouteV1Alpha2Props | undefined): Record | undefined { +export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersExtensionRef(obj: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersExtensionRef | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'metadata': obj.metadata, - 'spec': toJson_GrpcRouteV1Alpha2Spec(obj.spec), + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -5334,170 +8700,409 @@ export function toJson_GrpcRouteV1Alpha2Props(obj: GrpcRouteV1Alpha2Props | unde /* eslint-enable max-len, quote-props */ /** - * Spec defines the desired state of GRPCRoute. + * RequestHeaderModifier defines a schema for a filter that modifies request + * headers. * - * @schema GrpcRouteV1Alpha2Spec + * + * Support: Core + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifier */ -export interface GrpcRouteV1Alpha2Spec { +export interface GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifier { /** - * Hostnames defines a set of hostnames to match against the GRPC - * Host header to select a GRPCRoute to process the request. This matches - * the RFC 1123 definition of a hostname with 2 notable exceptions: + * Add adds the given header(s) (name, value) to the request + * before the action. It appends to any existing values associated + * with the header name. * * - * 1. IPs are not allowed. - * 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard - * label MUST appear by itself as the first label. + * Input: + * GET /foo HTTP/1.1 + * my-header: foo * * - * If a hostname is specified by both the Listener and GRPCRoute, there - * MUST be at least one intersecting hostname for the GRPCRoute to be - * attached to the Listener. For example: + * Config: + * add: + * - name: "my-header" + * value: "bar,baz" * * - * * A Listener with `test.example.com` as the hostname matches GRPCRoutes - * that have either not specified any hostnames, or have specified at - * least one of `test.example.com` or `*.example.com`. - * * A Listener with `*.example.com` as the hostname matches GRPCRoutes - * that have either not specified any hostnames or have specified at least - * one hostname that matches the Listener hostname. For example, - * `test.example.com` and `*.example.com` would both match. On the other - * hand, `example.com` and `test.example.net` would not match. + * Output: + * GET /foo HTTP/1.1 + * my-header: foo,bar,baz + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifier#add + */ + readonly add?: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierAdd[]; + + /** + * Remove the given header(s) from the HTTP request before the action. The + * value of Remove is a list of HTTP header names. Note that the header + * names are case-insensitive (see + * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). * * - * Hostnames that are prefixed with a wildcard label (`*.`) are interpreted - * as a suffix match. That means that a match for `*.example.com` would match - * both `test.example.com`, and `foo.test.example.com`, but not `example.com`. + * Input: + * GET /foo HTTP/1.1 + * my-header1: foo + * my-header2: bar + * my-header3: baz * * - * If both the Listener and GRPCRoute have specified hostnames, any - * GRPCRoute hostnames that do not match the Listener hostname MUST be - * ignored. For example, if a Listener specified `*.example.com`, and the - * GRPCRoute specified `test.example.com` and `test.example.net`, - * `test.example.net` MUST NOT be considered for a match. + * Config: + * remove: ["my-header1", "my-header3"] + * + * + * Output: + * GET /foo HTTP/1.1 + * my-header2: bar + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifier#remove + */ + readonly remove?: string[]; + + /** + * Set overwrites the request with the given header (name, value) + * before the action. + * + * + * Input: + * GET /foo HTTP/1.1 + * my-header: foo + * + * + * Config: + * set: + * - name: "my-header" + * value: "bar" + * + * + * Output: + * GET /foo HTTP/1.1 + * my-header: bar + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifier#set + */ + readonly set?: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierSet[]; + +} + +/** + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifier' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifier(obj: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifier | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'add': obj.add?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierAdd(y)), + 'remove': obj.remove?.map(y => y), + 'set': obj.set?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierSet(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * RequestMirror defines a schema for a filter that mirrors requests. + * Requests are sent to the specified destination, but responses from + * that destination are ignored. + * + * + * This filter can be used multiple times within the same rule. Note that + * not all implementations will be able to support mirroring to multiple + * backends. + * + * + * Support: Extended + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirror + */ +export interface GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirror { + /** + * BackendRef references a resource where mirrored requests are sent. * * - * If both the Listener and GRPCRoute have specified hostnames, and none - * match with the criteria above, then the GRPCRoute MUST NOT be accepted by - * the implementation. The implementation MUST raise an 'Accepted' Condition - * with a status of `False` in the corresponding RouteParentStatus. + * Mirrored requests must be sent only to a single destination endpoint + * within this BackendRef, irrespective of how many endpoints are present + * within this BackendRef. * * - * If a Route (A) of type HTTPRoute or GRPCRoute is attached to a - * Listener and that listener already has another Route (B) of the other - * type attached and the intersection of the hostnames of A and B is - * non-empty, then the implementation MUST accept exactly one of these two - * routes, determined by the following criteria, in order: + * If the referent cannot be found, this BackendRef is invalid and must be + * dropped from the Gateway. The controller must ensure the "ResolvedRefs" + * condition on the Route status is set to `status: False` and not configure + * this backend in the underlying implementation. * * - * * The oldest Route based on creation timestamp. - * * The Route appearing first in alphabetical order by - * "{namespace}/{name}". + * If there is a cross-namespace reference to an *existing* object + * that is not allowed by a ReferenceGrant, the controller must ensure the + * "ResolvedRefs" condition on the Route is set to `status: False`, + * with the "RefNotPermitted" reason and not configure this backend in the + * underlying implementation. * * - * The rejected Route MUST raise an 'Accepted' condition with a status of - * 'False' in the corresponding RouteParentStatus. + * In either error case, the Message of the `ResolvedRefs` Condition + * should be used to provide more detail about the problem. * * - * Support: Core + * Support: Extended for Kubernetes Service * - * @schema GrpcRouteV1Alpha2Spec#hostnames + * + * Support: Implementation-specific for any other resource + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirror#backendRef */ - readonly hostnames?: string[]; + readonly backendRef: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirrorBackendRef; + +} + +/** + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirror' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirror(obj: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirror | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'backendRef': toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirrorBackendRef(obj.backendRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ +/** + * ResponseHeaderModifier defines a schema for a filter that modifies response + * headers. + * + * + * Support: Extended + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifier + */ +export interface GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifier { /** - * ParentRefs references the resources (usually Gateways) that a Route wants - * to be attached to. Note that the referenced parent resource needs to - * allow this for the attachment to be complete. For Gateways, that means - * the Gateway needs to allow attachment from Routes of this kind and - * namespace. For Services, that means the Service must either be in the same - * namespace for a "producer" route, or the mesh implementation must support - * and allow "consumer" routes for the referenced Service. ReferenceGrant is - * not applicable for governing ParentRefs to Services - it is not possible to - * create a "producer" route for a Service in a different namespace from the - * Route. + * Add adds the given header(s) (name, value) to the request + * before the action. It appends to any existing values associated + * with the header name. * * - * There are two kinds of parent resources with "Core" support: + * Input: + * GET /foo HTTP/1.1 + * my-header: foo * * - * * Gateway (Gateway conformance profile) - * * Service (Mesh conformance profile, ClusterIP Services only) + * Config: + * add: + * - name: "my-header" + * value: "bar,baz" * * - * This API may be extended in the future to support additional kinds of parent - * resources. + * Output: + * GET /foo HTTP/1.1 + * my-header: foo,bar,baz * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifier#add + */ + readonly add?: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierAdd[]; + + /** + * Remove the given header(s) from the HTTP request before the action. The + * value of Remove is a list of HTTP header names. Note that the header + * names are case-insensitive (see + * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). * - * ParentRefs must be _distinct_. This means either that: * + * Input: + * GET /foo HTTP/1.1 + * my-header1: foo + * my-header2: bar + * my-header3: baz * - * * They select different objects. If this is the case, then parentRef - * entries are distinct. In terms of fields, this means that the - * multi-part key defined by `group`, `kind`, `namespace`, and `name` must - * be unique across all parentRef entries in the Route. - * * They do not select different objects, but for each optional field used, - * each ParentRef that selects the same object must set the same set of - * optional fields to different values. If one ParentRef sets a - * combination of optional fields, all must set the same combination. * + * Config: + * remove: ["my-header1", "my-header3"] * - * Some examples: * + * Output: + * GET /foo HTTP/1.1 + * my-header2: bar * - * * If one ParentRef sets `sectionName`, all ParentRefs referencing the - * same object must also set `sectionName`. - * * If one ParentRef sets `port`, all ParentRefs referencing the same - * object must also set `port`. - * * If one ParentRef sets `sectionName` and `port`, all ParentRefs - * referencing the same object must also set `sectionName` and `port`. + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifier#remove + */ + readonly remove?: string[]; + + /** + * Set overwrites the request with the given header (name, value) + * before the action. * * - * It is possible to separately reference multiple distinct objects that may - * be collapsed by an implementation. For example, some implementations may - * choose to merge compatible Gateway Listeners together. If that is the - * case, the list of routes attached to those resources should also be - * merged. + * Input: + * GET /foo HTTP/1.1 + * my-header: foo * * - * Note that for ParentRefs that cross namespace boundaries, there are specific - * rules. Cross-namespace references are only valid if they are explicitly - * allowed by something in the namespace they are referring to. For example, - * Gateway has the AllowedRoutes field, and ReferenceGrant provides a - * generic way to enable other kinds of cross-namespace reference. + * Config: + * set: + * - name: "my-header" + * value: "bar" * * + * Output: + * GET /foo HTTP/1.1 + * my-header: bar * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifier#set + */ + readonly set?: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierSet[]; + +} + +/** + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifier' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifier(obj: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifier | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'add': obj.add?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierAdd(y)), + 'remove': obj.remove?.map(y => y), + 'set': obj.set?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierSet(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Type identifies the type of filter to apply. As with other API fields, + * types are classified into three conformance levels: + * + * + * - Core: Filter types and their corresponding configuration defined by + * "Support: Core" in this package, e.g. "RequestHeaderModifier". All + * implementations supporting GRPCRoute MUST support core filters. + * + * + * - Extended: Filter types and their corresponding configuration defined by + * "Support: Extended" in this package, e.g. "RequestMirror". Implementers + * are encouraged to support extended filters. + * + * + * - Implementation-specific: Filters that are defined and supported by specific vendors. + * In the future, filters showing convergence in behavior across multiple + * implementations will be considered for inclusion in extended or core + * conformance levels. Filter-specific configuration for such filters + * is specified using the ExtensionRef field. `Type` MUST be set to + * "ExtensionRef" for custom filters. + * + * + * Implementers are encouraged to define custom implementation types to + * extend the core API with implementation-specific behavior. + * + * + * If a reference to a custom filter type cannot be resolved, the filter + * MUST NOT be skipped. Instead, requests that would have been processed by + * that filter MUST receive a HTTP error response. + * + * + * + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersType + */ +export enum GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersType { + /** ResponseHeaderModifier */ + RESPONSE_HEADER_MODIFIER = "ResponseHeaderModifier", + /** RequestHeaderModifier */ + REQUEST_HEADER_MODIFIER = "RequestHeaderModifier", + /** RequestMirror */ + REQUEST_MIRROR = "RequestMirror", + /** ExtensionRef */ + EXTENSION_REF = "ExtensionRef", +} + +/** + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * + * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierAdd + */ +export interface GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierAdd { + /** + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * * + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * + * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierAdd#name + */ + readonly name: string; + + /** + * Value is the value of HTTP Header to be matched. * + * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierAdd#value + */ + readonly value: string; + +} + +/** + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierAdd' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierAdd(obj: GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierAdd | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * + * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierSet + */ +export interface GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierSet { + /** + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * * + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * - * @schema GrpcRouteV1Alpha2Spec#parentRefs + * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierSet#name */ - readonly parentRefs?: GrpcRouteV1Alpha2SpecParentRefs[]; + readonly name: string; /** - * Rules are a list of GRPC matchers, filters and actions. + * Value is the value of HTTP Header to be matched. * - * @schema GrpcRouteV1Alpha2Spec#rules + * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierSet#value */ - readonly rules?: GrpcRouteV1Alpha2SpecRules[]; + readonly value: string; } /** - * Converts an object of type 'GrpcRouteV1Alpha2Spec' to JSON representation. + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierSet' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2Spec(obj: GrpcRouteV1Alpha2Spec | undefined): Record | undefined { +export function toJson_GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierSet(obj: GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierSet | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'hostnames': obj.hostnames?.map(y => y), - 'parentRefs': obj.parentRefs?.map(y => toJson_GrpcRouteV1Alpha2SpecParentRefs(y)), - 'rules': obj.rules?.map(y => toJson_GrpcRouteV1Alpha2SpecRules(y)), + 'name': obj.name, + 'value': obj.value, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -5505,172 +9110,211 @@ export function toJson_GrpcRouteV1Alpha2Spec(obj: GrpcRouteV1Alpha2Spec | undefi /* eslint-enable max-len, quote-props */ /** - * ParentReference identifies an API object (usually a Gateway) that can be considered - * a parent of this resource (usually a route). There are two kinds of parent resources - * with "Core" support: + * BackendRef references a resource where mirrored requests are sent. * * - * * Gateway (Gateway conformance profile) - * * Service (Mesh conformance profile, ClusterIP Services only) + * Mirrored requests must be sent only to a single destination endpoint + * within this BackendRef, irrespective of how many endpoints are present + * within this BackendRef. * * - * This API may be extended in the future to support additional kinds of parent - * resources. + * If the referent cannot be found, this BackendRef is invalid and must be + * dropped from the Gateway. The controller must ensure the "ResolvedRefs" + * condition on the Route status is set to `status: False` and not configure + * this backend in the underlying implementation. * * - * The API object must be valid in the cluster; the Group and Kind must - * be registered in the cluster for this reference to be valid. + * If there is a cross-namespace reference to an *existing* object + * that is not allowed by a ReferenceGrant, the controller must ensure the + * "ResolvedRefs" condition on the Route is set to `status: False`, + * with the "RefNotPermitted" reason and not configure this backend in the + * underlying implementation. * - * @schema GrpcRouteV1Alpha2SpecParentRefs + * + * In either error case, the Message of the `ResolvedRefs` Condition + * should be used to provide more detail about the problem. + * + * + * Support: Extended for Kubernetes Service + * + * + * Support: Implementation-specific for any other resource + * + * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestMirrorBackendRef */ -export interface GrpcRouteV1Alpha2SpecParentRefs { +export interface GrpcRouteV1Alpha2SpecRulesFiltersRequestMirrorBackendRef { /** - * Group is the group of the referent. - * When unspecified, "gateway.networking.k8s.io" is inferred. - * To set the core API group (such as for a "Service" kind referent), - * Group must be explicitly set to "" (empty string). - * - * - * Support: Core + * Group is the group of the referent. For example, "gateway.networking.k8s.io". + * When unspecified or empty string, core API group is inferred. * - * @schema GrpcRouteV1Alpha2SpecParentRefs#group + * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestMirrorBackendRef#group */ readonly group?: string; /** - * Kind is kind of the referent. + * Kind is the Kubernetes resource kind of the referent. For example + * "Service". * * - * There are two kinds of parent resources with "Core" support: + * Defaults to "Service" when not specified. * * - * * Gateway (Gateway conformance profile) - * * Service (Mesh conformance profile, ClusterIP Services only) + * ExternalName services can refer to CNAME DNS records that may live + * outside of the cluster and as such are difficult to reason about in + * terms of conformance. They also may not be safe to forward to (see + * CVE-2021-25740 for more information). Implementations SHOULD NOT + * support ExternalName Services. * * - * Support for other resources is Implementation-Specific. + * Support: Core (Services with a type other than ExternalName) * - * @schema GrpcRouteV1Alpha2SpecParentRefs#kind + * + * Support: Implementation-specific (Services with type ExternalName) + * + * @default Service" when not specified. + * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestMirrorBackendRef#kind */ readonly kind?: string; /** * Name is the name of the referent. * - * - * Support: Core - * - * @schema GrpcRouteV1Alpha2SpecParentRefs#name + * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestMirrorBackendRef#name */ readonly name: string; /** - * Namespace is the namespace of the referent. When unspecified, this refers - * to the local namespace of the Route. - * - * - * Note that there are specific rules for ParentRefs which cross namespace - * boundaries. Cross-namespace references are only valid if they are explicitly - * allowed by something in the namespace they are referring to. For example: - * Gateway has the AllowedRoutes field, and ReferenceGrant provides a - * generic way to enable any other kind of cross-namespace reference. - * + * Namespace is the namespace of the backend. When unspecified, the local + * namespace is inferred. * * + * Note that when a namespace different than the local namespace is specified, + * a ReferenceGrant object is required in the referent namespace to allow that + * namespace's owner to accept the reference. See the ReferenceGrant + * documentation for details. * * * Support: Core * - * @schema GrpcRouteV1Alpha2SpecParentRefs#namespace + * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestMirrorBackendRef#namespace */ readonly namespace?: string; /** - * Port is the network port this Route targets. It can be interpreted - * differently based on the type of parent resource. - * - * - * When the parent resource is a Gateway, this targets all listeners - * listening on the specified port that also support this kind of Route(and - * select this Route). It's not recommended to set `Port` unless the - * networking behaviors specified in a Route must apply to a specific port - * as opposed to a listener(s) whose port(s) may be changed. When both Port - * and SectionName are specified, the name and port of the selected listener - * must match both specified values. - * - * - * - * - * - * Implementations MAY choose to support other parent resources. - * Implementations supporting other types of parent resources MUST clearly - * document how/if Port is interpreted. - * - * - * For the purpose of status, an attachment is considered successful as - * long as the parent resource accepts it partially. For example, Gateway - * listeners can restrict which Routes can attach to them by Route kind, - * namespace, or hostname. If 1 of 2 Gateway listeners accept attachment - * from the referencing Route, the Route MUST be considered successfully - * attached. If no Gateway listeners accept attachment from this Route, - * the Route MUST be considered detached from the Gateway. - * - * - * Support: Extended + * Port specifies the destination port number to use for this resource. + * Port is required when the referent is a Kubernetes Service. In this + * case, the port number is the service port number, not the target port. + * For other resources, destination port might be derived from the referent + * resource or this field. * - * @schema GrpcRouteV1Alpha2SpecParentRefs#port + * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestMirrorBackendRef#port */ readonly port?: number; +} + +/** + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesFiltersRequestMirrorBackendRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteV1Alpha2SpecRulesFiltersRequestMirrorBackendRef(obj: GrpcRouteV1Alpha2SpecRulesFiltersRequestMirrorBackendRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + 'namespace': obj.namespace, + 'port': obj.port, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * + * @schema GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierAdd + */ +export interface GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierAdd { /** - * SectionName is the name of a section within the target resource. In the - * following resources, SectionName is interpreted as the following: - * - * - * * Gateway: Listener name. When both Port (experimental) and SectionName - * are specified, the name and port of the selected listener must match - * both specified values. - * * Service: Port name. When both Port (experimental) and SectionName - * are specified, the name and port of the selected listener must match - * both specified values. + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * * - * Implementations MAY choose to support attaching Routes to other resources. - * If that is the case, they MUST clearly document how SectionName is - * interpreted. + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * + * @schema GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierAdd#name + */ + readonly name: string; + + /** + * Value is the value of HTTP Header to be matched. * - * When unspecified (empty string), this will reference the entire resource. - * For the purpose of status, an attachment is considered successful if at - * least one section in the parent resource accepts it. For example, Gateway - * listeners can restrict which Routes can attach to them by Route kind, - * namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from - * the referencing Route, the Route MUST be considered successfully - * attached. If no Gateway listeners accept attachment from this Route, the - * Route MUST be considered detached from the Gateway. + * @schema GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierAdd#value + */ + readonly value: string; + +} + +/** + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierAdd' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierAdd(obj: GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierAdd | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * + * @schema GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierSet + */ +export interface GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierSet { + /** + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * * - * Support: Core + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * - * @schema GrpcRouteV1Alpha2SpecParentRefs#sectionName + * @schema GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierSet#name */ - readonly sectionName?: string; + readonly name: string; + + /** + * Value is the value of HTTP Header to be matched. + * + * @schema GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierSet#value + */ + readonly value: string; } /** - * Converts an object of type 'GrpcRouteV1Alpha2SpecParentRefs' to JSON representation. + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierSet' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecParentRefs(obj: GrpcRouteV1Alpha2SpecParentRefs | undefined): Record | undefined { +export function toJson_GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierSet(obj: GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierSet | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'group': obj.group, - 'kind': obj.kind, 'name': obj.name, - 'namespace': obj.namespace, - 'port': obj.port, - 'sectionName': obj.sectionName, + 'value': obj.value, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -5678,169 +9322,152 @@ export function toJson_GrpcRouteV1Alpha2SpecParentRefs(obj: GrpcRouteV1Alpha2Spe /* eslint-enable max-len, quote-props */ /** - * GRPCRouteRule defines the semantics for matching a gRPC request based on - * conditions (matches), processing it (filters), and forwarding the request to - * an API object (backendRefs). + * Type specifies how to match against the value of the header. * - * @schema GrpcRouteV1Alpha2SpecRules + * @schema GrpcRouteV1Alpha2SpecRulesMatchesHeadersType */ -export interface GrpcRouteV1Alpha2SpecRules { +export enum GrpcRouteV1Alpha2SpecRulesMatchesHeadersType { + /** Exact */ + EXACT = "Exact", + /** RegularExpression */ + REGULAR_EXPRESSION = "RegularExpression", +} + +/** + * Type specifies how to match against the service and/or method. + * Support: Core (Exact with service and method specified) + * + * + * Support: Implementation-specific (Exact with method specified but no service specified) + * + * + * Support: Implementation-specific (RegularExpression) + * + * @schema GrpcRouteV1Alpha2SpecRulesMatchesMethodType + */ +export enum GrpcRouteV1Alpha2SpecRulesMatchesMethodType { + /** Exact */ + EXACT = "Exact", + /** RegularExpression */ + REGULAR_EXPRESSION = "RegularExpression", +} + +/** + * LifetimeType specifies whether the cookie has a permanent or + * session-based lifetime. A permanent cookie persists until its + * specified expiry time, defined by the Expires or Max-Age cookie + * attributes, while a session cookie is deleted when the current + * session ends. + * + * + * When set to "Permanent", AbsoluteTimeout indicates the + * cookie's lifetime via the Expires or Max-Age cookie attributes + * and is required. + * + * + * When set to "Session", AbsoluteTimeout indicates the + * absolute lifetime of the cookie tracked by the gateway and + * is optional. + * + * + * Support: Core for "Session" type + * + * + * Support: Extended for "Permanent" type + * + * @schema GrpcRouteV1Alpha2SpecRulesSessionPersistenceCookieConfigLifetimeType + */ +export enum GrpcRouteV1Alpha2SpecRulesSessionPersistenceCookieConfigLifetimeType { + /** Permanent */ + PERMANENT = "Permanent", + /** Session */ + SESSION = "Session", +} + +/** + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierAdd + */ +export interface GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierAdd { /** - * BackendRefs defines the backend(s) where matching requests should be - * sent. - * - * - * Failure behavior here depends on how many BackendRefs are specified and - * how many are invalid. - * - * - * If *all* entries in BackendRefs are invalid, and there are also no filters - * specified in this route rule, *all* traffic which matches this rule MUST - * receive an `UNAVAILABLE` status. - * - * - * See the GRPCBackendRef definition for the rules about what makes a single - * GRPCBackendRef invalid. - * - * - * When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for - * requests that would have otherwise been routed to an invalid backend. If - * multiple backends are specified, and some are invalid, the proportion of - * requests that would otherwise have been routed to an invalid backend - * MUST receive an `UNAVAILABLE` status. - * - * - * For example, if two backends are specified with equal weights, and one is - * invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. - * Implementations may choose how that 50 percent is determined. - * - * - * Support: Core for Kubernetes Service - * - * - * Support: Implementation-specific for any other resource + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * * - * Support for weight: Core + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * - * @schema GrpcRouteV1Alpha2SpecRules#backendRefs + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierAdd#name */ - readonly backendRefs?: GrpcRouteV1Alpha2SpecRulesBackendRefs[]; + readonly name: string; /** - * Filters define the filters that are applied to requests that match - * this rule. - * - * - * The effects of ordering of multiple behaviors are currently unspecified. - * This can change in the future based on feedback during the alpha stage. - * - * - * Conformance-levels at this level are defined based on the type of filter: - * - * - * - ALL core filters MUST be supported by all implementations that support - * GRPCRoute. - * - Implementers are encouraged to support extended filters. - * - Implementation-specific custom filters have no API guarantees across - * implementations. - * - * - * Specifying the same filter multiple times is not supported unless explicitly - * indicated in the filter. - * - * - * If an implementation can not support a combination of filters, it must clearly - * document that limitation. In cases where incompatible or unsupported - * filters are specified and cause the `Accepted` condition to be set to status - * `False`, implementations may use the `IncompatibleFilters` reason to specify - * this configuration error. - * - * - * Support: Core + * Value is the value of HTTP Header to be matched. * - * @schema GrpcRouteV1Alpha2SpecRules#filters + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierAdd#value */ - readonly filters?: GrpcRouteV1Alpha2SpecRulesFilters[]; + readonly value: string; + +} + +/** + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierAdd' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierAdd(obj: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierAdd | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ +/** + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierSet + */ +export interface GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierSet { /** - * Matches define conditions used for matching the rule against incoming - * gRPC requests. Each match is independent, i.e. this rule will be matched - * if **any** one of the matches is satisfied. - * - * - * For example, take the following matches configuration: - * - * - * ``` - * matches: - * - method: - * service: foo.bar - * headers: - * values: - * version: 2 - * - method: - * service: foo.bar.v2 - * ``` - * - * - * For a request to match against this rule, it MUST satisfy - * EITHER of the two conditions: - * - * - * - service of foo.bar AND contains the header `version: 2` - * - service of foo.bar.v2 - * - * - * See the documentation for GRPCRouteMatch on how to specify multiple - * match conditions to be ANDed together. - * - * - * If no matches are specified, the implementation MUST match every gRPC request. - * - * - * Proxy or Load Balancer routing configuration generated from GRPCRoutes - * MUST prioritize rules based on the following criteria, continuing on - * ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. - * Precedence MUST be given to the rule with the largest number of: - * - * - * * Characters in a matching non-wildcard hostname. - * * Characters in a matching hostname. - * * Characters in a matching service. - * * Characters in a matching method. - * * Header matches. - * - * - * If ties still exist across multiple Routes, matching precedence MUST be - * determined in order of the following criteria, continuing on ties: - * + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * - * * The oldest Route based on creation timestamp. - * * The Route appearing first in alphabetical order by - * "{namespace}/{name}". * + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * - * If ties still exist within the Route that has been given precedence, - * matching precedence MUST be granted to the first matching rule meeting - * the above criteria. + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierSet#name + */ + readonly name: string; + + /** + * Value is the value of HTTP Header to be matched. * - * @schema GrpcRouteV1Alpha2SpecRules#matches + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierSet#value */ - readonly matches?: GrpcRouteV1Alpha2SpecRulesMatches[]; + readonly value: string; } /** - * Converts an object of type 'GrpcRouteV1Alpha2SpecRules' to JSON representation. + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierSet' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecRules(obj: GrpcRouteV1Alpha2SpecRules | undefined): Record | undefined { +export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierSet(obj: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierSet | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'backendRefs': obj.backendRefs?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesBackendRefs(y)), - 'filters': obj.filters?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesFilters(y)), - 'matches': obj.matches?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesMatches(y)), + 'name': obj.name, + 'value': obj.value, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -5848,58 +9475,44 @@ export function toJson_GrpcRouteV1Alpha2SpecRules(obj: GrpcRouteV1Alpha2SpecRule /* eslint-enable max-len, quote-props */ /** - * GRPCBackendRef defines how a GRPCRoute forwards a gRPC request. - * - * - * Note that when a namespace different than the local namespace is specified, a - * ReferenceGrant object is required in the referent namespace to allow that - * namespace's owner to accept the reference. See the ReferenceGrant - * documentation for details. + * BackendRef references a resource where mirrored requests are sent. * * - * + * Mirrored requests must be sent only to a single destination endpoint + * within this BackendRef, irrespective of how many endpoints are present + * within this BackendRef. * * - * When the BackendRef points to a Kubernetes Service, implementations SHOULD - * honor the appProtocol field if it is set for the target Service Port. + * If the referent cannot be found, this BackendRef is invalid and must be + * dropped from the Gateway. The controller must ensure the "ResolvedRefs" + * condition on the Route status is set to `status: False` and not configure + * this backend in the underlying implementation. * * - * Implementations supporting appProtocol SHOULD recognize the Kubernetes - * Standard Application Protocols defined in KEP-3726. + * If there is a cross-namespace reference to an *existing* object + * that is not allowed by a ReferenceGrant, the controller must ensure the + * "ResolvedRefs" condition on the Route is set to `status: False`, + * with the "RefNotPermitted" reason and not configure this backend in the + * underlying implementation. * * - * If a Service appProtocol isn't specified, an implementation MAY infer the - * backend protocol through its own means. Implementations MAY infer the - * protocol from the Route type referring to the backend Service. + * In either error case, the Message of the `ResolvedRefs` Condition + * should be used to provide more detail about the problem. * * - * If a Route is not able to send traffic to the backend using the specified - * protocol then the backend is considered invalid. Implementations MUST set the - * "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason. + * Support: Extended for Kubernetes Service * * - * + * Support: Implementation-specific for any other resource * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefs + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirrorBackendRef */ -export interface GrpcRouteV1Alpha2SpecRulesBackendRefs { - /** - * Filters defined at this level MUST be executed if and only if the - * request is being forwarded to the backend defined here. - * - * - * Support: Implementation-specific (For broader support of filters, use the - * Filters field in GRPCRouteRule.) - * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefs#filters - */ - readonly filters?: GrpcRouteV1Alpha2SpecRulesBackendRefsFilters[]; - +export interface GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirrorBackendRef { /** * Group is the group of the referent. For example, "gateway.networking.k8s.io". * When unspecified or empty string, core API group is inferred. * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefs#group + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirrorBackendRef#group */ readonly group?: string; @@ -5924,14 +9537,14 @@ export interface GrpcRouteV1Alpha2SpecRulesBackendRefs { * Support: Implementation-specific (Services with type ExternalName) * * @default Service" when not specified. - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefs#kind + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirrorBackendRef#kind */ readonly kind?: string; /** * Name is the name of the referent. * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefs#name + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirrorBackendRef#name */ readonly name: string; @@ -5948,58 +9561,221 @@ export interface GrpcRouteV1Alpha2SpecRulesBackendRefs { * * Support: Core * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefs#namespace + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirrorBackendRef#namespace */ readonly namespace?: string; /** - * Port specifies the destination port number to use for this resource. - * Port is required when the referent is a Kubernetes Service. In this - * case, the port number is the service port number, not the target port. - * For other resources, destination port might be derived from the referent - * resource or this field. - * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefs#port + * Port specifies the destination port number to use for this resource. + * Port is required when the referent is a Kubernetes Service. In this + * case, the port number is the service port number, not the target port. + * For other resources, destination port might be derived from the referent + * resource or this field. + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirrorBackendRef#port + */ + readonly port?: number; + +} + +/** + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirrorBackendRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirrorBackendRef(obj: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirrorBackendRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + 'namespace': obj.namespace, + 'port': obj.port, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierAdd + */ +export interface GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierAdd { + /** + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + * + * + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierAdd#name + */ + readonly name: string; + + /** + * Value is the value of HTTP Header to be matched. + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierAdd#value + */ + readonly value: string; + +} + +/** + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierAdd' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierAdd(obj: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierAdd | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierSet + */ +export interface GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierSet { + /** + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + * + * + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierSet#name + */ + readonly name: string; + + /** + * Value is the value of HTTP Header to be matched. + * + * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierSet#value + */ + readonly value: string; + +} + +/** + * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierSet' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierSet(obj: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierSet | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + + +/** + * HTTPRoute provides a way to route HTTP requests. This includes the capability +to match requests by hostname, path, header, or query param. Filters can be +used to specify additional processing steps. Backends specify where matching +requests should be routed. + * + * @schema HTTPRoute + */ +export class HttpRoute extends ApiObject { + /** + * Returns the apiVersion and kind for "HTTPRoute" + */ + public static readonly GVK: GroupVersionKind = { + apiVersion: 'gateway.networking.k8s.io/v1', + kind: 'HTTPRoute', + } + + /** + * Renders a Kubernetes manifest for "HTTPRoute". + * + * This can be used to inline resource manifests inside other objects (e.g. as templates). + * + * @param props initialization props + */ + public static manifest(props: HttpRouteProps): any { + return { + ...HttpRoute.GVK, + ...toJson_HttpRouteProps(props), + }; + } + + /** + * Defines a "HTTPRoute" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props + */ + public constructor(scope: Construct, id: string, props: HttpRouteProps) { + super(scope, id, { + ...HttpRoute.GVK, + ...props, + }); + } + + /** + * Renders the object to Kubernetes JSON. + */ + public toJson(): any { + const resolved = super.toJson(); + + return { + ...HttpRoute.GVK, + ...toJson_HttpRouteProps(resolved), + }; + } +} + +/** + * HTTPRoute provides a way to route HTTP requests. This includes the capability + * to match requests by hostname, path, header, or query param. Filters can be + * used to specify additional processing steps. Backends specify where matching + * requests should be routed. + * + * @schema HTTPRoute + */ +export interface HttpRouteProps { + /** + * @schema HTTPRoute#metadata */ - readonly port?: number; + readonly metadata?: ApiObjectMetadata; /** - * Weight specifies the proportion of requests forwarded to the referenced - * backend. This is computed as weight/(sum of all weights in this - * BackendRefs list). For non-zero values, there may be some epsilon from - * the exact proportion defined here depending on the precision an - * implementation supports. Weight is not a percentage and the sum of - * weights does not need to equal 100. - * - * - * If only one backend is specified and it has a weight greater than 0, 100% - * of the traffic is forwarded to that backend. If weight is set to 0, no - * traffic should be forwarded for this entry. If unspecified, weight - * defaults to 1. - * - * - * Support for this field varies based on the context where used. + * Spec defines the desired state of HTTPRoute. * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefs#weight + * @schema HTTPRoute#spec */ - readonly weight?: number; + readonly spec: HttpRouteSpec; } /** - * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesBackendRefs' to JSON representation. + * Converts an object of type 'HttpRouteProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefs(obj: GrpcRouteV1Alpha2SpecRulesBackendRefs | undefined): Record | undefined { +export function toJson_HttpRouteProps(obj: HttpRouteProps | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'filters': obj.filters?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFilters(y)), - 'group': obj.group, - 'kind': obj.kind, - 'name': obj.name, - 'namespace': obj.namespace, - 'port': obj.port, - 'weight': obj.weight, + 'metadata': obj.metadata, + 'spec': toJson_HttpRouteSpec(obj.spec), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -6007,182 +9783,185 @@ export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefs(obj: GrpcRouteV1Alp /* eslint-enable max-len, quote-props */ /** - * GRPCRouteFilter defines processing steps that must be completed during the - * request or response lifecycle. GRPCRouteFilters are meant as an extension - * point to express processing that may be done in Gateway implementations. Some - * examples include request or response modification, implementing - * authentication strategies, rate-limiting, and traffic shaping. API - * guarantee/conformance is defined based on the type of the filter. + * Spec defines the desired state of HTTPRoute. * - * @schema GrpcRouteV1Alpha2SpecRulesFilters + * @schema HttpRouteSpec */ -export interface GrpcRouteV1Alpha2SpecRulesFilters { +export interface HttpRouteSpec { /** - * ExtensionRef is an optional, implementation-specific extension to the - * "filter" behavior. For example, resource "myroutefilter" in group - * "networking.example.net"). ExtensionRef MUST NOT be used for core and - * extended filters. + * Hostnames defines a set of hostnames that should match against the HTTP Host + * header to select a HTTPRoute used to process the request. Implementations + * MUST ignore any port value specified in the HTTP Host header while + * performing a match and (absent of any applicable header modification + * configuration) MUST forward this header unmodified to the backend. * * - * Support: Implementation-specific + * Valid values for Hostnames are determined by RFC 1123 definition of a + * hostname with 2 notable exceptions: * * - * This filter can be used multiple times within the same rule. + * 1. IPs are not allowed. + * 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard + * label must appear by itself as the first label. * - * @schema GrpcRouteV1Alpha2SpecRulesFilters#extensionRef - */ - readonly extensionRef?: GrpcRouteV1Alpha2SpecRulesFiltersExtensionRef; - - /** - * RequestHeaderModifier defines a schema for a filter that modifies request - * headers. * + * If a hostname is specified by both the Listener and HTTPRoute, there + * must be at least one intersecting hostname for the HTTPRoute to be + * attached to the Listener. For example: * - * Support: Core * - * @schema GrpcRouteV1Alpha2SpecRulesFilters#requestHeaderModifier - */ - readonly requestHeaderModifier?: GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifier; - - /** - * RequestMirror defines a schema for a filter that mirrors requests. - * Requests are sent to the specified destination, but responses from - * that destination are ignored. + * * A Listener with `test.example.com` as the hostname matches HTTPRoutes + * that have either not specified any hostnames, or have specified at + * least one of `test.example.com` or `*.example.com`. + * * A Listener with `*.example.com` as the hostname matches HTTPRoutes + * that have either not specified any hostnames or have specified at least + * one hostname that matches the Listener hostname. For example, + * `*.example.com`, `test.example.com`, and `foo.test.example.com` would + * all match. On the other hand, `example.com` and `test.example.net` would + * not match. * * - * This filter can be used multiple times within the same rule. Note that - * not all implementations will be able to support mirroring to multiple - * backends. + * Hostnames that are prefixed with a wildcard label (`*.`) are interpreted + * as a suffix match. That means that a match for `*.example.com` would match + * both `test.example.com`, and `foo.test.example.com`, but not `example.com`. * * - * Support: Extended + * If both the Listener and HTTPRoute have specified hostnames, any + * HTTPRoute hostnames that do not match the Listener hostname MUST be + * ignored. For example, if a Listener specified `*.example.com`, and the + * HTTPRoute specified `test.example.com` and `test.example.net`, + * `test.example.net` must not be considered for a match. * - * @schema GrpcRouteV1Alpha2SpecRulesFilters#requestMirror - */ - readonly requestMirror?: GrpcRouteV1Alpha2SpecRulesFiltersRequestMirror; - - /** - * ResponseHeaderModifier defines a schema for a filter that modifies response - * headers. * + * If both the Listener and HTTPRoute have specified hostnames, and none + * match with the criteria above, then the HTTPRoute is not accepted. The + * implementation must raise an 'Accepted' Condition with a status of + * `False` in the corresponding RouteParentStatus. * - * Support: Extended * - * @schema GrpcRouteV1Alpha2SpecRulesFilters#responseHeaderModifier + * In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. + * overlapping wildcard matching and exact matching hostnames), precedence must + * be given to rules from the HTTPRoute with the largest number of: + * + * + * * Characters in a matching non-wildcard hostname. + * * Characters in a matching hostname. + * + * + * If ties exist across multiple Routes, the matching precedence rules for + * HTTPRouteMatches takes over. + * + * + * Support: Core + * + * @schema HttpRouteSpec#hostnames */ - readonly responseHeaderModifier?: GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifier; + readonly hostnames?: string[]; /** - * Type identifies the type of filter to apply. As with other API fields, - * types are classified into three conformance levels: + * ParentRefs references the resources (usually Gateways) that a Route wants + * to be attached to. Note that the referenced parent resource needs to + * allow this for the attachment to be complete. For Gateways, that means + * the Gateway needs to allow attachment from Routes of this kind and + * namespace. For Services, that means the Service must either be in the same + * namespace for a "producer" route, or the mesh implementation must support + * and allow "consumer" routes for the referenced Service. ReferenceGrant is + * not applicable for governing ParentRefs to Services - it is not possible to + * create a "producer" route for a Service in a different namespace from the + * Route. * * - * - Core: Filter types and their corresponding configuration defined by - * "Support: Core" in this package, e.g. "RequestHeaderModifier". All - * implementations supporting GRPCRoute MUST support core filters. + * There are two kinds of parent resources with "Core" support: * * - * - Extended: Filter types and their corresponding configuration defined by - * "Support: Extended" in this package, e.g. "RequestMirror". Implementers - * are encouraged to support extended filters. + * * Gateway (Gateway conformance profile) + * * Service (Mesh conformance profile, ClusterIP Services only) * * - * - Implementation-specific: Filters that are defined and supported by specific vendors. - * In the future, filters showing convergence in behavior across multiple - * implementations will be considered for inclusion in extended or core - * conformance levels. Filter-specific configuration for such filters - * is specified using the ExtensionRef field. `Type` MUST be set to - * "ExtensionRef" for custom filters. + * This API may be extended in the future to support additional kinds of parent + * resources. * * - * Implementers are encouraged to define custom implementation types to - * extend the core API with implementation-specific behavior. + * ParentRefs must be _distinct_. This means either that: * * - * If a reference to a custom filter type cannot be resolved, the filter - * MUST NOT be skipped. Instead, requests that would have been processed by - * that filter MUST receive a HTTP error response. + * * They select different objects. If this is the case, then parentRef + * entries are distinct. In terms of fields, this means that the + * multi-part key defined by `group`, `kind`, `namespace`, and `name` must + * be unique across all parentRef entries in the Route. + * * They do not select different objects, but for each optional field used, + * each ParentRef that selects the same object must set the same set of + * optional fields to different values. If one ParentRef sets a + * combination of optional fields, all must set the same combination. * * + * Some examples: * * - * @schema GrpcRouteV1Alpha2SpecRulesFilters#type - */ - readonly type: GrpcRouteV1Alpha2SpecRulesFiltersType; - -} - -/** - * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesFilters' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecRulesFilters(obj: GrpcRouteV1Alpha2SpecRulesFilters | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'extensionRef': toJson_GrpcRouteV1Alpha2SpecRulesFiltersExtensionRef(obj.extensionRef), - 'requestHeaderModifier': toJson_GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifier(obj.requestHeaderModifier), - 'requestMirror': toJson_GrpcRouteV1Alpha2SpecRulesFiltersRequestMirror(obj.requestMirror), - 'responseHeaderModifier': toJson_GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifier(obj.responseHeaderModifier), - 'type': obj.type, - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ - -/** - * GRPCRouteMatch defines the predicate used to match requests to a given - * action. Multiple match types are ANDed together, i.e. the match will - * evaluate to true only if all conditions are satisfied. - * - * - * For example, the match below will match a gRPC request only if its service - * is `foo` AND it contains the `version: v1` header: - * - * - * ``` - * matches: - * - method: - * type: Exact - * service: "foo" - * headers: - * - name: "version" - * value "v1" - * - * - * ``` - * - * @schema GrpcRouteV1Alpha2SpecRulesMatches - */ -export interface GrpcRouteV1Alpha2SpecRulesMatches { - /** - * Headers specifies gRPC request header matchers. Multiple match values are - * ANDed together, meaning, a request MUST match all the specified headers - * to select the route. + * * If one ParentRef sets `sectionName`, all ParentRefs referencing the + * same object must also set `sectionName`. + * * If one ParentRef sets `port`, all ParentRefs referencing the same + * object must also set `port`. + * * If one ParentRef sets `sectionName` and `port`, all ParentRefs + * referencing the same object must also set `sectionName` and `port`. + * + * + * It is possible to separately reference multiple distinct objects that may + * be collapsed by an implementation. For example, some implementations may + * choose to merge compatible Gateway Listeners together. If that is the + * case, the list of routes attached to those resources should also be + * merged. + * * - * @schema GrpcRouteV1Alpha2SpecRulesMatches#headers + * Note that for ParentRefs that cross namespace boundaries, there are specific + * rules. Cross-namespace references are only valid if they are explicitly + * allowed by something in the namespace they are referring to. For example, + * Gateway has the AllowedRoutes field, and ReferenceGrant provides a + * generic way to enable other kinds of cross-namespace reference. + * + * + * + * ParentRefs from a Route to a Service in the same namespace are "producer" + * routes, which apply default routing rules to inbound connections from + * any namespace to the Service. + * + * + * ParentRefs from a Route to a Service in a different namespace are + * "consumer" routes, and these routing rules are only applied to outbound + * connections originating from the same namespace as the Route, for which + * the intended destination of the connections are a Service targeted as a + * ParentRef of the Route. + * + * + * + * + * + * + * + * + * @schema HttpRouteSpec#parentRefs */ - readonly headers?: GrpcRouteV1Alpha2SpecRulesMatchesHeaders[]; + readonly parentRefs?: HttpRouteSpecParentRefs[]; /** - * Method specifies a gRPC request service/method matcher. If this field is - * not specified, all services and methods will match. + * Rules are a list of HTTP matchers, filters and actions. * - * @schema GrpcRouteV1Alpha2SpecRulesMatches#method + * @schema HttpRouteSpec#rules */ - readonly method?: GrpcRouteV1Alpha2SpecRulesMatchesMethod; + readonly rules?: HttpRouteSpecRules[]; } /** - * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesMatches' to JSON representation. + * Converts an object of type 'HttpRouteSpec' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecRulesMatches(obj: GrpcRouteV1Alpha2SpecRulesMatches | undefined): Record | undefined { +export function toJson_HttpRouteSpec(obj: HttpRouteSpec | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'headers': obj.headers?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesMatchesHeaders(y)), - 'method': toJson_GrpcRouteV1Alpha2SpecRulesMatchesMethod(obj.method), + 'hostnames': obj.hostnames?.map(y => y), + 'parentRefs': obj.parentRefs?.map(y => toJson_HttpRouteSpecParentRefs(y)), + 'rules': obj.rules?.map(y => toJson_HttpRouteSpecRules(y)), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -6190,178 +9969,187 @@ export function toJson_GrpcRouteV1Alpha2SpecRulesMatches(obj: GrpcRouteV1Alpha2S /* eslint-enable max-len, quote-props */ /** - * GRPCRouteFilter defines processing steps that must be completed during the - * request or response lifecycle. GRPCRouteFilters are meant as an extension - * point to express processing that may be done in Gateway implementations. Some - * examples include request or response modification, implementing - * authentication strategies, rate-limiting, and traffic shaping. API - * guarantee/conformance is defined based on the type of the filter. + * ParentReference identifies an API object (usually a Gateway) that can be considered + * a parent of this resource (usually a route). There are two kinds of parent resources + * with "Core" support: * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFilters + * + * * Gateway (Gateway conformance profile) + * * Service (Mesh conformance profile, ClusterIP Services only) + * + * + * This API may be extended in the future to support additional kinds of parent + * resources. + * + * + * The API object must be valid in the cluster; the Group and Kind must + * be registered in the cluster for this reference to be valid. + * + * @schema HttpRouteSpecParentRefs */ -export interface GrpcRouteV1Alpha2SpecRulesBackendRefsFilters { +export interface HttpRouteSpecParentRefs { /** - * ExtensionRef is an optional, implementation-specific extension to the - * "filter" behavior. For example, resource "myroutefilter" in group - * "networking.example.net"). ExtensionRef MUST NOT be used for core and - * extended filters. + * Group is the group of the referent. + * When unspecified, "gateway.networking.k8s.io" is inferred. + * To set the core API group (such as for a "Service" kind referent), + * Group must be explicitly set to "" (empty string). * * - * Support: Implementation-specific + * Support: Core * + * @schema HttpRouteSpecParentRefs#group + */ + readonly group?: string; + + /** + * Kind is kind of the referent. * - * This filter can be used multiple times within the same rule. * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFilters#extensionRef + * There are two kinds of parent resources with "Core" support: + * + * + * * Gateway (Gateway conformance profile) + * * Service (Mesh conformance profile, ClusterIP Services only) + * + * + * Support for other resources is Implementation-Specific. + * + * @schema HttpRouteSpecParentRefs#kind */ - readonly extensionRef?: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersExtensionRef; + readonly kind?: string; /** - * RequestHeaderModifier defines a schema for a filter that modifies request - * headers. + * Name is the name of the referent. * * * Support: Core * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFilters#requestHeaderModifier + * @schema HttpRouteSpecParentRefs#name */ - readonly requestHeaderModifier?: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifier; + readonly name: string; /** - * RequestMirror defines a schema for a filter that mirrors requests. - * Requests are sent to the specified destination, but responses from - * that destination are ignored. + * Namespace is the namespace of the referent. When unspecified, this refers + * to the local namespace of the Route. * * - * This filter can be used multiple times within the same rule. Note that - * not all implementations will be able to support mirroring to multiple - * backends. + * Note that there are specific rules for ParentRefs which cross namespace + * boundaries. Cross-namespace references are only valid if they are explicitly + * allowed by something in the namespace they are referring to. For example: + * Gateway has the AllowedRoutes field, and ReferenceGrant provides a + * generic way to enable any other kind of cross-namespace reference. * * - * Support: Extended * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFilters#requestMirror - */ - readonly requestMirror?: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirror; - - /** - * ResponseHeaderModifier defines a schema for a filter that modifies response - * headers. + * ParentRefs from a Route to a Service in the same namespace are "producer" + * routes, which apply default routing rules to inbound connections from + * any namespace to the Service. * * - * Support: Extended + * ParentRefs from a Route to a Service in a different namespace are + * "consumer" routes, and these routing rules are only applied to outbound + * connections originating from the same namespace as the Route, for which + * the intended destination of the connections are a Service targeted as a + * ParentRef of the Route. * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFilters#responseHeaderModifier + * + * + * Support: Core + * + * @schema HttpRouteSpecParentRefs#namespace */ - readonly responseHeaderModifier?: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifier; + readonly namespace?: string; /** - * Type identifies the type of filter to apply. As with other API fields, - * types are classified into three conformance levels: - * + * Port is the network port this Route targets. It can be interpreted + * differently based on the type of parent resource. * - * - Core: Filter types and their corresponding configuration defined by - * "Support: Core" in this package, e.g. "RequestHeaderModifier". All - * implementations supporting GRPCRoute MUST support core filters. * + * When the parent resource is a Gateway, this targets all listeners + * listening on the specified port that also support this kind of Route(and + * select this Route). It's not recommended to set `Port` unless the + * networking behaviors specified in a Route must apply to a specific port + * as opposed to a listener(s) whose port(s) may be changed. When both Port + * and SectionName are specified, the name and port of the selected listener + * must match both specified values. * - * - Extended: Filter types and their corresponding configuration defined by - * "Support: Extended" in this package, e.g. "RequestMirror". Implementers - * are encouraged to support extended filters. * * - * - Implementation-specific: Filters that are defined and supported by specific vendors. - * In the future, filters showing convergence in behavior across multiple - * implementations will be considered for inclusion in extended or core - * conformance levels. Filter-specific configuration for such filters - * is specified using the ExtensionRef field. `Type` MUST be set to - * "ExtensionRef" for custom filters. + * When the parent resource is a Service, this targets a specific port in the + * Service spec. When both Port (experimental) and SectionName are specified, + * the name and port of the selected port must match both specified values. * * - * Implementers are encouraged to define custom implementation types to - * extend the core API with implementation-specific behavior. * + * Implementations MAY choose to support other parent resources. + * Implementations supporting other types of parent resources MUST clearly + * document how/if Port is interpreted. * - * If a reference to a custom filter type cannot be resolved, the filter - * MUST NOT be skipped. Instead, requests that would have been processed by - * that filter MUST receive a HTTP error response. * + * For the purpose of status, an attachment is considered successful as + * long as the parent resource accepts it partially. For example, Gateway + * listeners can restrict which Routes can attach to them by Route kind, + * namespace, or hostname. If 1 of 2 Gateway listeners accept attachment + * from the referencing Route, the Route MUST be considered successfully + * attached. If no Gateway listeners accept attachment from this Route, + * the Route MUST be considered detached from the Gateway. * * + * Support: Extended * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFilters#type + * @schema HttpRouteSpecParentRefs#port */ - readonly type: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersType; - -} - -/** - * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesBackendRefsFilters' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFilters(obj: GrpcRouteV1Alpha2SpecRulesBackendRefsFilters | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'extensionRef': toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersExtensionRef(obj.extensionRef), - 'requestHeaderModifier': toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifier(obj.requestHeaderModifier), - 'requestMirror': toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirror(obj.requestMirror), - 'responseHeaderModifier': toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifier(obj.responseHeaderModifier), - 'type': obj.type, - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ + readonly port?: number; -/** - * ExtensionRef is an optional, implementation-specific extension to the - * "filter" behavior. For example, resource "myroutefilter" in group - * "networking.example.net"). ExtensionRef MUST NOT be used for core and - * extended filters. - * - * - * Support: Implementation-specific - * - * - * This filter can be used multiple times within the same rule. - * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersExtensionRef - */ -export interface GrpcRouteV1Alpha2SpecRulesFiltersExtensionRef { /** - * Group is the group of the referent. For example, "gateway.networking.k8s.io". - * When unspecified or empty string, core API group is inferred. + * SectionName is the name of a section within the target resource. In the + * following resources, SectionName is interpreted as the following: * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersExtensionRef#group - */ - readonly group: string; - - /** - * Kind is kind of the referent. For example "HTTPRoute" or "Service". * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersExtensionRef#kind - */ - readonly kind: string; - - /** - * Name is the name of the referent. + * * Gateway: Listener name. When both Port (experimental) and SectionName + * are specified, the name and port of the selected listener must match + * both specified values. + * * Service: Port name. When both Port (experimental) and SectionName + * are specified, the name and port of the selected listener must match + * both specified values. * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersExtensionRef#name + * + * Implementations MAY choose to support attaching Routes to other resources. + * If that is the case, they MUST clearly document how SectionName is + * interpreted. + * + * + * When unspecified (empty string), this will reference the entire resource. + * For the purpose of status, an attachment is considered successful if at + * least one section in the parent resource accepts it. For example, Gateway + * listeners can restrict which Routes can attach to them by Route kind, + * namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from + * the referencing Route, the Route MUST be considered successfully + * attached. If no Gateway listeners accept attachment from this Route, the + * Route MUST be considered detached from the Gateway. + * + * + * Support: Core + * + * @schema HttpRouteSpecParentRefs#sectionName */ - readonly name: string; + readonly sectionName?: string; } /** - * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesFiltersExtensionRef' to JSON representation. + * Converts an object of type 'HttpRouteSpecParentRefs' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecRulesFiltersExtensionRef(obj: GrpcRouteV1Alpha2SpecRulesFiltersExtensionRef | undefined): Record | undefined { +export function toJson_HttpRouteSpecParentRefs(obj: HttpRouteSpecParentRefs | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { 'group': obj.group, 'kind': obj.kind, 'name': obj.name, + 'namespace': obj.namespace, + 'port': obj.port, + 'sectionName': obj.sectionName, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -6369,272 +10157,224 @@ export function toJson_GrpcRouteV1Alpha2SpecRulesFiltersExtensionRef(obj: GrpcRo /* eslint-enable max-len, quote-props */ /** - * RequestHeaderModifier defines a schema for a filter that modifies request - * headers. - * - * - * Support: Core + * HTTPRouteRule defines semantics for matching an HTTP request based on + * conditions (matches), processing it (filters), and forwarding the request to + * an API object (backendRefs). * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifier + * @schema HttpRouteSpecRules */ -export interface GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifier { +export interface HttpRouteSpecRules { /** - * Add adds the given header(s) (name, value) to the request - * before the action. It appends to any existing values associated - * with the header name. + * BackendRefs defines the backend(s) where matching requests should be + * sent. * * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo + * Failure behavior here depends on how many BackendRefs are specified and + * how many are invalid. * * - * Config: - * add: - * - name: "my-header" - * value: "bar,baz" + * If *all* entries in BackendRefs are invalid, and there are also no filters + * specified in this route rule, *all* traffic which matches this rule MUST + * receive a 500 status code. * * - * Output: - * GET /foo HTTP/1.1 - * my-header: foo,bar,baz + * See the HTTPBackendRef definition for the rules about what makes a single + * HTTPBackendRef invalid. * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifier#add - */ - readonly add?: GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierAdd[]; - - /** - * Remove the given header(s) from the HTTP request before the action. The - * value of Remove is a list of HTTP header names. Note that the header - * names are case-insensitive (see - * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). * + * When a HTTPBackendRef is invalid, 500 status codes MUST be returned for + * requests that would have otherwise been routed to an invalid backend. If + * multiple backends are specified, and some are invalid, the proportion of + * requests that would otherwise have been routed to an invalid backend + * MUST receive a 500 status code. * - * Input: - * GET /foo HTTP/1.1 - * my-header1: foo - * my-header2: bar - * my-header3: baz * + * For example, if two backends are specified with equal weights, and one is + * invalid, 50 percent of traffic must receive a 500. Implementations may + * choose how that 50 percent is determined. * - * Config: - * remove: ["my-header1", "my-header3"] * + * Support: Core for Kubernetes Service * - * Output: - * GET /foo HTTP/1.1 - * my-header2: bar * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifier#remove + * Support: Extended for Kubernetes ServiceImport + * + * + * Support: Implementation-specific for any other resource + * + * + * Support for weight: Core + * + * @schema HttpRouteSpecRules#backendRefs */ - readonly remove?: string[]; + readonly backendRefs?: HttpRouteSpecRulesBackendRefs[]; /** - * Set overwrites the request with the given header (name, value) - * before the action. + * Filters define the filters that are applied to requests that match + * this rule. * * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo + * Wherever possible, implementations SHOULD implement filters in the order + * they are specified. * * - * Config: - * set: - * - name: "my-header" - * value: "bar" + * Implementations MAY choose to implement this ordering strictly, rejecting + * any combination or order of filters that can not be supported. If implementations + * choose a strict interpretation of filter ordering, they MUST clearly document + * that behavior. * * - * Output: - * GET /foo HTTP/1.1 - * my-header: bar + * To reject an invalid combination or order of filters, implementations SHOULD + * consider the Route Rules with this configuration invalid. If all Route Rules + * in a Route are invalid, the entire Route would be considered invalid. If only + * a portion of Route Rules are invalid, implementations MUST set the + * "PartiallyInvalid" condition for the Route. * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifier#set + * + * Conformance-levels at this level are defined based on the type of filter: + * + * + * - ALL core filters MUST be supported by all implementations. + * - Implementers are encouraged to support extended filters. + * - Implementation-specific custom filters have no API guarantees across + * implementations. + * + * + * Specifying the same filter multiple times is not supported unless explicitly + * indicated in the filter. + * + * + * All filters are expected to be compatible with each other except for the + * URLRewrite and RequestRedirect filters, which may not be combined. If an + * implementation can not support other combinations of filters, they must clearly + * document that limitation. In cases where incompatible or unsupported + * filters are specified and cause the `Accepted` condition to be set to status + * `False`, implementations may use the `IncompatibleFilters` reason to specify + * this configuration error. + * + * + * Support: Core + * + * @schema HttpRouteSpecRules#filters */ - readonly set?: GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierSet[]; - -} - -/** - * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifier' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifier(obj: GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifier | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'add': obj.add?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierAdd(y)), - 'remove': obj.remove?.map(y => y), - 'set': obj.set?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierSet(y)), - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ + readonly filters?: HttpRouteSpecRulesFilters[]; -/** - * RequestMirror defines a schema for a filter that mirrors requests. - * Requests are sent to the specified destination, but responses from - * that destination are ignored. - * - * - * This filter can be used multiple times within the same rule. Note that - * not all implementations will be able to support mirroring to multiple - * backends. - * - * - * Support: Extended - * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestMirror - */ -export interface GrpcRouteV1Alpha2SpecRulesFiltersRequestMirror { /** - * BackendRef references a resource where mirrored requests are sent. + * Matches define conditions used for matching the rule against incoming + * HTTP requests. Each match is independent, i.e. this rule will be matched + * if **any** one of the matches is satisfied. * * - * Mirrored requests must be sent only to a single destination endpoint - * within this BackendRef, irrespective of how many endpoints are present - * within this BackendRef. + * For example, take the following matches configuration: * * - * If the referent cannot be found, this BackendRef is invalid and must be - * dropped from the Gateway. The controller must ensure the "ResolvedRefs" - * condition on the Route status is set to `status: False` and not configure - * this backend in the underlying implementation. + * ``` + * matches: + * - path: + * value: "/foo" + * headers: + * - name: "version" + * value: "v2" + * - path: + * value: "/v2/foo" + * ``` * * - * If there is a cross-namespace reference to an *existing* object - * that is not allowed by a ReferenceGrant, the controller must ensure the - * "ResolvedRefs" condition on the Route is set to `status: False`, - * with the "RefNotPermitted" reason and not configure this backend in the - * underlying implementation. + * For a request to match against this rule, a request must satisfy + * EITHER of the two conditions: * * - * In either error case, the Message of the `ResolvedRefs` Condition - * should be used to provide more detail about the problem. + * - path prefixed with `/foo` AND contains the header `version: v2` + * - path prefix of `/v2/foo` * * - * Support: Extended for Kubernetes Service + * See the documentation for HTTPRouteMatch on how to specify multiple + * match conditions that should be ANDed together. * * - * Support: Implementation-specific for any other resource + * If no matches are specified, the default is a prefix + * path match on "/", which has the effect of matching every + * HTTP request. + * + * + * Proxy or Load Balancer routing configuration generated from HTTPRoutes + * MUST prioritize matches based on the following criteria, continuing on + * ties. Across all rules specified on applicable Routes, precedence must be + * given to the match having: + * + * + * * "Exact" path match. + * * "Prefix" path match with largest number of characters. + * * Method match. + * * Largest number of header matches. + * * Largest number of query param matches. + * + * + * Note: The precedence of RegularExpression path matches are implementation-specific. * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestMirror#backendRef - */ - readonly backendRef: GrpcRouteV1Alpha2SpecRulesFiltersRequestMirrorBackendRef; - -} - -/** - * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesFiltersRequestMirror' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecRulesFiltersRequestMirror(obj: GrpcRouteV1Alpha2SpecRulesFiltersRequestMirror | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'backendRef': toJson_GrpcRouteV1Alpha2SpecRulesFiltersRequestMirrorBackendRef(obj.backendRef), - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ - -/** - * ResponseHeaderModifier defines a schema for a filter that modifies response - * headers. - * - * - * Support: Extended - * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifier - */ -export interface GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifier { - /** - * Add adds the given header(s) (name, value) to the request - * before the action. It appends to any existing values associated - * with the header name. * + * If ties still exist across multiple Routes, matching precedence MUST be + * determined in order of the following criteria, continuing on ties: * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo * + * * The oldest Route based on creation timestamp. + * * The Route appearing first in alphabetical order by + * "{namespace}/{name}". * - * Config: - * add: - * - name: "my-header" - * value: "bar,baz" * + * If ties still exist within an HTTPRoute, matching precedence MUST be granted + * to the FIRST matching rule (in list order) with a match meeting the above + * criteria. * - * Output: - * GET /foo HTTP/1.1 - * my-header: foo,bar,baz * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifier#add + * When no rules matching a request have been successfully attached to the + * parent a request is coming from, a HTTP 404 status code MUST be returned. + * + * @schema HttpRouteSpecRules#matches */ - readonly add?: GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierAdd[]; + readonly matches?: HttpRouteSpecRulesMatches[]; /** - * Remove the given header(s) from the HTTP request before the action. The - * value of Remove is a list of HTTP header names. Note that the header - * names are case-insensitive (see - * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). - * + * SessionPersistence defines and configures session persistence + * for the route rule. * - * Input: - * GET /foo HTTP/1.1 - * my-header1: foo - * my-header2: bar - * my-header3: baz * + * Support: Extended * - * Config: - * remove: ["my-header1", "my-header3"] * * - * Output: - * GET /foo HTTP/1.1 - * my-header2: bar * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifier#remove + * @schema HttpRouteSpecRules#sessionPersistence */ - readonly remove?: string[]; + readonly sessionPersistence?: HttpRouteSpecRulesSessionPersistence; /** - * Set overwrites the request with the given header (name, value) - * before the action. - * + * Timeouts defines the timeouts that can be configured for an HTTP request. * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo * + * Support: Extended * - * Config: - * set: - * - name: "my-header" - * value: "bar" * * - * Output: - * GET /foo HTTP/1.1 - * my-header: bar * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifier#set + * @schema HttpRouteSpecRules#timeouts */ - readonly set?: GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierSet[]; + readonly timeouts?: HttpRouteSpecRulesTimeouts; } /** - * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifier' to JSON representation. + * Converts an object of type 'HttpRouteSpecRules' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifier(obj: GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifier | undefined): Record | undefined { +export function toJson_HttpRouteSpecRules(obj: HttpRouteSpecRules | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'add': obj.add?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierAdd(y)), - 'remove': obj.remove?.map(y => y), - 'set': obj.set?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierSet(y)), + 'backendRefs': obj.backendRefs?.map(y => toJson_HttpRouteSpecRulesBackendRefs(y)), + 'filters': obj.filters?.map(y => toJson_HttpRouteSpecRulesFilters(y)), + 'matches': obj.matches?.map(y => toJson_HttpRouteSpecRulesMatches(y)), + 'sessionPersistence': toJson_HttpRouteSpecRulesSessionPersistence(obj.sessionPersistence), + 'timeouts': toJson_HttpRouteSpecRulesTimeouts(obj.timeouts), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -6642,99 +10382,158 @@ export function toJson_GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifier(o /* eslint-enable max-len, quote-props */ /** - * Type identifies the type of filter to apply. As with other API fields, - * types are classified into three conformance levels: + * HTTPBackendRef defines how a HTTPRoute forwards a HTTP request. * * - * - Core: Filter types and their corresponding configuration defined by - * "Support: Core" in this package, e.g. "RequestHeaderModifier". All - * implementations supporting GRPCRoute MUST support core filters. + * Note that when a namespace different than the local namespace is specified, a + * ReferenceGrant object is required in the referent namespace to allow that + * namespace's owner to accept the reference. See the ReferenceGrant + * documentation for details. * * - * - Extended: Filter types and their corresponding configuration defined by - * "Support: Extended" in this package, e.g. "RequestMirror". Implementers - * are encouraged to support extended filters. + * * * - * - Implementation-specific: Filters that are defined and supported by specific vendors. - * In the future, filters showing convergence in behavior across multiple - * implementations will be considered for inclusion in extended or core - * conformance levels. Filter-specific configuration for such filters - * is specified using the ExtensionRef field. `Type` MUST be set to - * "ExtensionRef" for custom filters. + * When the BackendRef points to a Kubernetes Service, implementations SHOULD + * honor the appProtocol field if it is set for the target Service Port. * * - * Implementers are encouraged to define custom implementation types to - * extend the core API with implementation-specific behavior. + * Implementations supporting appProtocol SHOULD recognize the Kubernetes + * Standard Application Protocols defined in KEP-3726. * * - * If a reference to a custom filter type cannot be resolved, the filter - * MUST NOT be skipped. Instead, requests that would have been processed by - * that filter MUST receive a HTTP error response. + * If a Service appProtocol isn't specified, an implementation MAY infer the + * backend protocol through its own means. Implementations MAY infer the + * protocol from the Route type referring to the backend Service. * * + * If a Route is not able to send traffic to the backend using the specified + * protocol then the backend is considered invalid. Implementations MUST set the + * "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason. * * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersType - */ -export enum GrpcRouteV1Alpha2SpecRulesFiltersType { - /** ResponseHeaderModifier */ - RESPONSE_HEADER_MODIFIER = "ResponseHeaderModifier", - /** RequestHeaderModifier */ - REQUEST_HEADER_MODIFIER = "RequestHeaderModifier", - /** RequestMirror */ - REQUEST_MIRROR = "RequestMirror", - /** ExtensionRef */ - EXTENSION_REF = "ExtensionRef", -} - -/** - * GRPCHeaderMatch describes how to select a gRPC route by matching gRPC request - * headers. + * * - * @schema GrpcRouteV1Alpha2SpecRulesMatchesHeaders + * @schema HttpRouteSpecRulesBackendRefs */ -export interface GrpcRouteV1Alpha2SpecRulesMatchesHeaders { +export interface HttpRouteSpecRulesBackendRefs { /** - * Name is the name of the gRPC Header to be matched. + * Filters defined at this level should be executed if and only if the + * request is being forwarded to the backend defined here. * * - * If multiple entries specify equivalent header names, only the first - * entry with an equivalent name MUST be considered for a match. Subsequent - * entries with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * Support: Implementation-specific (For broader support of filters, use the + * Filters field in HTTPRouteRule.) * - * @schema GrpcRouteV1Alpha2SpecRulesMatchesHeaders#name + * @schema HttpRouteSpecRulesBackendRefs#filters + */ + readonly filters?: HttpRouteSpecRulesBackendRefsFilters[]; + + /** + * Group is the group of the referent. For example, "gateway.networking.k8s.io". + * When unspecified or empty string, core API group is inferred. + * + * @schema HttpRouteSpecRulesBackendRefs#group + */ + readonly group?: string; + + /** + * Kind is the Kubernetes resource kind of the referent. For example + * "Service". + * + * + * Defaults to "Service" when not specified. + * + * + * ExternalName services can refer to CNAME DNS records that may live + * outside of the cluster and as such are difficult to reason about in + * terms of conformance. They also may not be safe to forward to (see + * CVE-2021-25740 for more information). Implementations SHOULD NOT + * support ExternalName Services. + * + * + * Support: Core (Services with a type other than ExternalName) + * + * + * Support: Implementation-specific (Services with type ExternalName) + * + * @default Service" when not specified. + * @schema HttpRouteSpecRulesBackendRefs#kind + */ + readonly kind?: string; + + /** + * Name is the name of the referent. + * + * @schema HttpRouteSpecRulesBackendRefs#name */ readonly name: string; /** - * Type specifies how to match against the value of the header. + * Namespace is the namespace of the backend. When unspecified, the local + * namespace is inferred. * - * @schema GrpcRouteV1Alpha2SpecRulesMatchesHeaders#type + * + * Note that when a namespace different than the local namespace is specified, + * a ReferenceGrant object is required in the referent namespace to allow that + * namespace's owner to accept the reference. See the ReferenceGrant + * documentation for details. + * + * + * Support: Core + * + * @schema HttpRouteSpecRulesBackendRefs#namespace */ - readonly type?: GrpcRouteV1Alpha2SpecRulesMatchesHeadersType; + readonly namespace?: string; /** - * Value is the value of the gRPC Header to be matched. + * Port specifies the destination port number to use for this resource. + * Port is required when the referent is a Kubernetes Service. In this + * case, the port number is the service port number, not the target port. + * For other resources, destination port might be derived from the referent + * resource or this field. * - * @schema GrpcRouteV1Alpha2SpecRulesMatchesHeaders#value + * @schema HttpRouteSpecRulesBackendRefs#port */ - readonly value: string; + readonly port?: number; + + /** + * Weight specifies the proportion of requests forwarded to the referenced + * backend. This is computed as weight/(sum of all weights in this + * BackendRefs list). For non-zero values, there may be some epsilon from + * the exact proportion defined here depending on the precision an + * implementation supports. Weight is not a percentage and the sum of + * weights does not need to equal 100. + * + * + * If only one backend is specified and it has a weight greater than 0, 100% + * of the traffic is forwarded to that backend. If weight is set to 0, no + * traffic should be forwarded for this entry. If unspecified, weight + * defaults to 1. + * + * + * Support for this field varies based on the context where used. + * + * @schema HttpRouteSpecRulesBackendRefs#weight + */ + readonly weight?: number; } /** - * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesMatchesHeaders' to JSON representation. + * Converts an object of type 'HttpRouteSpecRulesBackendRefs' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecRulesMatchesHeaders(obj: GrpcRouteV1Alpha2SpecRulesMatchesHeaders | undefined): Record | undefined { +export function toJson_HttpRouteSpecRulesBackendRefs(obj: HttpRouteSpecRulesBackendRefs | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { + 'filters': obj.filters?.map(y => toJson_HttpRouteSpecRulesBackendRefsFilters(y)), + 'group': obj.group, + 'kind': obj.kind, 'name': obj.name, - 'type': obj.type, - 'value': obj.value, + 'namespace': obj.namespace, + 'port': obj.port, + 'weight': obj.weight, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -6742,115 +10541,153 @@ export function toJson_GrpcRouteV1Alpha2SpecRulesMatchesHeaders(obj: GrpcRouteV1 /* eslint-enable max-len, quote-props */ /** - * Method specifies a gRPC request service/method matcher. If this field is - * not specified, all services and methods will match. + * HTTPRouteFilter defines processing steps that must be completed during the + * request or response lifecycle. HTTPRouteFilters are meant as an extension + * point to express processing that may be done in Gateway implementations. Some + * examples include request or response modification, implementing + * authentication strategies, rate-limiting, and traffic shaping. API + * guarantee/conformance is defined based on the type of the filter. * - * @schema GrpcRouteV1Alpha2SpecRulesMatchesMethod + * @schema HttpRouteSpecRulesFilters */ -export interface GrpcRouteV1Alpha2SpecRulesMatchesMethod { +export interface HttpRouteSpecRulesFilters { /** - * Value of the method to match against. If left empty or omitted, will - * match all services. + * ExtensionRef is an optional, implementation-specific extension to the + * "filter" behavior. For example, resource "myroutefilter" in group + * "networking.example.net"). ExtensionRef MUST NOT be used for core and + * extended filters. + * + * + * This filter can be used multiple times within the same rule. * * - * At least one of Service and Method MUST be a non-empty string. + * Support: Implementation-specific * - * @schema GrpcRouteV1Alpha2SpecRulesMatchesMethod#method + * @schema HttpRouteSpecRulesFilters#extensionRef */ - readonly method?: string; + readonly extensionRef?: HttpRouteSpecRulesFiltersExtensionRef; /** - * Value of the service to match against. If left empty or omitted, will - * match any service. + * RequestHeaderModifier defines a schema for a filter that modifies request + * headers. * * - * At least one of Service and Method MUST be a non-empty string. + * Support: Core * - * @schema GrpcRouteV1Alpha2SpecRulesMatchesMethod#service + * @schema HttpRouteSpecRulesFilters#requestHeaderModifier */ - readonly service?: string; + readonly requestHeaderModifier?: HttpRouteSpecRulesFiltersRequestHeaderModifier; /** - * Type specifies how to match against the service and/or method. - * Support: Core (Exact with service and method specified) + * RequestMirror defines a schema for a filter that mirrors requests. + * Requests are sent to the specified destination, but responses from + * that destination are ignored. * * - * Support: Implementation-specific (Exact with method specified but no service specified) + * This filter can be used multiple times within the same rule. Note that + * not all implementations will be able to support mirroring to multiple + * backends. * * - * Support: Implementation-specific (RegularExpression) + * Support: Extended * - * @schema GrpcRouteV1Alpha2SpecRulesMatchesMethod#type + * @schema HttpRouteSpecRulesFilters#requestMirror */ - readonly type?: GrpcRouteV1Alpha2SpecRulesMatchesMethodType; - -} + readonly requestMirror?: HttpRouteSpecRulesFiltersRequestMirror; -/** - * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesMatchesMethod' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecRulesMatchesMethod(obj: GrpcRouteV1Alpha2SpecRulesMatchesMethod | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'method': obj.method, - 'service': obj.service, - 'type': obj.type, - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ + /** + * RequestRedirect defines a schema for a filter that responds to the + * request with an HTTP redirection. + * + * + * Support: Core + * + * @schema HttpRouteSpecRulesFilters#requestRedirect + */ + readonly requestRedirect?: HttpRouteSpecRulesFiltersRequestRedirect; -/** - * ExtensionRef is an optional, implementation-specific extension to the - * "filter" behavior. For example, resource "myroutefilter" in group - * "networking.example.net"). ExtensionRef MUST NOT be used for core and - * extended filters. - * - * - * Support: Implementation-specific - * - * - * This filter can be used multiple times within the same rule. - * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersExtensionRef - */ -export interface GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersExtensionRef { /** - * Group is the group of the referent. For example, "gateway.networking.k8s.io". - * When unspecified or empty string, core API group is inferred. + * ResponseHeaderModifier defines a schema for a filter that modifies response + * headers. * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersExtensionRef#group + * + * Support: Extended + * + * @schema HttpRouteSpecRulesFilters#responseHeaderModifier */ - readonly group: string; + readonly responseHeaderModifier?: HttpRouteSpecRulesFiltersResponseHeaderModifier; /** - * Kind is kind of the referent. For example "HTTPRoute" or "Service". + * Type identifies the type of filter to apply. As with other API fields, + * types are classified into three conformance levels: * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersExtensionRef#kind + * + * - Core: Filter types and their corresponding configuration defined by + * "Support: Core" in this package, e.g. "RequestHeaderModifier". All + * implementations must support core filters. + * + * + * - Extended: Filter types and their corresponding configuration defined by + * "Support: Extended" in this package, e.g. "RequestMirror". Implementers + * are encouraged to support extended filters. + * + * + * - Implementation-specific: Filters that are defined and supported by + * specific vendors. + * In the future, filters showing convergence in behavior across multiple + * implementations will be considered for inclusion in extended or core + * conformance levels. Filter-specific configuration for such filters + * is specified using the ExtensionRef field. `Type` should be set to + * "ExtensionRef" for custom filters. + * + * + * Implementers are encouraged to define custom implementation types to + * extend the core API with implementation-specific behavior. + * + * + * If a reference to a custom filter type cannot be resolved, the filter + * MUST NOT be skipped. Instead, requests that would have been processed by + * that filter MUST receive a HTTP error response. + * + * + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. + * + * + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. + * + * @schema HttpRouteSpecRulesFilters#type */ - readonly kind: string; + readonly type: HttpRouteSpecRulesFiltersType; /** - * Name is the name of the referent. + * URLRewrite defines a schema for a filter that modifies a request during forwarding. * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersExtensionRef#name + * + * Support: Extended + * + * @schema HttpRouteSpecRulesFilters#urlRewrite */ - readonly name: string; + readonly urlRewrite?: HttpRouteSpecRulesFiltersUrlRewrite; } /** - * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersExtensionRef' to JSON representation. + * Converts an object of type 'HttpRouteSpecRulesFilters' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersExtensionRef(obj: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersExtensionRef | undefined): Record | undefined { +export function toJson_HttpRouteSpecRulesFilters(obj: HttpRouteSpecRulesFilters | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'group': obj.group, - 'kind': obj.kind, - 'name': obj.name, + 'extensionRef': toJson_HttpRouteSpecRulesFiltersExtensionRef(obj.extensionRef), + 'requestHeaderModifier': toJson_HttpRouteSpecRulesFiltersRequestHeaderModifier(obj.requestHeaderModifier), + 'requestMirror': toJson_HttpRouteSpecRulesFiltersRequestMirror(obj.requestMirror), + 'requestRedirect': toJson_HttpRouteSpecRulesFiltersRequestRedirect(obj.requestRedirect), + 'responseHeaderModifier': toJson_HttpRouteSpecRulesFiltersResponseHeaderModifier(obj.responseHeaderModifier), + 'type': obj.type, + 'urlRewrite': toJson_HttpRouteSpecRulesFiltersUrlRewrite(obj.urlRewrite), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -6858,102 +10695,85 @@ export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersExtensionRef( /* eslint-enable max-len, quote-props */ /** - * RequestHeaderModifier defines a schema for a filter that modifies request - * headers. + * HTTPRouteMatch defines the predicate used to match requests to a given + * action. Multiple match types are ANDed together, i.e. the match will + * evaluate to true only if all conditions are satisfied. * * - * Support: Core + * For example, the match below will match a HTTP request only if its path + * starts with `/foo` AND it contains the `version: v1` header: * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifier + * + * ``` + * match: + * + * + * path: + * value: "/foo" + * headers: + * - name: "version" + * value "v1" + * + * + * ``` + * + * @schema HttpRouteSpecRulesMatches */ -export interface GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifier { +export interface HttpRouteSpecRulesMatches { /** - * Add adds the given header(s) (name, value) to the request - * before the action. It appends to any existing values associated - * with the header name. - * - * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo - * - * - * Config: - * add: - * - name: "my-header" - * value: "bar,baz" - * - * - * Output: - * GET /foo HTTP/1.1 - * my-header: foo,bar,baz + * Headers specifies HTTP request header matchers. Multiple match values are + * ANDed together, meaning, a request must match all the specified headers + * to select the route. * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifier#add + * @schema HttpRouteSpecRulesMatches#headers */ - readonly add?: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierAdd[]; + readonly headers?: HttpRouteSpecRulesMatchesHeaders[]; /** - * Remove the given header(s) from the HTTP request before the action. The - * value of Remove is a list of HTTP header names. Note that the header - * names are case-insensitive (see - * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). - * - * - * Input: - * GET /foo HTTP/1.1 - * my-header1: foo - * my-header2: bar - * my-header3: baz - * - * - * Config: - * remove: ["my-header1", "my-header3"] + * Method specifies HTTP method matcher. + * When specified, this route will be matched only if the request has the + * specified method. * * - * Output: - * GET /foo HTTP/1.1 - * my-header2: bar + * Support: Extended * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifier#remove + * @schema HttpRouteSpecRulesMatches#method */ - readonly remove?: string[]; + readonly method?: HttpRouteSpecRulesMatchesMethod; /** - * Set overwrites the request with the given header (name, value) - * before the action. - * - * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo - * + * Path specifies a HTTP request path matcher. If this field is not + * specified, a default prefix match on the "/" path is provided. * - * Config: - * set: - * - name: "my-header" - * value: "bar" + * @schema HttpRouteSpecRulesMatches#path + */ + readonly path?: HttpRouteSpecRulesMatchesPath; + + /** + * QueryParams specifies HTTP query parameter matchers. Multiple match + * values are ANDed together, meaning, a request must match all the + * specified query parameters to select the route. * * - * Output: - * GET /foo HTTP/1.1 - * my-header: bar + * Support: Extended * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifier#set + * @schema HttpRouteSpecRulesMatches#queryParams */ - readonly set?: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierSet[]; + readonly queryParams?: HttpRouteSpecRulesMatchesQueryParams[]; } /** - * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifier' to JSON representation. + * Converts an object of type 'HttpRouteSpecRulesMatches' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifier(obj: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifier | undefined): Record | undefined { +export function toJson_HttpRouteSpecRulesMatches(obj: HttpRouteSpecRulesMatches | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'add': obj.add?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierAdd(y)), - 'remove': obj.remove?.map(y => y), - 'set': obj.set?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierSet(y)), + 'headers': obj.headers?.map(y => toJson_HttpRouteSpecRulesMatchesHeaders(y)), + 'method': obj.method, + 'path': toJson_HttpRouteSpecRulesMatchesPath(obj.path), + 'queryParams': obj.queryParams?.map(y => toJson_HttpRouteSpecRulesMatchesQueryParams(y)), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -6961,66 +10781,96 @@ export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeader /* eslint-enable max-len, quote-props */ /** - * RequestMirror defines a schema for a filter that mirrors requests. - * Requests are sent to the specified destination, but responses from - * that destination are ignored. + * SessionPersistence defines and configures session persistence + * for the route rule. * * - * This filter can be used multiple times within the same rule. Note that - * not all implementations will be able to support mirroring to multiple - * backends. + * Support: Extended * * - * Support: Extended * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirror + * + * @schema HttpRouteSpecRulesSessionPersistence */ -export interface GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirror { +export interface HttpRouteSpecRulesSessionPersistence { /** - * BackendRef references a resource where mirrored requests are sent. + * AbsoluteTimeout defines the absolute timeout of the persistent + * session. Once the AbsoluteTimeout duration has elapsed, the + * session becomes invalid. * * - * Mirrored requests must be sent only to a single destination endpoint - * within this BackendRef, irrespective of how many endpoints are present - * within this BackendRef. + * Support: Extended + * + * @schema HttpRouteSpecRulesSessionPersistence#absoluteTimeout + */ + readonly absoluteTimeout?: string; + + /** + * CookieConfig provides configuration settings that are specific + * to cookie-based session persistence. * * - * If the referent cannot be found, this BackendRef is invalid and must be - * dropped from the Gateway. The controller must ensure the "ResolvedRefs" - * condition on the Route status is set to `status: False` and not configure - * this backend in the underlying implementation. + * Support: Core * + * @schema HttpRouteSpecRulesSessionPersistence#cookieConfig + */ + readonly cookieConfig?: HttpRouteSpecRulesSessionPersistenceCookieConfig; + + /** + * IdleTimeout defines the idle timeout of the persistent session. + * Once the session has been idle for more than the specified + * IdleTimeout duration, the session becomes invalid. * - * If there is a cross-namespace reference to an *existing* object - * that is not allowed by a ReferenceGrant, the controller must ensure the - * "ResolvedRefs" condition on the Route is set to `status: False`, - * with the "RefNotPermitted" reason and not configure this backend in the - * underlying implementation. * + * Support: Extended * - * In either error case, the Message of the `ResolvedRefs` Condition - * should be used to provide more detail about the problem. + * @schema HttpRouteSpecRulesSessionPersistence#idleTimeout + */ + readonly idleTimeout?: string; + + /** + * SessionName defines the name of the persistent session token + * which may be reflected in the cookie or the header. Users + * should avoid reusing session names to prevent unintended + * consequences, such as rejection or unpredictable behavior. * * - * Support: Extended for Kubernetes Service + * Support: Implementation-specific * + * @schema HttpRouteSpecRulesSessionPersistence#sessionName + */ + readonly sessionName?: string; + + /** + * Type defines the type of session persistence such as through + * the use a header or cookie. Defaults to cookie based session + * persistence. * - * Support: Implementation-specific for any other resource * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirror#backendRef + * Support: Core for "Cookie" type + * + * + * Support: Extended for "Header" type + * + * @default cookie based session + * @schema HttpRouteSpecRulesSessionPersistence#type */ - readonly backendRef: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirrorBackendRef; + readonly type?: HttpRouteSpecRulesSessionPersistenceType; } /** - * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirror' to JSON representation. + * Converts an object of type 'HttpRouteSpecRulesSessionPersistence' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirror(obj: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirror | undefined): Record | undefined { +export function toJson_HttpRouteSpecRulesSessionPersistence(obj: HttpRouteSpecRulesSessionPersistence | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'backendRef': toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirrorBackendRef(obj.backendRef), + 'absoluteTimeout': obj.absoluteTimeout, + 'cookieConfig': toJson_HttpRouteSpecRulesSessionPersistenceCookieConfig(obj.cookieConfig), + 'idleTimeout': obj.idleTimeout, + 'sessionName': obj.sessionName, + 'type': obj.type, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -7028,102 +10878,87 @@ export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirror /* eslint-enable max-len, quote-props */ /** - * ResponseHeaderModifier defines a schema for a filter that modifies response - * headers. + * Timeouts defines the timeouts that can be configured for an HTTP request. * * * Support: Extended * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifier + * + * + * + * @schema HttpRouteSpecRulesTimeouts */ -export interface GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifier { +export interface HttpRouteSpecRulesTimeouts { /** - * Add adds the given header(s) (name, value) to the request - * before the action. It appends to any existing values associated - * with the header name. + * BackendRequest specifies a timeout for an individual request from the gateway + * to a backend. This covers the time from when the request first starts being + * sent from the gateway to when the full response has been received from the backend. * * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo + * Setting a timeout to the zero duration (e.g. "0s") SHOULD disable the timeout + * completely. Implementations that cannot completely disable the timeout MUST + * instead interpret the zero duration as the longest possible value to which + * the timeout can be set. * * - * Config: - * add: - * - name: "my-header" - * value: "bar,baz" + * An entire client HTTP transaction with a gateway, covered by the Request timeout, + * may result in more than one call from the gateway to the destination backend, + * for example, if automatic retries are supported. * * - * Output: - * GET /foo HTTP/1.1 - * my-header: foo,bar,baz + * Because the Request timeout encompasses the BackendRequest timeout, the value of + * BackendRequest must be <= the value of Request timeout. * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifier#add + * + * Support: Extended + * + * @schema HttpRouteSpecRulesTimeouts#backendRequest */ - readonly add?: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierAdd[]; + readonly backendRequest?: string; /** - * Remove the given header(s) from the HTTP request before the action. The - * value of Remove is a list of HTTP header names. Note that the header - * names are case-insensitive (see - * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). - * - * - * Input: - * GET /foo HTTP/1.1 - * my-header1: foo - * my-header2: bar - * my-header3: baz - * + * Request specifies the maximum duration for a gateway to respond to an HTTP request. + * If the gateway has not been able to respond before this deadline is met, the gateway + * MUST return a timeout error. * - * Config: - * remove: ["my-header1", "my-header3"] * + * For example, setting the `rules.timeouts.request` field to the value `10s` in an + * `HTTPRoute` will cause a timeout if a client request is taking longer than 10 seconds + * to complete. * - * Output: - * GET /foo HTTP/1.1 - * my-header2: bar * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifier#remove - */ - readonly remove?: string[]; - - /** - * Set overwrites the request with the given header (name, value) - * before the action. + * Setting a timeout to the zero duration (e.g. "0s") SHOULD disable the timeout + * completely. Implementations that cannot completely disable the timeout MUST + * instead interpret the zero duration as the longest possible value to which + * the timeout can be set. * * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo + * This timeout is intended to cover as close to the whole request-response transaction + * as possible although an implementation MAY choose to start the timeout after the entire + * request stream has been received instead of immediately after the transaction is + * initiated by the client. * * - * Config: - * set: - * - name: "my-header" - * value: "bar" + * When this field is unspecified, request timeout behavior is implementation-specific. * * - * Output: - * GET /foo HTTP/1.1 - * my-header: bar + * Support: Extended * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifier#set + * @schema HttpRouteSpecRulesTimeouts#request */ - readonly set?: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierSet[]; + readonly request?: string; } /** - * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifier' to JSON representation. + * Converts an object of type 'HttpRouteSpecRulesTimeouts' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifier(obj: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifier | undefined): Record | undefined { +export function toJson_HttpRouteSpecRulesTimeouts(obj: HttpRouteSpecRulesTimeouts | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'add': obj.add?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierAdd(y)), - 'remove': obj.remove?.map(y => y), - 'set': obj.set?.map(y => toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierSet(y)), + 'backendRequest': obj.backendRequest, + 'request': obj.request, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -7131,136 +10966,153 @@ export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeade /* eslint-enable max-len, quote-props */ /** - * Type identifies the type of filter to apply. As with other API fields, - * types are classified into three conformance levels: - * - * - * - Core: Filter types and their corresponding configuration defined by - * "Support: Core" in this package, e.g. "RequestHeaderModifier". All - * implementations supporting GRPCRoute MUST support core filters. - * - * - * - Extended: Filter types and their corresponding configuration defined by - * "Support: Extended" in this package, e.g. "RequestMirror". Implementers - * are encouraged to support extended filters. - * - * - * - Implementation-specific: Filters that are defined and supported by specific vendors. - * In the future, filters showing convergence in behavior across multiple - * implementations will be considered for inclusion in extended or core - * conformance levels. Filter-specific configuration for such filters - * is specified using the ExtensionRef field. `Type` MUST be set to - * "ExtensionRef" for custom filters. - * - * - * Implementers are encouraged to define custom implementation types to - * extend the core API with implementation-specific behavior. - * - * - * If a reference to a custom filter type cannot be resolved, the filter - * MUST NOT be skipped. Instead, requests that would have been processed by - * that filter MUST receive a HTTP error response. - * - * - * + * HTTPRouteFilter defines processing steps that must be completed during the + * request or response lifecycle. HTTPRouteFilters are meant as an extension + * point to express processing that may be done in Gateway implementations. Some + * examples include request or response modification, implementing + * authentication strategies, rate-limiting, and traffic shaping. API + * guarantee/conformance is defined based on the type of the filter. * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersType + * @schema HttpRouteSpecRulesBackendRefsFilters */ -export enum GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersType { - /** ResponseHeaderModifier */ - RESPONSE_HEADER_MODIFIER = "ResponseHeaderModifier", - /** RequestHeaderModifier */ - REQUEST_HEADER_MODIFIER = "RequestHeaderModifier", - /** RequestMirror */ - REQUEST_MIRROR = "RequestMirror", - /** ExtensionRef */ - EXTENSION_REF = "ExtensionRef", -} +export interface HttpRouteSpecRulesBackendRefsFilters { + /** + * ExtensionRef is an optional, implementation-specific extension to the + * "filter" behavior. For example, resource "myroutefilter" in group + * "networking.example.net"). ExtensionRef MUST NOT be used for core and + * extended filters. + * + * + * This filter can be used multiple times within the same rule. + * + * + * Support: Implementation-specific + * + * @schema HttpRouteSpecRulesBackendRefsFilters#extensionRef + */ + readonly extensionRef?: HttpRouteSpecRulesBackendRefsFiltersExtensionRef; -/** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. - * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierAdd - */ -export interface GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierAdd { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + * RequestHeaderModifier defines a schema for a filter that modifies request + * headers. * * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * Support: Core * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierAdd#name + * @schema HttpRouteSpecRulesBackendRefsFilters#requestHeaderModifier */ - readonly name: string; + readonly requestHeaderModifier?: HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifier; /** - * Value is the value of HTTP Header to be matched. + * RequestMirror defines a schema for a filter that mirrors requests. + * Requests are sent to the specified destination, but responses from + * that destination are ignored. + * + * + * This filter can be used multiple times within the same rule. Note that + * not all implementations will be able to support mirroring to multiple + * backends. + * + * + * Support: Extended + * + * @schema HttpRouteSpecRulesBackendRefsFilters#requestMirror + */ + readonly requestMirror?: HttpRouteSpecRulesBackendRefsFiltersRequestMirror; + + /** + * RequestRedirect defines a schema for a filter that responds to the + * request with an HTTP redirection. + * + * + * Support: Core + * + * @schema HttpRouteSpecRulesBackendRefsFilters#requestRedirect + */ + readonly requestRedirect?: HttpRouteSpecRulesBackendRefsFiltersRequestRedirect; + + /** + * ResponseHeaderModifier defines a schema for a filter that modifies response + * headers. + * + * + * Support: Extended * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierAdd#value + * @schema HttpRouteSpecRulesBackendRefsFilters#responseHeaderModifier */ - readonly value: string; - -} - -/** - * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierAdd' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierAdd(obj: GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierAdd | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'name': obj.name, - 'value': obj.value, - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ + readonly responseHeaderModifier?: HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifier; -/** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. - * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierSet - */ -export interface GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierSet { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + * Type identifies the type of filter to apply. As with other API fields, + * types are classified into three conformance levels: * * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * - Core: Filter types and their corresponding configuration defined by + * "Support: Core" in this package, e.g. "RequestHeaderModifier". All + * implementations must support core filters. * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierSet#name + * + * - Extended: Filter types and their corresponding configuration defined by + * "Support: Extended" in this package, e.g. "RequestMirror". Implementers + * are encouraged to support extended filters. + * + * + * - Implementation-specific: Filters that are defined and supported by + * specific vendors. + * In the future, filters showing convergence in behavior across multiple + * implementations will be considered for inclusion in extended or core + * conformance levels. Filter-specific configuration for such filters + * is specified using the ExtensionRef field. `Type` should be set to + * "ExtensionRef" for custom filters. + * + * + * Implementers are encouraged to define custom implementation types to + * extend the core API with implementation-specific behavior. + * + * + * If a reference to a custom filter type cannot be resolved, the filter + * MUST NOT be skipped. Instead, requests that would have been processed by + * that filter MUST receive a HTTP error response. + * + * + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. + * + * + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. + * + * @schema HttpRouteSpecRulesBackendRefsFilters#type */ - readonly name: string; + readonly type: HttpRouteSpecRulesBackendRefsFiltersType; /** - * Value is the value of HTTP Header to be matched. + * URLRewrite defines a schema for a filter that modifies a request during forwarding. * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierSet#value + * + * Support: Extended + * + * @schema HttpRouteSpecRulesBackendRefsFilters#urlRewrite */ - readonly value: string; + readonly urlRewrite?: HttpRouteSpecRulesBackendRefsFiltersUrlRewrite; } /** - * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierSet' to JSON representation. + * Converts an object of type 'HttpRouteSpecRulesBackendRefsFilters' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierSet(obj: GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierSet | undefined): Record | undefined { +export function toJson_HttpRouteSpecRulesBackendRefsFilters(obj: HttpRouteSpecRulesBackendRefsFilters | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'name': obj.name, - 'value': obj.value, + 'extensionRef': toJson_HttpRouteSpecRulesBackendRefsFiltersExtensionRef(obj.extensionRef), + 'requestHeaderModifier': toJson_HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifier(obj.requestHeaderModifier), + 'requestMirror': toJson_HttpRouteSpecRulesBackendRefsFiltersRequestMirror(obj.requestMirror), + 'requestRedirect': toJson_HttpRouteSpecRulesBackendRefsFiltersRequestRedirect(obj.requestRedirect), + 'responseHeaderModifier': toJson_HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifier(obj.responseHeaderModifier), + 'type': obj.type, + 'urlRewrite': toJson_HttpRouteSpecRulesBackendRefsFiltersUrlRewrite(obj.urlRewrite), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -7268,121 +11120,54 @@ export function toJson_GrpcRouteV1Alpha2SpecRulesFiltersRequestHeaderModifierSet /* eslint-enable max-len, quote-props */ /** - * BackendRef references a resource where mirrored requests are sent. - * - * - * Mirrored requests must be sent only to a single destination endpoint - * within this BackendRef, irrespective of how many endpoints are present - * within this BackendRef. - * - * - * If the referent cannot be found, this BackendRef is invalid and must be - * dropped from the Gateway. The controller must ensure the "ResolvedRefs" - * condition on the Route status is set to `status: False` and not configure - * this backend in the underlying implementation. - * - * - * If there is a cross-namespace reference to an *existing* object - * that is not allowed by a ReferenceGrant, the controller must ensure the - * "ResolvedRefs" condition on the Route is set to `status: False`, - * with the "RefNotPermitted" reason and not configure this backend in the - * underlying implementation. - * - * - * In either error case, the Message of the `ResolvedRefs` Condition - * should be used to provide more detail about the problem. + * ExtensionRef is an optional, implementation-specific extension to the + * "filter" behavior. For example, resource "myroutefilter" in group + * "networking.example.net"). ExtensionRef MUST NOT be used for core and + * extended filters. * * - * Support: Extended for Kubernetes Service + * This filter can be used multiple times within the same rule. * * - * Support: Implementation-specific for any other resource + * Support: Implementation-specific * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestMirrorBackendRef + * @schema HttpRouteSpecRulesFiltersExtensionRef */ -export interface GrpcRouteV1Alpha2SpecRulesFiltersRequestMirrorBackendRef { +export interface HttpRouteSpecRulesFiltersExtensionRef { /** * Group is the group of the referent. For example, "gateway.networking.k8s.io". * When unspecified or empty string, core API group is inferred. * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestMirrorBackendRef#group + * @schema HttpRouteSpecRulesFiltersExtensionRef#group */ - readonly group?: string; + readonly group: string; /** - * Kind is the Kubernetes resource kind of the referent. For example - * "Service". - * - * - * Defaults to "Service" when not specified. - * - * - * ExternalName services can refer to CNAME DNS records that may live - * outside of the cluster and as such are difficult to reason about in - * terms of conformance. They also may not be safe to forward to (see - * CVE-2021-25740 for more information). Implementations SHOULD NOT - * support ExternalName Services. - * - * - * Support: Core (Services with a type other than ExternalName) - * - * - * Support: Implementation-specific (Services with type ExternalName) + * Kind is kind of the referent. For example "HTTPRoute" or "Service". * - * @default Service" when not specified. - * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestMirrorBackendRef#kind + * @schema HttpRouteSpecRulesFiltersExtensionRef#kind */ - readonly kind?: string; + readonly kind: string; /** * Name is the name of the referent. * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestMirrorBackendRef#name + * @schema HttpRouteSpecRulesFiltersExtensionRef#name */ readonly name: string; - /** - * Namespace is the namespace of the backend. When unspecified, the local - * namespace is inferred. - * - * - * Note that when a namespace different than the local namespace is specified, - * a ReferenceGrant object is required in the referent namespace to allow that - * namespace's owner to accept the reference. See the ReferenceGrant - * documentation for details. - * - * - * Support: Core - * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestMirrorBackendRef#namespace - */ - readonly namespace?: string; - - /** - * Port specifies the destination port number to use for this resource. - * Port is required when the referent is a Kubernetes Service. In this - * case, the port number is the service port number, not the target port. - * For other resources, destination port might be derived from the referent - * resource or this field. - * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersRequestMirrorBackendRef#port - */ - readonly port?: number; - } /** - * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesFiltersRequestMirrorBackendRef' to JSON representation. + * Converts an object of type 'HttpRouteSpecRulesFiltersExtensionRef' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecRulesFiltersRequestMirrorBackendRef(obj: GrpcRouteV1Alpha2SpecRulesFiltersRequestMirrorBackendRef | undefined): Record | undefined { +export function toJson_HttpRouteSpecRulesFiltersExtensionRef(obj: HttpRouteSpecRulesFiltersExtensionRef | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { 'group': obj.group, 'kind': obj.kind, 'name': obj.name, - 'namespace': obj.namespace, - 'port': obj.port, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -7390,89 +11175,102 @@ export function toJson_GrpcRouteV1Alpha2SpecRulesFiltersRequestMirrorBackendRef( /* eslint-enable max-len, quote-props */ /** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * RequestHeaderModifier defines a schema for a filter that modifies request + * headers. * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierAdd + * + * Support: Core + * + * @schema HttpRouteSpecRulesFiltersRequestHeaderModifier */ -export interface GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierAdd { +export interface HttpRouteSpecRulesFiltersRequestHeaderModifier { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + * Add adds the given header(s) (name, value) to the request + * before the action. It appends to any existing values associated + * with the header name. * * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * Input: + * GET /foo HTTP/1.1 + * my-header: foo * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierAdd#name - */ - readonly name: string; - - /** - * Value is the value of HTTP Header to be matched. * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierAdd#value + * Config: + * add: + * - name: "my-header" + * value: "bar,baz" + * + * + * Output: + * GET /foo HTTP/1.1 + * my-header: foo,bar,baz + * + * @schema HttpRouteSpecRulesFiltersRequestHeaderModifier#add */ - readonly value: string; - -} - -/** - * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierAdd' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierAdd(obj: GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierAdd | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'name': obj.name, - 'value': obj.value, - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ + readonly add?: HttpRouteSpecRulesFiltersRequestHeaderModifierAdd[]; -/** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. - * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierSet - */ -export interface GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierSet { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + * Remove the given header(s) from the HTTP request before the action. The + * value of Remove is a list of HTTP header names. Note that the header + * names are case-insensitive (see + * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). * * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * Input: + * GET /foo HTTP/1.1 + * my-header1: foo + * my-header2: bar + * my-header3: baz * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierSet#name + * + * Config: + * remove: ["my-header1", "my-header3"] + * + * + * Output: + * GET /foo HTTP/1.1 + * my-header2: bar + * + * @schema HttpRouteSpecRulesFiltersRequestHeaderModifier#remove */ - readonly name: string; + readonly remove?: string[]; /** - * Value is the value of HTTP Header to be matched. + * Set overwrites the request with the given header (name, value) + * before the action. * - * @schema GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierSet#value + * + * Input: + * GET /foo HTTP/1.1 + * my-header: foo + * + * + * Config: + * set: + * - name: "my-header" + * value: "bar" + * + * + * Output: + * GET /foo HTTP/1.1 + * my-header: bar + * + * @schema HttpRouteSpecRulesFiltersRequestHeaderModifier#set */ - readonly value: string; + readonly set?: HttpRouteSpecRulesFiltersRequestHeaderModifierSet[]; } /** - * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierSet' to JSON representation. + * Converts an object of type 'HttpRouteSpecRulesFiltersRequestHeaderModifier' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierSet(obj: GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierSet | undefined): Record | undefined { +export function toJson_HttpRouteSpecRulesFiltersRequestHeaderModifier(obj: HttpRouteSpecRulesFiltersRequestHeaderModifier | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'name': obj.name, - 'value': obj.value, + 'add': obj.add?.map(y => toJson_HttpRouteSpecRulesFiltersRequestHeaderModifierAdd(y)), + 'remove': obj.remove?.map(y => y), + 'set': obj.set?.map(y => toJson_HttpRouteSpecRulesFiltersRequestHeaderModifierSet(y)), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -7480,75 +11278,66 @@ export function toJson_GrpcRouteV1Alpha2SpecRulesFiltersResponseHeaderModifierSe /* eslint-enable max-len, quote-props */ /** - * Type specifies how to match against the value of the header. - * - * @schema GrpcRouteV1Alpha2SpecRulesMatchesHeadersType - */ -export enum GrpcRouteV1Alpha2SpecRulesMatchesHeadersType { - /** Exact */ - EXACT = "Exact", - /** RegularExpression */ - REGULAR_EXPRESSION = "RegularExpression", -} - -/** - * Type specifies how to match against the service and/or method. - * Support: Core (Exact with service and method specified) - * + * RequestMirror defines a schema for a filter that mirrors requests. + * Requests are sent to the specified destination, but responses from + * that destination are ignored. * - * Support: Implementation-specific (Exact with method specified but no service specified) * + * This filter can be used multiple times within the same rule. Note that + * not all implementations will be able to support mirroring to multiple + * backends. * - * Support: Implementation-specific (RegularExpression) * - * @schema GrpcRouteV1Alpha2SpecRulesMatchesMethodType - */ -export enum GrpcRouteV1Alpha2SpecRulesMatchesMethodType { - /** Exact */ - EXACT = "Exact", - /** RegularExpression */ - REGULAR_EXPRESSION = "RegularExpression", -} - -/** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * Support: Extended * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierAdd + * @schema HttpRouteSpecRulesFiltersRequestMirror */ -export interface GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierAdd { +export interface HttpRouteSpecRulesFiltersRequestMirror { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + * BackendRef references a resource where mirrored requests are sent. * * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * Mirrored requests must be sent only to a single destination endpoint + * within this BackendRef, irrespective of how many endpoints are present + * within this BackendRef. * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierAdd#name - */ - readonly name: string; - - /** - * Value is the value of HTTP Header to be matched. * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierAdd#value + * If the referent cannot be found, this BackendRef is invalid and must be + * dropped from the Gateway. The controller must ensure the "ResolvedRefs" + * condition on the Route status is set to `status: False` and not configure + * this backend in the underlying implementation. + * + * + * If there is a cross-namespace reference to an *existing* object + * that is not allowed by a ReferenceGrant, the controller must ensure the + * "ResolvedRefs" condition on the Route is set to `status: False`, + * with the "RefNotPermitted" reason and not configure this backend in the + * underlying implementation. + * + * + * In either error case, the Message of the `ResolvedRefs` Condition + * should be used to provide more detail about the problem. + * + * + * Support: Extended for Kubernetes Service + * + * + * Support: Implementation-specific for any other resource + * + * @schema HttpRouteSpecRulesFiltersRequestMirror#backendRef */ - readonly value: string; + readonly backendRef: HttpRouteSpecRulesFiltersRequestMirrorBackendRef; } /** - * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierAdd' to JSON representation. + * Converts an object of type 'HttpRouteSpecRulesFiltersRequestMirror' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierAdd(obj: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierAdd | undefined): Record | undefined { +export function toJson_HttpRouteSpecRulesFiltersRequestMirror(obj: HttpRouteSpecRulesFiltersRequestMirror | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'name': obj.name, - 'value': obj.value, + 'backendRef': toJson_HttpRouteSpecRulesFiltersRequestMirrorBackendRef(obj.backendRef), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -7556,166 +11345,129 @@ export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeader /* eslint-enable max-len, quote-props */ /** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * RequestRedirect defines a schema for a filter that responds to the + * request with an HTTP redirection. * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierSet + * + * Support: Core + * + * @schema HttpRouteSpecRulesFiltersRequestRedirect */ -export interface GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierSet { +export interface HttpRouteSpecRulesFiltersRequestRedirect { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + * Hostname is the hostname to be used in the value of the `Location` + * header in the response. + * When empty, the hostname in the `Host` header of the request is used. * * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * Support: Core * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierSet#name + * @schema HttpRouteSpecRulesFiltersRequestRedirect#hostname */ - readonly name: string; + readonly hostname?: string; /** - * Value is the value of HTTP Header to be matched. + * Path defines parameters used to modify the path of the incoming request. + * The modified path is then used to construct the `Location` header. When + * empty, the request path is used as-is. * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierSet#value + * + * Support: Extended + * + * @schema HttpRouteSpecRulesFiltersRequestRedirect#path */ - readonly value: string; - -} - -/** - * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierSet' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierSet(obj: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestHeaderModifierSet | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'name': obj.name, - 'value': obj.value, - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ + readonly path?: HttpRouteSpecRulesFiltersRequestRedirectPath; -/** - * BackendRef references a resource where mirrored requests are sent. - * - * - * Mirrored requests must be sent only to a single destination endpoint - * within this BackendRef, irrespective of how many endpoints are present - * within this BackendRef. - * - * - * If the referent cannot be found, this BackendRef is invalid and must be - * dropped from the Gateway. The controller must ensure the "ResolvedRefs" - * condition on the Route status is set to `status: False` and not configure - * this backend in the underlying implementation. - * - * - * If there is a cross-namespace reference to an *existing* object - * that is not allowed by a ReferenceGrant, the controller must ensure the - * "ResolvedRefs" condition on the Route is set to `status: False`, - * with the "RefNotPermitted" reason and not configure this backend in the - * underlying implementation. - * - * - * In either error case, the Message of the `ResolvedRefs` Condition - * should be used to provide more detail about the problem. - * - * - * Support: Extended for Kubernetes Service - * - * - * Support: Implementation-specific for any other resource - * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirrorBackendRef - */ -export interface GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirrorBackendRef { /** - * Group is the group of the referent. For example, "gateway.networking.k8s.io". - * When unspecified or empty string, core API group is inferred. + * Port is the port to be used in the value of the `Location` + * header in the response. + * + * + * If no port is specified, the redirect port MUST be derived using the + * following rules: + * + * + * * If redirect scheme is not-empty, the redirect port MUST be the well-known + * port associated with the redirect scheme. Specifically "http" to port 80 + * and "https" to port 443. If the redirect scheme does not have a + * well-known port, the listener port of the Gateway SHOULD be used. + * * If redirect scheme is empty, the redirect port MUST be the Gateway + * Listener port. * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirrorBackendRef#group + * + * Implementations SHOULD NOT add the port number in the 'Location' + * header in the following cases: + * + * + * * A Location header that will use HTTP (whether that is determined via + * the Listener protocol or the Scheme field) _and_ use port 80. + * * A Location header that will use HTTPS (whether that is determined via + * the Listener protocol or the Scheme field) _and_ use port 443. + * + * + * Support: Extended + * + * @schema HttpRouteSpecRulesFiltersRequestRedirect#port */ - readonly group?: string; + readonly port?: number; /** - * Kind is the Kubernetes resource kind of the referent. For example - * "Service". + * Scheme is the scheme to be used in the value of the `Location` header in + * the response. When empty, the scheme of the request is used. * * - * Defaults to "Service" when not specified. + * Scheme redirects can affect the port of the redirect, for more information, + * refer to the documentation for the port field of this filter. * * - * ExternalName services can refer to CNAME DNS records that may live - * outside of the cluster and as such are difficult to reason about in - * terms of conformance. They also may not be safe to forward to (see - * CVE-2021-25740 for more information). Implementations SHOULD NOT - * support ExternalName Services. + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. * * - * Support: Core (Services with a type other than ExternalName) + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. * * - * Support: Implementation-specific (Services with type ExternalName) + * Support: Extended * - * @default Service" when not specified. - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirrorBackendRef#kind + * @schema HttpRouteSpecRulesFiltersRequestRedirect#scheme */ - readonly kind?: string; + readonly scheme?: HttpRouteSpecRulesFiltersRequestRedirectScheme; /** - * Name is the name of the referent. + * StatusCode is the HTTP status code to be used in response. * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirrorBackendRef#name - */ - readonly name: string; - - /** - * Namespace is the namespace of the backend. When unspecified, the local - * namespace is inferred. * + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. * - * Note that when a namespace different than the local namespace is specified, - * a ReferenceGrant object is required in the referent namespace to allow that - * namespace's owner to accept the reference. See the ReferenceGrant - * documentation for details. * + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. * - * Support: Core * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirrorBackendRef#namespace - */ - readonly namespace?: string; - - /** - * Port specifies the destination port number to use for this resource. - * Port is required when the referent is a Kubernetes Service. In this - * case, the port number is the service port number, not the target port. - * For other resources, destination port might be derived from the referent - * resource or this field. + * Support: Core * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirrorBackendRef#port + * @schema HttpRouteSpecRulesFiltersRequestRedirect#statusCode */ - readonly port?: number; + readonly statusCode?: HttpRouteSpecRulesFiltersRequestRedirectStatusCode; } /** - * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirrorBackendRef' to JSON representation. + * Converts an object of type 'HttpRouteSpecRulesFiltersRequestRedirect' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirrorBackendRef(obj: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirrorBackendRef | undefined): Record | undefined { +export function toJson_HttpRouteSpecRulesFiltersRequestRedirect(obj: HttpRouteSpecRulesFiltersRequestRedirect | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'group': obj.group, - 'kind': obj.kind, - 'name': obj.name, - 'namespace': obj.namespace, + 'hostname': obj.hostname, + 'path': toJson_HttpRouteSpecRulesFiltersRequestRedirectPath(obj.path), 'port': obj.port, + 'scheme': obj.scheme, + 'statusCode': obj.statusCode, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -7723,44 +11475,102 @@ export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersRequestMirror /* eslint-enable max-len, quote-props */ /** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * ResponseHeaderModifier defines a schema for a filter that modifies response + * headers. * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierAdd + * + * Support: Extended + * + * @schema HttpRouteSpecRulesFiltersResponseHeaderModifier */ -export interface GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierAdd { +export interface HttpRouteSpecRulesFiltersResponseHeaderModifier { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + * Add adds the given header(s) (name, value) to the request + * before the action. It appends to any existing values associated + * with the header name. * * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * Input: + * GET /foo HTTP/1.1 + * my-header: foo * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierAdd#name + * + * Config: + * add: + * - name: "my-header" + * value: "bar,baz" + * + * + * Output: + * GET /foo HTTP/1.1 + * my-header: foo,bar,baz + * + * @schema HttpRouteSpecRulesFiltersResponseHeaderModifier#add */ - readonly name: string; + readonly add?: HttpRouteSpecRulesFiltersResponseHeaderModifierAdd[]; /** - * Value is the value of HTTP Header to be matched. + * Remove the given header(s) from the HTTP request before the action. The + * value of Remove is a list of HTTP header names. Note that the header + * names are case-insensitive (see + * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierAdd#value + * + * Input: + * GET /foo HTTP/1.1 + * my-header1: foo + * my-header2: bar + * my-header3: baz + * + * + * Config: + * remove: ["my-header1", "my-header3"] + * + * + * Output: + * GET /foo HTTP/1.1 + * my-header2: bar + * + * @schema HttpRouteSpecRulesFiltersResponseHeaderModifier#remove */ - readonly value: string; + readonly remove?: string[]; + + /** + * Set overwrites the request with the given header (name, value) + * before the action. + * + * + * Input: + * GET /foo HTTP/1.1 + * my-header: foo + * + * + * Config: + * set: + * - name: "my-header" + * value: "bar" + * + * + * Output: + * GET /foo HTTP/1.1 + * my-header: bar + * + * @schema HttpRouteSpecRulesFiltersResponseHeaderModifier#set + */ + readonly set?: HttpRouteSpecRulesFiltersResponseHeaderModifierSet[]; } /** - * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierAdd' to JSON representation. + * Converts an object of type 'HttpRouteSpecRulesFiltersResponseHeaderModifier' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierAdd(obj: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierAdd | undefined): Record | undefined { +export function toJson_HttpRouteSpecRulesFiltersResponseHeaderModifier(obj: HttpRouteSpecRulesFiltersResponseHeaderModifier | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'name': obj.name, - 'value': obj.value, + 'add': obj.add?.map(y => toJson_HttpRouteSpecRulesFiltersResponseHeaderModifierAdd(y)), + 'remove': obj.remove?.map(y => y), + 'set': obj.set?.map(y => toJson_HttpRouteSpecRulesFiltersResponseHeaderModifierSet(y)), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -7768,140 +11578,177 @@ export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeade /* eslint-enable max-len, quote-props */ /** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * Type identifies the type of filter to apply. As with other API fields, + * types are classified into three conformance levels: * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierSet + * + * - Core: Filter types and their corresponding configuration defined by + * "Support: Core" in this package, e.g. "RequestHeaderModifier". All + * implementations must support core filters. + * + * + * - Extended: Filter types and their corresponding configuration defined by + * "Support: Extended" in this package, e.g. "RequestMirror". Implementers + * are encouraged to support extended filters. + * + * + * - Implementation-specific: Filters that are defined and supported by + * specific vendors. + * In the future, filters showing convergence in behavior across multiple + * implementations will be considered for inclusion in extended or core + * conformance levels. Filter-specific configuration for such filters + * is specified using the ExtensionRef field. `Type` should be set to + * "ExtensionRef" for custom filters. + * + * + * Implementers are encouraged to define custom implementation types to + * extend the core API with implementation-specific behavior. + * + * + * If a reference to a custom filter type cannot be resolved, the filter + * MUST NOT be skipped. Instead, requests that would have been processed by + * that filter MUST receive a HTTP error response. + * + * + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. + * + * + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. + * + * @schema HttpRouteSpecRulesFiltersType */ -export interface GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierSet { +export enum HttpRouteSpecRulesFiltersType { + /** RequestHeaderModifier */ + REQUEST_HEADER_MODIFIER = "RequestHeaderModifier", + /** ResponseHeaderModifier */ + RESPONSE_HEADER_MODIFIER = "ResponseHeaderModifier", + /** RequestMirror */ + REQUEST_MIRROR = "RequestMirror", + /** RequestRedirect */ + REQUEST_REDIRECT = "RequestRedirect", + /** URLRewrite */ + URL_REWRITE = "URLRewrite", + /** ExtensionRef */ + EXTENSION_REF = "ExtensionRef", +} + +/** + * URLRewrite defines a schema for a filter that modifies a request during forwarding. + * + * + * Support: Extended + * + * @schema HttpRouteSpecRulesFiltersUrlRewrite + */ +export interface HttpRouteSpecRulesFiltersUrlRewrite { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + * Hostname is the value to be used to replace the Host header value during + * forwarding. * * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * Support: Extended * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierSet#name + * @schema HttpRouteSpecRulesFiltersUrlRewrite#hostname */ - readonly name: string; + readonly hostname?: string; /** - * Value is the value of HTTP Header to be matched. + * Path defines a path rewrite. * - * @schema GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierSet#value + * + * Support: Extended + * + * @schema HttpRouteSpecRulesFiltersUrlRewrite#path */ - readonly value: string; + readonly path?: HttpRouteSpecRulesFiltersUrlRewritePath; } /** - * Converts an object of type 'GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierSet' to JSON representation. + * Converts an object of type 'HttpRouteSpecRulesFiltersUrlRewrite' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierSet(obj: GrpcRouteV1Alpha2SpecRulesBackendRefsFiltersResponseHeaderModifierSet | undefined): Record | undefined { +export function toJson_HttpRouteSpecRulesFiltersUrlRewrite(obj: HttpRouteSpecRulesFiltersUrlRewrite | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'name': obj.name, - 'value': obj.value, + 'hostname': obj.hostname, + 'path': toJson_HttpRouteSpecRulesFiltersUrlRewritePath(obj.path), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ - /** - * HTTPRoute provides a way to route HTTP requests. This includes the capability -to match requests by hostname, path, header, or query param. Filters can be -used to specify additional processing steps. Backends specify where matching -requests should be routed. + * HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request + * headers. * - * @schema HTTPRoute + * @schema HttpRouteSpecRulesMatchesHeaders */ -export class HttpRoute extends ApiObject { - /** - * Returns the apiVersion and kind for "HTTPRoute" - */ - public static readonly GVK: GroupVersionKind = { - apiVersion: 'gateway.networking.k8s.io/v1', - kind: 'HTTPRoute', - } - +export interface HttpRouteSpecRulesMatchesHeaders { /** - * Renders a Kubernetes manifest for "HTTPRoute". + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * - * This can be used to inline resource manifests inside other objects (e.g. as templates). * - * @param props initialization props - */ - public static manifest(props: HttpRouteProps): any { - return { - ...HttpRoute.GVK, - ...toJson_HttpRouteProps(props), - }; - } - - /** - * Defines a "HTTPRoute" API object - * @param scope the scope in which to define this object - * @param id a scope-local name for the object - * @param props initialization props - */ - public constructor(scope: Construct, id: string, props: HttpRouteProps) { - super(scope, id, { - ...HttpRoute.GVK, - ...props, - }); - } - - /** - * Renders the object to Kubernetes JSON. + * If multiple entries specify equivalent header names, only the first + * entry with an equivalent name MUST be considered for a match. Subsequent + * entries with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. + * + * + * When a header is repeated in an HTTP request, it is + * implementation-specific behavior as to how this is represented. + * Generally, proxies should follow the guidance from the RFC: + * https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding + * processing a repeated header, with special handling for "Set-Cookie". + * + * @schema HttpRouteSpecRulesMatchesHeaders#name */ - public toJson(): any { - const resolved = super.toJson(); - - return { - ...HttpRoute.GVK, - ...toJson_HttpRouteProps(resolved), - }; - } -} + readonly name: string; -/** - * HTTPRoute provides a way to route HTTP requests. This includes the capability - * to match requests by hostname, path, header, or query param. Filters can be - * used to specify additional processing steps. Backends specify where matching - * requests should be routed. - * - * @schema HTTPRoute - */ -export interface HttpRouteProps { /** - * @schema HTTPRoute#metadata + * Type specifies how to match against the value of the header. + * + * + * Support: Core (Exact) + * + * + * Support: Implementation-specific (RegularExpression) + * + * + * Since RegularExpression HeaderMatchType has implementation-specific + * conformance, implementations can support POSIX, PCRE or any other dialects + * of regular expressions. Please read the implementation's documentation to + * determine the supported dialect. + * + * @schema HttpRouteSpecRulesMatchesHeaders#type */ - readonly metadata?: ApiObjectMetadata; + readonly type?: HttpRouteSpecRulesMatchesHeadersType; /** - * Spec defines the desired state of HTTPRoute. + * Value is the value of HTTP Header to be matched. * - * @schema HTTPRoute#spec + * @schema HttpRouteSpecRulesMatchesHeaders#value */ - readonly spec: HttpRouteSpec; + readonly value: string; } /** - * Converts an object of type 'HttpRouteProps' to JSON representation. + * Converts an object of type 'HttpRouteSpecRulesMatchesHeaders' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteProps(obj: HttpRouteProps | undefined): Record | undefined { +export function toJson_HttpRouteSpecRulesMatchesHeaders(obj: HttpRouteSpecRulesMatchesHeaders | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'metadata': obj.metadata, - 'spec': toJson_HttpRouteSpec(obj.spec), + 'name': obj.name, + 'type': obj.type, + 'value': obj.value, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -7909,174 +11756,204 @@ export function toJson_HttpRouteProps(obj: HttpRouteProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'type': obj.type, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP + * query parameters. + * + * @schema HttpRouteSpecRulesMatchesQueryParams + */ +export interface HttpRouteSpecRulesMatchesQueryParams { + /** + * Name is the name of the HTTP query param to be matched. This must be an + * exact string match. (See + * https://tools.ietf.org/html/rfc7230#section-2.7.3). * * - * ParentRefs must be _distinct_. This means either that: + * If multiple entries specify equivalent query param names, only the first + * entry with an equivalent name MUST be considered for a match. Subsequent + * entries with an equivalent query param name MUST be ignored. * * - * * They select different objects. If this is the case, then parentRef - * entries are distinct. In terms of fields, this means that the - * multi-part key defined by `group`, `kind`, `namespace`, and `name` must - * be unique across all parentRef entries in the Route. - * * They do not select different objects, but for each optional field used, - * each ParentRef that selects the same object must set the same set of - * optional fields to different values. If one ParentRef sets a - * combination of optional fields, all must set the same combination. + * If a query param is repeated in an HTTP request, the behavior is + * purposely left undefined, since different data planes have different + * capabilities. However, it is *recommended* that implementations should + * match against the first value of the param if the data plane supports it, + * as this behavior is expected in other load balancing contexts outside of + * the Gateway API. * * - * Some examples: + * Users SHOULD NOT route traffic based on repeated query params to guard + * themselves against potential differences in the implementations. * + * @schema HttpRouteSpecRulesMatchesQueryParams#name + */ + readonly name: string; + + /** + * Type specifies how to match against the value of the query parameter. * - * * If one ParentRef sets `sectionName`, all ParentRefs referencing the - * same object must also set `sectionName`. - * * If one ParentRef sets `port`, all ParentRefs referencing the same - * object must also set `port`. - * * If one ParentRef sets `sectionName` and `port`, all ParentRefs - * referencing the same object must also set `sectionName` and `port`. * + * Support: Extended (Exact) * - * It is possible to separately reference multiple distinct objects that may - * be collapsed by an implementation. For example, some implementations may - * choose to merge compatible Gateway Listeners together. If that is the - * case, the list of routes attached to those resources should also be - * merged. * + * Support: Implementation-specific (RegularExpression) * - * Note that for ParentRefs that cross namespace boundaries, there are specific - * rules. Cross-namespace references are only valid if they are explicitly - * allowed by something in the namespace they are referring to. For example, - * Gateway has the AllowedRoutes field, and ReferenceGrant provides a - * generic way to enable other kinds of cross-namespace reference. * + * Since RegularExpression QueryParamMatchType has Implementation-specific + * conformance, implementations can support POSIX, PCRE or any other + * dialects of regular expressions. Please read the implementation's + * documentation to determine the supported dialect. + * + * @schema HttpRouteSpecRulesMatchesQueryParams#type + */ + readonly type?: HttpRouteSpecRulesMatchesQueryParamsType; + + /** + * Value is the value of HTTP query param to be matched. * + * @schema HttpRouteSpecRulesMatchesQueryParams#value + */ + readonly value: string; + +} + +/** + * Converts an object of type 'HttpRouteSpecRulesMatchesQueryParams' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_HttpRouteSpecRulesMatchesQueryParams(obj: HttpRouteSpecRulesMatchesQueryParams | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'type': obj.type, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * CookieConfig provides configuration settings that are specific + * to cookie-based session persistence. + * + * + * Support: Core + * + * @schema HttpRouteSpecRulesSessionPersistenceCookieConfig + */ +export interface HttpRouteSpecRulesSessionPersistenceCookieConfig { + /** + * LifetimeType specifies whether the cookie has a permanent or + * session-based lifetime. A permanent cookie persists until its + * specified expiry time, defined by the Expires or Max-Age cookie + * attributes, while a session cookie is deleted when the current + * session ends. * * + * When set to "Permanent", AbsoluteTimeout indicates the + * cookie's lifetime via the Expires or Max-Age cookie attributes + * and is required. * * + * When set to "Session", AbsoluteTimeout indicates the + * absolute lifetime of the cookie tracked by the gateway and + * is optional. * * + * Support: Core for "Session" type * * - * @schema HttpRouteSpec#parentRefs - */ - readonly parentRefs?: HttpRouteSpecParentRefs[]; - - /** - * Rules are a list of HTTP matchers, filters and actions. + * Support: Extended for "Permanent" type * - * @schema HttpRouteSpec#rules + * @schema HttpRouteSpecRulesSessionPersistenceCookieConfig#lifetimeType */ - readonly rules?: HttpRouteSpecRules[]; + readonly lifetimeType?: HttpRouteSpecRulesSessionPersistenceCookieConfigLifetimeType; } /** - * Converts an object of type 'HttpRouteSpec' to JSON representation. + * Converts an object of type 'HttpRouteSpecRulesSessionPersistenceCookieConfig' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpec(obj: HttpRouteSpec | undefined): Record | undefined { +export function toJson_HttpRouteSpecRulesSessionPersistenceCookieConfig(obj: HttpRouteSpecRulesSessionPersistenceCookieConfig | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'hostnames': obj.hostnames?.map(y => y), - 'parentRefs': obj.parentRefs?.map(y => toJson_HttpRouteSpecParentRefs(y)), - 'rules': obj.rules?.map(y => toJson_HttpRouteSpecRules(y)), + 'lifetimeType': obj.lifetimeType, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -8084,172 +11961,245 @@ export function toJson_HttpRouteSpec(obj: HttpRouteSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * RequestHeaderModifier defines a schema for a filter that modifies request + * headers. + * + * + * Support: Core + * + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifier + */ +export interface HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifier { + /** + * Add adds the given header(s) (name, value) to the request + * before the action. It appends to any existing values associated + * with the header name. * - * * Gateway (Gateway conformance profile) - * * Service (Mesh conformance profile, ClusterIP Services only) * + * Input: + * GET /foo HTTP/1.1 + * my-header: foo * - * Support for other resources is Implementation-Specific. * - * @schema HttpRouteSpecParentRefs#kind - */ - readonly kind?: string; - - /** - * Name is the name of the referent. + * Config: + * add: + * - name: "my-header" + * value: "bar,baz" * * - * Support: Core + * Output: + * GET /foo HTTP/1.1 + * my-header: foo,bar,baz * - * @schema HttpRouteSpecParentRefs#name + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifier#add */ - readonly name: string; + readonly add?: HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd[]; /** - * Namespace is the namespace of the referent. When unspecified, this refers - * to the local namespace of the Route. - * + * Remove the given header(s) from the HTTP request before the action. The + * value of Remove is a list of HTTP header names. Note that the header + * names are case-insensitive (see + * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). * - * Note that there are specific rules for ParentRefs which cross namespace - * boundaries. Cross-namespace references are only valid if they are explicitly - * allowed by something in the namespace they are referring to. For example: - * Gateway has the AllowedRoutes field, and ReferenceGrant provides a - * generic way to enable any other kind of cross-namespace reference. * + * Input: + * GET /foo HTTP/1.1 + * my-header1: foo + * my-header2: bar + * my-header3: baz * * + * Config: + * remove: ["my-header1", "my-header3"] * * - * Support: Core + * Output: + * GET /foo HTTP/1.1 + * my-header2: bar * - * @schema HttpRouteSpecParentRefs#namespace + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifier#remove */ - readonly namespace?: string; + readonly remove?: string[]; /** - * Port is the network port this Route targets. It can be interpreted - * differently based on the type of parent resource. - * + * Set overwrites the request with the given header (name, value) + * before the action. * - * When the parent resource is a Gateway, this targets all listeners - * listening on the specified port that also support this kind of Route(and - * select this Route). It's not recommended to set `Port` unless the - * networking behaviors specified in a Route must apply to a specific port - * as opposed to a listener(s) whose port(s) may be changed. When both Port - * and SectionName are specified, the name and port of the selected listener - * must match both specified values. * + * Input: + * GET /foo HTTP/1.1 + * my-header: foo * * + * Config: + * set: + * - name: "my-header" + * value: "bar" * * - * Implementations MAY choose to support other parent resources. - * Implementations supporting other types of parent resources MUST clearly - * document how/if Port is interpreted. + * Output: + * GET /foo HTTP/1.1 + * my-header: bar * + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifier#set + */ + readonly set?: HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet[]; + +} + +/** + * Converts an object of type 'HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifier' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifier(obj: HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifier | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'add': obj.add?.map(y => toJson_HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd(y)), + 'remove': obj.remove?.map(y => y), + 'set': obj.set?.map(y => toJson_HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * RequestMirror defines a schema for a filter that mirrors requests. + * Requests are sent to the specified destination, but responses from + * that destination are ignored. + * + * + * This filter can be used multiple times within the same rule. Note that + * not all implementations will be able to support mirroring to multiple + * backends. + * + * + * Support: Extended + * + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestMirror + */ +export interface HttpRouteSpecRulesBackendRefsFiltersRequestMirror { + /** + * BackendRef references a resource where mirrored requests are sent. * - * For the purpose of status, an attachment is considered successful as - * long as the parent resource accepts it partially. For example, Gateway - * listeners can restrict which Routes can attach to them by Route kind, - * namespace, or hostname. If 1 of 2 Gateway listeners accept attachment - * from the referencing Route, the Route MUST be considered successfully - * attached. If no Gateway listeners accept attachment from this Route, - * the Route MUST be considered detached from the Gateway. * + * Mirrored requests must be sent only to a single destination endpoint + * within this BackendRef, irrespective of how many endpoints are present + * within this BackendRef. * - * Support: Extended * - * @schema HttpRouteSpecParentRefs#port - */ - readonly port?: number; - - /** - * SectionName is the name of a section within the target resource. In the - * following resources, SectionName is interpreted as the following: + * If the referent cannot be found, this BackendRef is invalid and must be + * dropped from the Gateway. The controller must ensure the "ResolvedRefs" + * condition on the Route status is set to `status: False` and not configure + * this backend in the underlying implementation. * * - * * Gateway: Listener name. When both Port (experimental) and SectionName - * are specified, the name and port of the selected listener must match - * both specified values. - * * Service: Port name. When both Port (experimental) and SectionName - * are specified, the name and port of the selected listener must match - * both specified values. + * If there is a cross-namespace reference to an *existing* object + * that is not allowed by a ReferenceGrant, the controller must ensure the + * "ResolvedRefs" condition on the Route is set to `status: False`, + * with the "RefNotPermitted" reason and not configure this backend in the + * underlying implementation. * * - * Implementations MAY choose to support attaching Routes to other resources. - * If that is the case, they MUST clearly document how SectionName is - * interpreted. + * In either error case, the Message of the `ResolvedRefs` Condition + * should be used to provide more detail about the problem. * * - * When unspecified (empty string), this will reference the entire resource. - * For the purpose of status, an attachment is considered successful if at - * least one section in the parent resource accepts it. For example, Gateway - * listeners can restrict which Routes can attach to them by Route kind, - * namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from - * the referencing Route, the Route MUST be considered successfully - * attached. If no Gateway listeners accept attachment from this Route, the - * Route MUST be considered detached from the Gateway. + * Support: Extended for Kubernetes Service * * - * Support: Core + * Support: Implementation-specific for any other resource * - * @schema HttpRouteSpecParentRefs#sectionName + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestMirror#backendRef */ - readonly sectionName?: string; + readonly backendRef: HttpRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef; } /** - * Converts an object of type 'HttpRouteSpecParentRefs' to JSON representation. + * Converts an object of type 'HttpRouteSpecRulesBackendRefsFiltersRequestMirror' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecParentRefs(obj: HttpRouteSpecParentRefs | undefined): Record | undefined { +export function toJson_HttpRouteSpecRulesBackendRefsFiltersRequestMirror(obj: HttpRouteSpecRulesBackendRefsFiltersRequestMirror | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'group': obj.group, - 'kind': obj.kind, - 'name': obj.name, - 'namespace': obj.namespace, - 'port': obj.port, - 'sectionName': obj.sectionName, + 'backendRef': toJson_HttpRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef(obj.backendRef), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -8257,195 +12207,427 @@ export function toJson_HttpRouteSpecParentRefs(obj: HttpRouteSpecParentRefs | un /* eslint-enable max-len, quote-props */ /** - * HTTPRouteRule defines semantics for matching an HTTP request based on - * conditions (matches), processing it (filters), and forwarding the request to - * an API object (backendRefs). + * RequestRedirect defines a schema for a filter that responds to the + * request with an HTTP redirection. * - * @schema HttpRouteSpecRules + * + * Support: Core + * + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirect */ -export interface HttpRouteSpecRules { +export interface HttpRouteSpecRulesBackendRefsFiltersRequestRedirect { /** - * BackendRefs defines the backend(s) where matching requests should be - * sent. - * - * - * Failure behavior here depends on how many BackendRefs are specified and - * how many are invalid. + * Hostname is the hostname to be used in the value of the `Location` + * header in the response. + * When empty, the hostname in the `Host` header of the request is used. * * - * If *all* entries in BackendRefs are invalid, and there are also no filters - * specified in this route rule, *all* traffic which matches this rule MUST - * receive a 500 status code. + * Support: Core * + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirect#hostname + */ + readonly hostname?: string; + + /** + * Path defines parameters used to modify the path of the incoming request. + * The modified path is then used to construct the `Location` header. When + * empty, the request path is used as-is. * - * See the HTTPBackendRef definition for the rules about what makes a single - * HTTPBackendRef invalid. * + * Support: Extended * - * When a HTTPBackendRef is invalid, 500 status codes MUST be returned for - * requests that would have otherwise been routed to an invalid backend. If - * multiple backends are specified, and some are invalid, the proportion of - * requests that would otherwise have been routed to an invalid backend - * MUST receive a 500 status code. + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirect#path + */ + readonly path?: HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPath; + + /** + * Port is the port to be used in the value of the `Location` + * header in the response. * * - * For example, if two backends are specified with equal weights, and one is - * invalid, 50 percent of traffic must receive a 500. Implementations may - * choose how that 50 percent is determined. + * If no port is specified, the redirect port MUST be derived using the + * following rules: * * - * Support: Core for Kubernetes Service + * * If redirect scheme is not-empty, the redirect port MUST be the well-known + * port associated with the redirect scheme. Specifically "http" to port 80 + * and "https" to port 443. If the redirect scheme does not have a + * well-known port, the listener port of the Gateway SHOULD be used. + * * If redirect scheme is empty, the redirect port MUST be the Gateway + * Listener port. * * - * Support: Extended for Kubernetes ServiceImport + * Implementations SHOULD NOT add the port number in the 'Location' + * header in the following cases: * * - * Support: Implementation-specific for any other resource + * * A Location header that will use HTTP (whether that is determined via + * the Listener protocol or the Scheme field) _and_ use port 80. + * * A Location header that will use HTTPS (whether that is determined via + * the Listener protocol or the Scheme field) _and_ use port 443. * * - * Support for weight: Core + * Support: Extended * - * @schema HttpRouteSpecRules#backendRefs + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirect#port */ - readonly backendRefs?: HttpRouteSpecRulesBackendRefs[]; + readonly port?: number; /** - * Filters define the filters that are applied to requests that match - * this rule. + * Scheme is the scheme to be used in the value of the `Location` header in + * the response. When empty, the scheme of the request is used. * * - * Wherever possible, implementations SHOULD implement filters in the order - * they are specified. + * Scheme redirects can affect the port of the redirect, for more information, + * refer to the documentation for the port field of this filter. + * * + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. + * + * + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. + * + * + * Support: Extended + * + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirect#scheme + */ + readonly scheme?: HttpRouteSpecRulesBackendRefsFiltersRequestRedirectScheme; + + /** + * StatusCode is the HTTP status code to be used in response. * - * Implementations MAY choose to implement this ordering strictly, rejecting - * any combination or order of filters that can not be supported. If implementations - * choose a strict interpretation of filter ordering, they MUST clearly document - * that behavior. * + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. * - * To reject an invalid combination or order of filters, implementations SHOULD - * consider the Route Rules with this configuration invalid. If all Route Rules - * in a Route are invalid, the entire Route would be considered invalid. If only - * a portion of Route Rules are invalid, implementations MUST set the - * "PartiallyInvalid" condition for the Route. * + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. * - * Conformance-levels at this level are defined based on the type of filter: * + * Support: Core * - * - ALL core filters MUST be supported by all implementations. - * - Implementers are encouraged to support extended filters. - * - Implementation-specific custom filters have no API guarantees across - * implementations. + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirect#statusCode + */ + readonly statusCode?: HttpRouteSpecRulesBackendRefsFiltersRequestRedirectStatusCode; + +} + +/** + * Converts an object of type 'HttpRouteSpecRulesBackendRefsFiltersRequestRedirect' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_HttpRouteSpecRulesBackendRefsFiltersRequestRedirect(obj: HttpRouteSpecRulesBackendRefsFiltersRequestRedirect | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'hostname': obj.hostname, + 'path': toJson_HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPath(obj.path), + 'port': obj.port, + 'scheme': obj.scheme, + 'statusCode': obj.statusCode, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ResponseHeaderModifier defines a schema for a filter that modifies response + * headers. + * + * + * Support: Extended + * + * @schema HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifier + */ +export interface HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifier { + /** + * Add adds the given header(s) (name, value) to the request + * before the action. It appends to any existing values associated + * with the header name. * * - * Specifying the same filter multiple times is not supported unless explicitly - * indicated in the filter. + * Input: + * GET /foo HTTP/1.1 + * my-header: foo * * - * All filters are expected to be compatible with each other except for the - * URLRewrite and RequestRedirect filters, which may not be combined. If an - * implementation can not support other combinations of filters, they must clearly - * document that limitation. In cases where incompatible or unsupported - * filters are specified and cause the `Accepted` condition to be set to status - * `False`, implementations may use the `IncompatibleFilters` reason to specify - * this configuration error. + * Config: + * add: + * - name: "my-header" + * value: "bar,baz" * * - * Support: Core + * Output: + * GET /foo HTTP/1.1 + * my-header: foo,bar,baz * - * @schema HttpRouteSpecRules#filters + * @schema HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifier#add */ - readonly filters?: HttpRouteSpecRulesFilters[]; + readonly add?: HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd[]; /** - * Matches define conditions used for matching the rule against incoming - * HTTP requests. Each match is independent, i.e. this rule will be matched - * if **any** one of the matches is satisfied. + * Remove the given header(s) from the HTTP request before the action. The + * value of Remove is a list of HTTP header names. Note that the header + * names are case-insensitive (see + * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). * * - * For example, take the following matches configuration: + * Input: + * GET /foo HTTP/1.1 + * my-header1: foo + * my-header2: bar + * my-header3: baz * * - * ``` - * matches: - * - path: - * value: "/foo" - * headers: - * - name: "version" - * value: "v2" - * - path: - * value: "/v2/foo" - * ``` + * Config: + * remove: ["my-header1", "my-header3"] * * - * For a request to match against this rule, a request must satisfy - * EITHER of the two conditions: + * Output: + * GET /foo HTTP/1.1 + * my-header2: bar + * + * @schema HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifier#remove + */ + readonly remove?: string[]; + + /** + * Set overwrites the request with the given header (name, value) + * before the action. * * - * - path prefixed with `/foo` AND contains the header `version: v2` - * - path prefix of `/v2/foo` + * Input: + * GET /foo HTTP/1.1 + * my-header: foo * * - * See the documentation for HTTPRouteMatch on how to specify multiple - * match conditions that should be ANDed together. + * Config: + * set: + * - name: "my-header" + * value: "bar" * * - * If no matches are specified, the default is a prefix - * path match on "/", which has the effect of matching every - * HTTP request. + * Output: + * GET /foo HTTP/1.1 + * my-header: bar * + * @schema HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifier#set + */ + readonly set?: HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet[]; + +} + +/** + * Converts an object of type 'HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifier' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifier(obj: HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifier | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'add': obj.add?.map(y => toJson_HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd(y)), + 'remove': obj.remove?.map(y => y), + 'set': obj.set?.map(y => toJson_HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Type identifies the type of filter to apply. As with other API fields, + * types are classified into three conformance levels: + * + * + * - Core: Filter types and their corresponding configuration defined by + * "Support: Core" in this package, e.g. "RequestHeaderModifier". All + * implementations must support core filters. + * + * + * - Extended: Filter types and their corresponding configuration defined by + * "Support: Extended" in this package, e.g. "RequestMirror". Implementers + * are encouraged to support extended filters. + * + * + * - Implementation-specific: Filters that are defined and supported by + * specific vendors. + * In the future, filters showing convergence in behavior across multiple + * implementations will be considered for inclusion in extended or core + * conformance levels. Filter-specific configuration for such filters + * is specified using the ExtensionRef field. `Type` should be set to + * "ExtensionRef" for custom filters. + * + * + * Implementers are encouraged to define custom implementation types to + * extend the core API with implementation-specific behavior. + * + * + * If a reference to a custom filter type cannot be resolved, the filter + * MUST NOT be skipped. Instead, requests that would have been processed by + * that filter MUST receive a HTTP error response. + * + * + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. + * + * + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. + * + * @schema HttpRouteSpecRulesBackendRefsFiltersType + */ +export enum HttpRouteSpecRulesBackendRefsFiltersType { + /** RequestHeaderModifier */ + REQUEST_HEADER_MODIFIER = "RequestHeaderModifier", + /** ResponseHeaderModifier */ + RESPONSE_HEADER_MODIFIER = "ResponseHeaderModifier", + /** RequestMirror */ + REQUEST_MIRROR = "RequestMirror", + /** RequestRedirect */ + REQUEST_REDIRECT = "RequestRedirect", + /** URLRewrite */ + URL_REWRITE = "URLRewrite", + /** ExtensionRef */ + EXTENSION_REF = "ExtensionRef", +} + +/** + * URLRewrite defines a schema for a filter that modifies a request during forwarding. + * + * + * Support: Extended + * + * @schema HttpRouteSpecRulesBackendRefsFiltersUrlRewrite + */ +export interface HttpRouteSpecRulesBackendRefsFiltersUrlRewrite { + /** + * Hostname is the value to be used to replace the Host header value during + * forwarding. * - * Proxy or Load Balancer routing configuration generated from HTTPRoutes - * MUST prioritize matches based on the following criteria, continuing on - * ties. Across all rules specified on applicable Routes, precedence must be - * given to the match having: * + * Support: Extended * - * * "Exact" path match. - * * "Prefix" path match with largest number of characters. - * * Method match. - * * Largest number of header matches. - * * Largest number of query param matches. + * @schema HttpRouteSpecRulesBackendRefsFiltersUrlRewrite#hostname + */ + readonly hostname?: string; + + /** + * Path defines a path rewrite. * * - * Note: The precedence of RegularExpression path matches are implementation-specific. + * Support: Extended * + * @schema HttpRouteSpecRulesBackendRefsFiltersUrlRewrite#path + */ + readonly path?: HttpRouteSpecRulesBackendRefsFiltersUrlRewritePath; + +} + +/** + * Converts an object of type 'HttpRouteSpecRulesBackendRefsFiltersUrlRewrite' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_HttpRouteSpecRulesBackendRefsFiltersUrlRewrite(obj: HttpRouteSpecRulesBackendRefsFiltersUrlRewrite | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'hostname': obj.hostname, + 'path': toJson_HttpRouteSpecRulesBackendRefsFiltersUrlRewritePath(obj.path), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * + * @schema HttpRouteSpecRulesFiltersRequestHeaderModifierAdd + */ +export interface HttpRouteSpecRulesFiltersRequestHeaderModifierAdd { + /** + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * - * If ties still exist across multiple Routes, matching precedence MUST be - * determined in order of the following criteria, continuing on ties: * + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * - * * The oldest Route based on creation timestamp. - * * The Route appearing first in alphabetical order by - * "{namespace}/{name}". + * @schema HttpRouteSpecRulesFiltersRequestHeaderModifierAdd#name + */ + readonly name: string; + + /** + * Value is the value of HTTP Header to be matched. * + * @schema HttpRouteSpecRulesFiltersRequestHeaderModifierAdd#value + */ + readonly value: string; + +} + +/** + * Converts an object of type 'HttpRouteSpecRulesFiltersRequestHeaderModifierAdd' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_HttpRouteSpecRulesFiltersRequestHeaderModifierAdd(obj: HttpRouteSpecRulesFiltersRequestHeaderModifierAdd | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * + * @schema HttpRouteSpecRulesFiltersRequestHeaderModifierSet + */ +export interface HttpRouteSpecRulesFiltersRequestHeaderModifierSet { + /** + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * - * If ties still exist within an HTTPRoute, matching precedence MUST be granted - * to the FIRST matching rule (in list order) with a match meeting the above - * criteria. * + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * - * When no rules matching a request have been successfully attached to the - * parent a request is coming from, a HTTP 404 status code MUST be returned. + * @schema HttpRouteSpecRulesFiltersRequestHeaderModifierSet#name + */ + readonly name: string; + + /** + * Value is the value of HTTP Header to be matched. * - * @schema HttpRouteSpecRules#matches + * @schema HttpRouteSpecRulesFiltersRequestHeaderModifierSet#value */ - readonly matches?: HttpRouteSpecRulesMatches[]; + readonly value: string; } /** - * Converts an object of type 'HttpRouteSpecRules' to JSON representation. + * Converts an object of type 'HttpRouteSpecRulesFiltersRequestHeaderModifierSet' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRules(obj: HttpRouteSpecRules | undefined): Record | undefined { +export function toJson_HttpRouteSpecRulesFiltersRequestHeaderModifierSet(obj: HttpRouteSpecRulesFiltersRequestHeaderModifierSet | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'backendRefs': obj.backendRefs?.map(y => toJson_HttpRouteSpecRulesBackendRefs(y)), - 'filters': obj.filters?.map(y => toJson_HttpRouteSpecRulesFilters(y)), - 'matches': obj.matches?.map(y => toJson_HttpRouteSpecRulesMatches(y)), + 'name': obj.name, + 'value': obj.value, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -8453,58 +12635,44 @@ export function toJson_HttpRouteSpecRules(obj: HttpRouteSpecRules | undefined): /* eslint-enable max-len, quote-props */ /** - * HTTPBackendRef defines how a HTTPRoute forwards a HTTP request. - * - * - * Note that when a namespace different than the local namespace is specified, a - * ReferenceGrant object is required in the referent namespace to allow that - * namespace's owner to accept the reference. See the ReferenceGrant - * documentation for details. + * BackendRef references a resource where mirrored requests are sent. * * - * + * Mirrored requests must be sent only to a single destination endpoint + * within this BackendRef, irrespective of how many endpoints are present + * within this BackendRef. * * - * When the BackendRef points to a Kubernetes Service, implementations SHOULD - * honor the appProtocol field if it is set for the target Service Port. + * If the referent cannot be found, this BackendRef is invalid and must be + * dropped from the Gateway. The controller must ensure the "ResolvedRefs" + * condition on the Route status is set to `status: False` and not configure + * this backend in the underlying implementation. * * - * Implementations supporting appProtocol SHOULD recognize the Kubernetes - * Standard Application Protocols defined in KEP-3726. + * If there is a cross-namespace reference to an *existing* object + * that is not allowed by a ReferenceGrant, the controller must ensure the + * "ResolvedRefs" condition on the Route is set to `status: False`, + * with the "RefNotPermitted" reason and not configure this backend in the + * underlying implementation. * * - * If a Service appProtocol isn't specified, an implementation MAY infer the - * backend protocol through its own means. Implementations MAY infer the - * protocol from the Route type referring to the backend Service. + * In either error case, the Message of the `ResolvedRefs` Condition + * should be used to provide more detail about the problem. * * - * If a Route is not able to send traffic to the backend using the specified - * protocol then the backend is considered invalid. Implementations MUST set the - * "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason. + * Support: Extended for Kubernetes Service * * - * + * Support: Implementation-specific for any other resource * - * @schema HttpRouteSpecRulesBackendRefs + * @schema HttpRouteSpecRulesFiltersRequestMirrorBackendRef */ -export interface HttpRouteSpecRulesBackendRefs { - /** - * Filters defined at this level should be executed if and only if the - * request is being forwarded to the backend defined here. - * - * - * Support: Implementation-specific (For broader support of filters, use the - * Filters field in HTTPRouteRule.) - * - * @schema HttpRouteSpecRulesBackendRefs#filters - */ - readonly filters?: HttpRouteSpecRulesBackendRefsFilters[]; - +export interface HttpRouteSpecRulesFiltersRequestMirrorBackendRef { /** * Group is the group of the referent. For example, "gateway.networking.k8s.io". * When unspecified or empty string, core API group is inferred. * - * @schema HttpRouteSpecRulesBackendRefs#group + * @schema HttpRouteSpecRulesFiltersRequestMirrorBackendRef#group */ readonly group?: string; @@ -8529,14 +12697,14 @@ export interface HttpRouteSpecRulesBackendRefs { * Support: Implementation-specific (Services with type ExternalName) * * @default Service" when not specified. - * @schema HttpRouteSpecRulesBackendRefs#kind + * @schema HttpRouteSpecRulesFiltersRequestMirrorBackendRef#kind */ readonly kind?: string; /** * Name is the name of the referent. * - * @schema HttpRouteSpecRulesBackendRefs#name + * @schema HttpRouteSpecRulesFiltersRequestMirrorBackendRef#name */ readonly name: string; @@ -8553,7 +12721,7 @@ export interface HttpRouteSpecRulesBackendRefs { * * Support: Core * - * @schema HttpRouteSpecRulesBackendRefs#namespace + * @schema HttpRouteSpecRulesFiltersRequestMirrorBackendRef#namespace */ readonly namespace?: string; @@ -8564,47 +12732,24 @@ export interface HttpRouteSpecRulesBackendRefs { * For other resources, destination port might be derived from the referent * resource or this field. * - * @schema HttpRouteSpecRulesBackendRefs#port + * @schema HttpRouteSpecRulesFiltersRequestMirrorBackendRef#port */ readonly port?: number; - /** - * Weight specifies the proportion of requests forwarded to the referenced - * backend. This is computed as weight/(sum of all weights in this - * BackendRefs list). For non-zero values, there may be some epsilon from - * the exact proportion defined here depending on the precision an - * implementation supports. Weight is not a percentage and the sum of - * weights does not need to equal 100. - * - * - * If only one backend is specified and it has a weight greater than 0, 100% - * of the traffic is forwarded to that backend. If weight is set to 0, no - * traffic should be forwarded for this entry. If unspecified, weight - * defaults to 1. - * - * - * Support for this field varies based on the context where used. - * - * @schema HttpRouteSpecRulesBackendRefs#weight - */ - readonly weight?: number; - } /** - * Converts an object of type 'HttpRouteSpecRulesBackendRefs' to JSON representation. + * Converts an object of type 'HttpRouteSpecRulesFiltersRequestMirrorBackendRef' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesBackendRefs(obj: HttpRouteSpecRulesBackendRefs | undefined): Record | undefined { +export function toJson_HttpRouteSpecRulesFiltersRequestMirrorBackendRef(obj: HttpRouteSpecRulesFiltersRequestMirrorBackendRef | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'filters': obj.filters?.map(y => toJson_HttpRouteSpecRulesBackendRefsFilters(y)), 'group': obj.group, 'kind': obj.kind, 'name': obj.name, 'namespace': obj.namespace, 'port': obj.port, - 'weight': obj.weight, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -8612,113 +12757,64 @@ export function toJson_HttpRouteSpecRulesBackendRefs(obj: HttpRouteSpecRulesBack /* eslint-enable max-len, quote-props */ /** - * HTTPRouteFilter defines processing steps that must be completed during the - * request or response lifecycle. HTTPRouteFilters are meant as an extension - * point to express processing that may be done in Gateway implementations. Some - * examples include request or response modification, implementing - * authentication strategies, rate-limiting, and traffic shaping. API - * guarantee/conformance is defined based on the type of the filter. + * Path defines parameters used to modify the path of the incoming request. + * The modified path is then used to construct the `Location` header. When + * empty, the request path is used as-is. * - * @schema HttpRouteSpecRulesFilters - */ -export interface HttpRouteSpecRulesFilters { - /** - * ExtensionRef is an optional, implementation-specific extension to the - * "filter" behavior. For example, resource "myroutefilter" in group - * "networking.example.net"). ExtensionRef MUST NOT be used for core and - * extended filters. - * - * - * This filter can be used multiple times within the same rule. - * - * - * Support: Implementation-specific - * - * @schema HttpRouteSpecRulesFilters#extensionRef - */ - readonly extensionRef?: HttpRouteSpecRulesFiltersExtensionRef; - - /** - * RequestHeaderModifier defines a schema for a filter that modifies request - * headers. - * - * - * Support: Core - * - * @schema HttpRouteSpecRulesFilters#requestHeaderModifier - */ - readonly requestHeaderModifier?: HttpRouteSpecRulesFiltersRequestHeaderModifier; - - /** - * RequestMirror defines a schema for a filter that mirrors requests. - * Requests are sent to the specified destination, but responses from - * that destination are ignored. - * - * - * This filter can be used multiple times within the same rule. Note that - * not all implementations will be able to support mirroring to multiple - * backends. - * - * - * Support: Extended - * - * @schema HttpRouteSpecRulesFilters#requestMirror - */ - readonly requestMirror?: HttpRouteSpecRulesFiltersRequestMirror; - - /** - * RequestRedirect defines a schema for a filter that responds to the - * request with an HTTP redirection. - * - * - * Support: Core - * - * @schema HttpRouteSpecRulesFilters#requestRedirect - */ - readonly requestRedirect?: HttpRouteSpecRulesFiltersRequestRedirect; - + * + * Support: Extended + * + * @schema HttpRouteSpecRulesFiltersRequestRedirectPath + */ +export interface HttpRouteSpecRulesFiltersRequestRedirectPath { /** - * ResponseHeaderModifier defines a schema for a filter that modifies response - * headers. - * - * - * Support: Extended + * ReplaceFullPath specifies the value with which to replace the full path + * of a request during a rewrite or redirect. * - * @schema HttpRouteSpecRulesFilters#responseHeaderModifier + * @schema HttpRouteSpecRulesFiltersRequestRedirectPath#replaceFullPath */ - readonly responseHeaderModifier?: HttpRouteSpecRulesFiltersResponseHeaderModifier; + readonly replaceFullPath?: string; /** - * Type identifies the type of filter to apply. As with other API fields, - * types are classified into three conformance levels: - * - * - * - Core: Filter types and their corresponding configuration defined by - * "Support: Core" in this package, e.g. "RequestHeaderModifier". All - * implementations must support core filters. - * + * ReplacePrefixMatch specifies the value with which to replace the prefix + * match of a request during a rewrite or redirect. For example, a request + * to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch + * of "/xyz" would be modified to "/xyz/bar". * - * - Extended: Filter types and their corresponding configuration defined by - * "Support: Extended" in this package, e.g. "RequestMirror". Implementers - * are encouraged to support extended filters. * + * Note that this matches the behavior of the PathPrefix match type. This + * matches full path elements. A path element refers to the list of labels + * in the path split by the `/` separator. When specified, a trailing `/` is + * ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all + * match the prefix `/abc`, but the path `/abcd` would not. * - * - Implementation-specific: Filters that are defined and supported by - * specific vendors. - * In the future, filters showing convergence in behavior across multiple - * implementations will be considered for inclusion in extended or core - * conformance levels. Filter-specific configuration for such filters - * is specified using the ExtensionRef field. `Type` should be set to - * "ExtensionRef" for custom filters. * + * ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. + * Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in + * the implementation setting the Accepted Condition for the Route to `status: False`. * - * Implementers are encouraged to define custom implementation types to - * extend the core API with implementation-specific behavior. * + * Request Path | Prefix Match | Replace Prefix | Modified Path + * -------------|--------------|----------------|---------- + * /foo/bar | /foo | /xyz | /xyz/bar + * /foo/bar | /foo | /xyz/ | /xyz/bar + * /foo/bar | /foo/ | /xyz | /xyz/bar + * /foo/bar | /foo/ | /xyz/ | /xyz/bar + * /foo | /foo | /xyz | /xyz + * /foo/ | /foo | /xyz | /xyz/ + * /foo/bar | /foo | | /bar + * /foo/ | /foo | | / + * /foo | /foo | | / + * /foo/ | /foo | / | / + * /foo | /foo | / | / * - * If a reference to a custom filter type cannot be resolved, the filter - * MUST NOT be skipped. Instead, requests that would have been processed by - * that filter MUST receive a HTTP error response. + * @schema HttpRouteSpecRulesFiltersRequestRedirectPath#replacePrefixMatch + */ + readonly replacePrefixMatch?: string; + + /** + * Type defines the type of path modifier. Additional types may be + * added in a future release of the API. * * * Note that values may be added to this enum, implementations @@ -8729,36 +12825,22 @@ export interface HttpRouteSpecRulesFilters { * Accepted Condition for the Route to `status: False`, with a * Reason of `UnsupportedValue`. * - * @schema HttpRouteSpecRulesFilters#type - */ - readonly type: HttpRouteSpecRulesFiltersType; - - /** - * URLRewrite defines a schema for a filter that modifies a request during forwarding. - * - * - * Support: Extended - * - * @schema HttpRouteSpecRulesFilters#urlRewrite + * @schema HttpRouteSpecRulesFiltersRequestRedirectPath#type */ - readonly urlRewrite?: HttpRouteSpecRulesFiltersUrlRewrite; + readonly type: HttpRouteSpecRulesFiltersRequestRedirectPathType; } /** - * Converts an object of type 'HttpRouteSpecRulesFilters' to JSON representation. + * Converts an object of type 'HttpRouteSpecRulesFiltersRequestRedirectPath' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesFilters(obj: HttpRouteSpecRulesFilters | undefined): Record | undefined { +export function toJson_HttpRouteSpecRulesFiltersRequestRedirectPath(obj: HttpRouteSpecRulesFiltersRequestRedirectPath | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'extensionRef': toJson_HttpRouteSpecRulesFiltersExtensionRef(obj.extensionRef), - 'requestHeaderModifier': toJson_HttpRouteSpecRulesFiltersRequestHeaderModifier(obj.requestHeaderModifier), - 'requestMirror': toJson_HttpRouteSpecRulesFiltersRequestMirror(obj.requestMirror), - 'requestRedirect': toJson_HttpRouteSpecRulesFiltersRequestRedirect(obj.requestRedirect), - 'responseHeaderModifier': toJson_HttpRouteSpecRulesFiltersResponseHeaderModifier(obj.responseHeaderModifier), + 'replaceFullPath': obj.replaceFullPath, + 'replacePrefixMatch': obj.replacePrefixMatch, 'type': obj.type, - 'urlRewrite': toJson_HttpRouteSpecRulesFiltersUrlRewrite(obj.urlRewrite), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -8766,85 +12848,97 @@ export function toJson_HttpRouteSpecRulesFilters(obj: HttpRouteSpecRulesFilters /* eslint-enable max-len, quote-props */ /** - * HTTPRouteMatch defines the predicate used to match requests to a given - * action. Multiple match types are ANDed together, i.e. the match will - * evaluate to true only if all conditions are satisfied. + * Scheme is the scheme to be used in the value of the `Location` header in + * the response. When empty, the scheme of the request is used. * * - * For example, the match below will match a HTTP request only if its path - * starts with `/foo` AND it contains the `version: v1` header: + * Scheme redirects can affect the port of the redirect, for more information, + * refer to the documentation for the port field of this filter. * * - * ``` - * match: + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. * * - * path: - * value: "/foo" - * headers: - * - name: "version" - * value "v1" + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. * * - * ``` + * Support: Extended * - * @schema HttpRouteSpecRulesMatches + * @schema HttpRouteSpecRulesFiltersRequestRedirectScheme */ -export interface HttpRouteSpecRulesMatches { - /** - * Headers specifies HTTP request header matchers. Multiple match values are - * ANDed together, meaning, a request must match all the specified headers - * to select the route. - * - * @schema HttpRouteSpecRulesMatches#headers - */ - readonly headers?: HttpRouteSpecRulesMatchesHeaders[]; +export enum HttpRouteSpecRulesFiltersRequestRedirectScheme { + /** http */ + HTTP = "http", + /** https */ + HTTPS = "https", +} + +/** + * StatusCode is the HTTP status code to be used in response. + * + * + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. + * + * + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. + * + * + * Support: Core + * + * @schema HttpRouteSpecRulesFiltersRequestRedirectStatusCode + */ +export enum HttpRouteSpecRulesFiltersRequestRedirectStatusCode { + /** 301 */ + VALUE_301 = 301, + /** 302 */ + VALUE_302 = 302, +} +/** + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * + * @schema HttpRouteSpecRulesFiltersResponseHeaderModifierAdd + */ +export interface HttpRouteSpecRulesFiltersResponseHeaderModifierAdd { /** - * Method specifies HTTP method matcher. - * When specified, this route will be matched only if the request has the - * specified method. - * + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * - * Support: Extended * - * @schema HttpRouteSpecRulesMatches#method - */ - readonly method?: HttpRouteSpecRulesMatchesMethod; - - /** - * Path specifies a HTTP request path matcher. If this field is not - * specified, a default prefix match on the "/" path is provided. + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * - * @schema HttpRouteSpecRulesMatches#path + * @schema HttpRouteSpecRulesFiltersResponseHeaderModifierAdd#name */ - readonly path?: HttpRouteSpecRulesMatchesPath; + readonly name: string; /** - * QueryParams specifies HTTP query parameter matchers. Multiple match - * values are ANDed together, meaning, a request must match all the - * specified query parameters to select the route. - * - * - * Support: Extended + * Value is the value of HTTP Header to be matched. * - * @schema HttpRouteSpecRulesMatches#queryParams + * @schema HttpRouteSpecRulesFiltersResponseHeaderModifierAdd#value */ - readonly queryParams?: HttpRouteSpecRulesMatchesQueryParams[]; + readonly value: string; } /** - * Converts an object of type 'HttpRouteSpecRulesMatches' to JSON representation. + * Converts an object of type 'HttpRouteSpecRulesFiltersResponseHeaderModifierAdd' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesMatches(obj: HttpRouteSpecRulesMatches | undefined): Record | undefined { +export function toJson_HttpRouteSpecRulesFiltersResponseHeaderModifierAdd(obj: HttpRouteSpecRulesFiltersResponseHeaderModifierAdd | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'headers': obj.headers?.map(y => toJson_HttpRouteSpecRulesMatchesHeaders(y)), - 'method': obj.method, - 'path': toJson_HttpRouteSpecRulesMatchesPath(obj.path), - 'queryParams': obj.queryParams?.map(y => toJson_HttpRouteSpecRulesMatchesQueryParams(y)), + 'name': obj.name, + 'value': obj.value, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -8852,113 +12946,107 @@ export function toJson_HttpRouteSpecRulesMatches(obj: HttpRouteSpecRulesMatches /* eslint-enable max-len, quote-props */ /** - * HTTPRouteFilter defines processing steps that must be completed during the - * request or response lifecycle. HTTPRouteFilters are meant as an extension - * point to express processing that may be done in Gateway implementations. Some - * examples include request or response modification, implementing - * authentication strategies, rate-limiting, and traffic shaping. API - * guarantee/conformance is defined based on the type of the filter. + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. * - * @schema HttpRouteSpecRulesBackendRefsFilters + * @schema HttpRouteSpecRulesFiltersResponseHeaderModifierSet */ -export interface HttpRouteSpecRulesBackendRefsFilters { - /** - * ExtensionRef is an optional, implementation-specific extension to the - * "filter" behavior. For example, resource "myroutefilter" in group - * "networking.example.net"). ExtensionRef MUST NOT be used for core and - * extended filters. - * - * - * This filter can be used multiple times within the same rule. - * - * - * Support: Implementation-specific - * - * @schema HttpRouteSpecRulesBackendRefsFilters#extensionRef - */ - readonly extensionRef?: HttpRouteSpecRulesBackendRefsFiltersExtensionRef; - - /** - * RequestHeaderModifier defines a schema for a filter that modifies request - * headers. - * - * - * Support: Core - * - * @schema HttpRouteSpecRulesBackendRefsFilters#requestHeaderModifier - */ - readonly requestHeaderModifier?: HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifier; - - /** - * RequestMirror defines a schema for a filter that mirrors requests. - * Requests are sent to the specified destination, but responses from - * that destination are ignored. - * - * - * This filter can be used multiple times within the same rule. Note that - * not all implementations will be able to support mirroring to multiple - * backends. +export interface HttpRouteSpecRulesFiltersResponseHeaderModifierSet { + /** + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * * - * Support: Extended + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * - * @schema HttpRouteSpecRulesBackendRefsFilters#requestMirror + * @schema HttpRouteSpecRulesFiltersResponseHeaderModifierSet#name */ - readonly requestMirror?: HttpRouteSpecRulesBackendRefsFiltersRequestMirror; + readonly name: string; /** - * RequestRedirect defines a schema for a filter that responds to the - * request with an HTTP redirection. - * - * - * Support: Core + * Value is the value of HTTP Header to be matched. * - * @schema HttpRouteSpecRulesBackendRefsFilters#requestRedirect + * @schema HttpRouteSpecRulesFiltersResponseHeaderModifierSet#value */ - readonly requestRedirect?: HttpRouteSpecRulesBackendRefsFiltersRequestRedirect; + readonly value: string; + +} + +/** + * Converts an object of type 'HttpRouteSpecRulesFiltersResponseHeaderModifierSet' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_HttpRouteSpecRulesFiltersResponseHeaderModifierSet(obj: HttpRouteSpecRulesFiltersResponseHeaderModifierSet | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ +/** + * Path defines a path rewrite. + * + * + * Support: Extended + * + * @schema HttpRouteSpecRulesFiltersUrlRewritePath + */ +export interface HttpRouteSpecRulesFiltersUrlRewritePath { /** - * ResponseHeaderModifier defines a schema for a filter that modifies response - * headers. - * - * - * Support: Extended + * ReplaceFullPath specifies the value with which to replace the full path + * of a request during a rewrite or redirect. * - * @schema HttpRouteSpecRulesBackendRefsFilters#responseHeaderModifier + * @schema HttpRouteSpecRulesFiltersUrlRewritePath#replaceFullPath */ - readonly responseHeaderModifier?: HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifier; + readonly replaceFullPath?: string; /** - * Type identifies the type of filter to apply. As with other API fields, - * types are classified into three conformance levels: - * - * - * - Core: Filter types and their corresponding configuration defined by - * "Support: Core" in this package, e.g. "RequestHeaderModifier". All - * implementations must support core filters. - * + * ReplacePrefixMatch specifies the value with which to replace the prefix + * match of a request during a rewrite or redirect. For example, a request + * to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch + * of "/xyz" would be modified to "/xyz/bar". * - * - Extended: Filter types and their corresponding configuration defined by - * "Support: Extended" in this package, e.g. "RequestMirror". Implementers - * are encouraged to support extended filters. * + * Note that this matches the behavior of the PathPrefix match type. This + * matches full path elements. A path element refers to the list of labels + * in the path split by the `/` separator. When specified, a trailing `/` is + * ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all + * match the prefix `/abc`, but the path `/abcd` would not. * - * - Implementation-specific: Filters that are defined and supported by - * specific vendors. - * In the future, filters showing convergence in behavior across multiple - * implementations will be considered for inclusion in extended or core - * conformance levels. Filter-specific configuration for such filters - * is specified using the ExtensionRef field. `Type` should be set to - * "ExtensionRef" for custom filters. * + * ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. + * Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in + * the implementation setting the Accepted Condition for the Route to `status: False`. * - * Implementers are encouraged to define custom implementation types to - * extend the core API with implementation-specific behavior. * + * Request Path | Prefix Match | Replace Prefix | Modified Path + * -------------|--------------|----------------|---------- + * /foo/bar | /foo | /xyz | /xyz/bar + * /foo/bar | /foo | /xyz/ | /xyz/bar + * /foo/bar | /foo/ | /xyz | /xyz/bar + * /foo/bar | /foo/ | /xyz/ | /xyz/bar + * /foo | /foo | /xyz | /xyz + * /foo/ | /foo | /xyz | /xyz/ + * /foo/bar | /foo | | /bar + * /foo/ | /foo | | / + * /foo | /foo | | / + * /foo/ | /foo | / | / + * /foo | /foo | / | / * - * If a reference to a custom filter type cannot be resolved, the filter - * MUST NOT be skipped. Instead, requests that would have been processed by - * that filter MUST receive a HTTP error response. + * @schema HttpRouteSpecRulesFiltersUrlRewritePath#replacePrefixMatch + */ + readonly replacePrefixMatch?: string; + + /** + * Type defines the type of path modifier. Additional types may be + * added in a future release of the API. * * * Note that values may be added to this enum, implementations @@ -8969,36 +13057,167 @@ export interface HttpRouteSpecRulesBackendRefsFilters { * Accepted Condition for the Route to `status: False`, with a * Reason of `UnsupportedValue`. * - * @schema HttpRouteSpecRulesBackendRefsFilters#type + * @schema HttpRouteSpecRulesFiltersUrlRewritePath#type */ - readonly type: HttpRouteSpecRulesBackendRefsFiltersType; + readonly type: HttpRouteSpecRulesFiltersUrlRewritePathType; + +} + +/** + * Converts an object of type 'HttpRouteSpecRulesFiltersUrlRewritePath' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_HttpRouteSpecRulesFiltersUrlRewritePath(obj: HttpRouteSpecRulesFiltersUrlRewritePath | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'replaceFullPath': obj.replaceFullPath, + 'replacePrefixMatch': obj.replacePrefixMatch, + 'type': obj.type, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Type specifies how to match against the value of the header. + * + * + * Support: Core (Exact) + * + * + * Support: Implementation-specific (RegularExpression) + * + * + * Since RegularExpression HeaderMatchType has implementation-specific + * conformance, implementations can support POSIX, PCRE or any other dialects + * of regular expressions. Please read the implementation's documentation to + * determine the supported dialect. + * + * @schema HttpRouteSpecRulesMatchesHeadersType + */ +export enum HttpRouteSpecRulesMatchesHeadersType { + /** Exact */ + EXACT = "Exact", + /** RegularExpression */ + REGULAR_EXPRESSION = "RegularExpression", +} + +/** + * Type specifies how to match against the path Value. + * + * + * Support: Core (Exact, PathPrefix) + * + * + * Support: Implementation-specific (RegularExpression) + * + * @schema HttpRouteSpecRulesMatchesPathType + */ +export enum HttpRouteSpecRulesMatchesPathType { + /** Exact */ + EXACT = "Exact", + /** PathPrefix */ + PATH_PREFIX = "PathPrefix", + /** RegularExpression */ + REGULAR_EXPRESSION = "RegularExpression", +} + +/** + * Type specifies how to match against the value of the query parameter. + * + * + * Support: Extended (Exact) + * + * + * Support: Implementation-specific (RegularExpression) + * + * + * Since RegularExpression QueryParamMatchType has Implementation-specific + * conformance, implementations can support POSIX, PCRE or any other + * dialects of regular expressions. Please read the implementation's + * documentation to determine the supported dialect. + * + * @schema HttpRouteSpecRulesMatchesQueryParamsType + */ +export enum HttpRouteSpecRulesMatchesQueryParamsType { + /** Exact */ + EXACT = "Exact", + /** RegularExpression */ + REGULAR_EXPRESSION = "RegularExpression", +} + +/** + * LifetimeType specifies whether the cookie has a permanent or + * session-based lifetime. A permanent cookie persists until its + * specified expiry time, defined by the Expires or Max-Age cookie + * attributes, while a session cookie is deleted when the current + * session ends. + * + * + * When set to "Permanent", AbsoluteTimeout indicates the + * cookie's lifetime via the Expires or Max-Age cookie attributes + * and is required. + * + * + * When set to "Session", AbsoluteTimeout indicates the + * absolute lifetime of the cookie tracked by the gateway and + * is optional. + * + * + * Support: Core for "Session" type + * + * + * Support: Extended for "Permanent" type + * + * @schema HttpRouteSpecRulesSessionPersistenceCookieConfigLifetimeType + */ +export enum HttpRouteSpecRulesSessionPersistenceCookieConfigLifetimeType { + /** Permanent */ + PERMANENT = "Permanent", + /** Session */ + SESSION = "Session", +} +/** + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd + */ +export interface HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd { /** - * URLRewrite defines a schema for a filter that modifies a request during forwarding. + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * * - * Support: Extended + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * - * @schema HttpRouteSpecRulesBackendRefsFilters#urlRewrite + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd#name */ - readonly urlRewrite?: HttpRouteSpecRulesBackendRefsFiltersUrlRewrite; + readonly name: string; + + /** + * Value is the value of HTTP Header to be matched. + * + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd#value + */ + readonly value: string; } /** - * Converts an object of type 'HttpRouteSpecRulesBackendRefsFilters' to JSON representation. + * Converts an object of type 'HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesBackendRefsFilters(obj: HttpRouteSpecRulesBackendRefsFilters | undefined): Record | undefined { +export function toJson_HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd(obj: HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd | undefined): Record | undefined { if (obj === undefined) { return undefined; } - const result = { - 'extensionRef': toJson_HttpRouteSpecRulesBackendRefsFiltersExtensionRef(obj.extensionRef), - 'requestHeaderModifier': toJson_HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifier(obj.requestHeaderModifier), - 'requestMirror': toJson_HttpRouteSpecRulesBackendRefsFiltersRequestMirror(obj.requestMirror), - 'requestRedirect': toJson_HttpRouteSpecRulesBackendRefsFiltersRequestRedirect(obj.requestRedirect), - 'responseHeaderModifier': toJson_HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifier(obj.responseHeaderModifier), - 'type': obj.type, - 'urlRewrite': toJson_HttpRouteSpecRulesBackendRefsFiltersUrlRewrite(obj.urlRewrite), + const result = { + 'name': obj.name, + 'value': obj.value, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -9006,54 +13225,44 @@ export function toJson_HttpRouteSpecRulesBackendRefsFilters(obj: HttpRouteSpecRu /* eslint-enable max-len, quote-props */ /** - * ExtensionRef is an optional, implementation-specific extension to the - * "filter" behavior. For example, resource "myroutefilter" in group - * "networking.example.net"). ExtensionRef MUST NOT be used for core and - * extended filters. - * - * - * This filter can be used multiple times within the same rule. - * - * - * Support: Implementation-specific + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. * - * @schema HttpRouteSpecRulesFiltersExtensionRef + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet */ -export interface HttpRouteSpecRulesFiltersExtensionRef { +export interface HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet { /** - * Group is the group of the referent. For example, "gateway.networking.k8s.io". - * When unspecified or empty string, core API group is inferred. + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * - * @schema HttpRouteSpecRulesFiltersExtensionRef#group - */ - readonly group: string; - - /** - * Kind is kind of the referent. For example "HTTPRoute" or "Service". * - * @schema HttpRouteSpecRulesFiltersExtensionRef#kind + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. + * + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet#name */ - readonly kind: string; + readonly name: string; /** - * Name is the name of the referent. + * Value is the value of HTTP Header to be matched. * - * @schema HttpRouteSpecRulesFiltersExtensionRef#name + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet#value */ - readonly name: string; + readonly value: string; } /** - * Converts an object of type 'HttpRouteSpecRulesFiltersExtensionRef' to JSON representation. + * Converts an object of type 'HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesFiltersExtensionRef(obj: HttpRouteSpecRulesFiltersExtensionRef | undefined): Record | undefined { +export function toJson_HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet(obj: HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'group': obj.group, - 'kind': obj.kind, 'name': obj.name, + 'value': obj.value, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -9061,102 +13270,121 @@ export function toJson_HttpRouteSpecRulesFiltersExtensionRef(obj: HttpRouteSpecR /* eslint-enable max-len, quote-props */ /** - * RequestHeaderModifier defines a schema for a filter that modifies request - * headers. + * BackendRef references a resource where mirrored requests are sent. * * - * Support: Core + * Mirrored requests must be sent only to a single destination endpoint + * within this BackendRef, irrespective of how many endpoints are present + * within this BackendRef. * - * @schema HttpRouteSpecRulesFiltersRequestHeaderModifier + * + * If the referent cannot be found, this BackendRef is invalid and must be + * dropped from the Gateway. The controller must ensure the "ResolvedRefs" + * condition on the Route status is set to `status: False` and not configure + * this backend in the underlying implementation. + * + * + * If there is a cross-namespace reference to an *existing* object + * that is not allowed by a ReferenceGrant, the controller must ensure the + * "ResolvedRefs" condition on the Route is set to `status: False`, + * with the "RefNotPermitted" reason and not configure this backend in the + * underlying implementation. + * + * + * In either error case, the Message of the `ResolvedRefs` Condition + * should be used to provide more detail about the problem. + * + * + * Support: Extended for Kubernetes Service + * + * + * Support: Implementation-specific for any other resource + * + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef */ -export interface HttpRouteSpecRulesFiltersRequestHeaderModifier { +export interface HttpRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef { /** - * Add adds the given header(s) (name, value) to the request - * before the action. It appends to any existing values associated - * with the header name. - * - * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo - * - * - * Config: - * add: - * - name: "my-header" - * value: "bar,baz" - * - * - * Output: - * GET /foo HTTP/1.1 - * my-header: foo,bar,baz + * Group is the group of the referent. For example, "gateway.networking.k8s.io". + * When unspecified or empty string, core API group is inferred. * - * @schema HttpRouteSpecRulesFiltersRequestHeaderModifier#add + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef#group */ - readonly add?: HttpRouteSpecRulesFiltersRequestHeaderModifierAdd[]; + readonly group?: string; /** - * Remove the given header(s) from the HTTP request before the action. The - * value of Remove is a list of HTTP header names. Note that the header - * names are case-insensitive (see - * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + * Kind is the Kubernetes resource kind of the referent. For example + * "Service". * * - * Input: - * GET /foo HTTP/1.1 - * my-header1: foo - * my-header2: bar - * my-header3: baz + * Defaults to "Service" when not specified. * * - * Config: - * remove: ["my-header1", "my-header3"] + * ExternalName services can refer to CNAME DNS records that may live + * outside of the cluster and as such are difficult to reason about in + * terms of conformance. They also may not be safe to forward to (see + * CVE-2021-25740 for more information). Implementations SHOULD NOT + * support ExternalName Services. * * - * Output: - * GET /foo HTTP/1.1 - * my-header2: bar + * Support: Core (Services with a type other than ExternalName) * - * @schema HttpRouteSpecRulesFiltersRequestHeaderModifier#remove + * + * Support: Implementation-specific (Services with type ExternalName) + * + * @default Service" when not specified. + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef#kind */ - readonly remove?: string[]; + readonly kind?: string; /** - * Set overwrites the request with the given header (name, value) - * before the action. + * Name is the name of the referent. * + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef#name + */ + readonly name: string; + + /** + * Namespace is the namespace of the backend. When unspecified, the local + * namespace is inferred. * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo * + * Note that when a namespace different than the local namespace is specified, + * a ReferenceGrant object is required in the referent namespace to allow that + * namespace's owner to accept the reference. See the ReferenceGrant + * documentation for details. * - * Config: - * set: - * - name: "my-header" - * value: "bar" * + * Support: Core * - * Output: - * GET /foo HTTP/1.1 - * my-header: bar + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef#namespace + */ + readonly namespace?: string; + + /** + * Port specifies the destination port number to use for this resource. + * Port is required when the referent is a Kubernetes Service. In this + * case, the port number is the service port number, not the target port. + * For other resources, destination port might be derived from the referent + * resource or this field. * - * @schema HttpRouteSpecRulesFiltersRequestHeaderModifier#set + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef#port */ - readonly set?: HttpRouteSpecRulesFiltersRequestHeaderModifierSet[]; + readonly port?: number; } /** - * Converts an object of type 'HttpRouteSpecRulesFiltersRequestHeaderModifier' to JSON representation. + * Converts an object of type 'HttpRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesFiltersRequestHeaderModifier(obj: HttpRouteSpecRulesFiltersRequestHeaderModifier | undefined): Record | undefined { +export function toJson_HttpRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef(obj: HttpRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'add': obj.add?.map(y => toJson_HttpRouteSpecRulesFiltersRequestHeaderModifierAdd(y)), - 'remove': obj.remove?.map(y => y), - 'set': obj.set?.map(y => toJson_HttpRouteSpecRulesFiltersRequestHeaderModifierSet(y)), + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + 'namespace': obj.namespace, + 'port': obj.port, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -9164,66 +13392,90 @@ export function toJson_HttpRouteSpecRulesFiltersRequestHeaderModifier(obj: HttpR /* eslint-enable max-len, quote-props */ /** - * RequestMirror defines a schema for a filter that mirrors requests. - * Requests are sent to the specified destination, but responses from - * that destination are ignored. - * - * - * This filter can be used multiple times within the same rule. Note that - * not all implementations will be able to support mirroring to multiple - * backends. + * Path defines parameters used to modify the path of the incoming request. + * The modified path is then used to construct the `Location` header. When + * empty, the request path is used as-is. * * * Support: Extended * - * @schema HttpRouteSpecRulesFiltersRequestMirror + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPath */ -export interface HttpRouteSpecRulesFiltersRequestMirror { +export interface HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPath { /** - * BackendRef references a resource where mirrored requests are sent. + * ReplaceFullPath specifies the value with which to replace the full path + * of a request during a rewrite or redirect. * + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPath#replaceFullPath + */ + readonly replaceFullPath?: string; + + /** + * ReplacePrefixMatch specifies the value with which to replace the prefix + * match of a request during a rewrite or redirect. For example, a request + * to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch + * of "/xyz" would be modified to "/xyz/bar". * - * Mirrored requests must be sent only to a single destination endpoint - * within this BackendRef, irrespective of how many endpoints are present - * within this BackendRef. * + * Note that this matches the behavior of the PathPrefix match type. This + * matches full path elements. A path element refers to the list of labels + * in the path split by the `/` separator. When specified, a trailing `/` is + * ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all + * match the prefix `/abc`, but the path `/abcd` would not. * - * If the referent cannot be found, this BackendRef is invalid and must be - * dropped from the Gateway. The controller must ensure the "ResolvedRefs" - * condition on the Route status is set to `status: False` and not configure - * this backend in the underlying implementation. * + * ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. + * Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in + * the implementation setting the Accepted Condition for the Route to `status: False`. * - * If there is a cross-namespace reference to an *existing* object - * that is not allowed by a ReferenceGrant, the controller must ensure the - * "ResolvedRefs" condition on the Route is set to `status: False`, - * with the "RefNotPermitted" reason and not configure this backend in the - * underlying implementation. * + * Request Path | Prefix Match | Replace Prefix | Modified Path + * -------------|--------------|----------------|---------- + * /foo/bar | /foo | /xyz | /xyz/bar + * /foo/bar | /foo | /xyz/ | /xyz/bar + * /foo/bar | /foo/ | /xyz | /xyz/bar + * /foo/bar | /foo/ | /xyz/ | /xyz/bar + * /foo | /foo | /xyz | /xyz + * /foo/ | /foo | /xyz | /xyz/ + * /foo/bar | /foo | | /bar + * /foo/ | /foo | | / + * /foo | /foo | | / + * /foo/ | /foo | / | / + * /foo | /foo | / | / * - * In either error case, the Message of the `ResolvedRefs` Condition - * should be used to provide more detail about the problem. + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPath#replacePrefixMatch + */ + readonly replacePrefixMatch?: string; + + /** + * Type defines the type of path modifier. Additional types may be + * added in a future release of the API. * * - * Support: Extended for Kubernetes Service + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. * * - * Support: Implementation-specific for any other resource + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. * - * @schema HttpRouteSpecRulesFiltersRequestMirror#backendRef + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPath#type */ - readonly backendRef: HttpRouteSpecRulesFiltersRequestMirrorBackendRef; + readonly type: HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPathType; } /** - * Converts an object of type 'HttpRouteSpecRulesFiltersRequestMirror' to JSON representation. + * Converts an object of type 'HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPath' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesFiltersRequestMirror(obj: HttpRouteSpecRulesFiltersRequestMirror | undefined): Record | undefined { +export function toJson_HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPath(obj: HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPath | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'backendRef': toJson_HttpRouteSpecRulesFiltersRequestMirrorBackendRef(obj.backendRef), + 'replaceFullPath': obj.replaceFullPath, + 'replacePrefixMatch': obj.replacePrefixMatch, + 'type': obj.type, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -9231,129 +13483,142 @@ export function toJson_HttpRouteSpecRulesFiltersRequestMirror(obj: HttpRouteSpec /* eslint-enable max-len, quote-props */ /** - * RequestRedirect defines a schema for a filter that responds to the - * request with an HTTP redirection. + * Scheme is the scheme to be used in the value of the `Location` header in + * the response. When empty, the scheme of the request is used. + * + * + * Scheme redirects can affect the port of the redirect, for more information, + * refer to the documentation for the port field of this filter. + * + * + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. + * + * + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. + * + * + * Support: Extended + * + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirectScheme + */ +export enum HttpRouteSpecRulesBackendRefsFiltersRequestRedirectScheme { + /** http */ + HTTP = "http", + /** https */ + HTTPS = "https", +} + +/** + * StatusCode is the HTTP status code to be used in response. + * + * + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. + * + * + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. * * * Support: Core * - * @schema HttpRouteSpecRulesFiltersRequestRedirect + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirectStatusCode */ -export interface HttpRouteSpecRulesFiltersRequestRedirect { - /** - * Hostname is the hostname to be used in the value of the `Location` - * header in the response. - * When empty, the hostname in the `Host` header of the request is used. - * - * - * Support: Core - * - * @schema HttpRouteSpecRulesFiltersRequestRedirect#hostname - */ - readonly hostname?: string; +export enum HttpRouteSpecRulesBackendRefsFiltersRequestRedirectStatusCode { + /** 301 */ + VALUE_301 = 301, + /** 302 */ + VALUE_302 = 302, +} +/** + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * + * @schema HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd + */ +export interface HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd { /** - * Path defines parameters used to modify the path of the incoming request. - * The modified path is then used to construct the `Location` header. When - * empty, the request path is used as-is. + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * * - * Support: Extended + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * - * @schema HttpRouteSpecRulesFiltersRequestRedirect#path + * @schema HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd#name */ - readonly path?: HttpRouteSpecRulesFiltersRequestRedirectPath; + readonly name: string; /** - * Port is the port to be used in the value of the `Location` - * header in the response. - * - * - * If no port is specified, the redirect port MUST be derived using the - * following rules: - * - * - * * If redirect scheme is not-empty, the redirect port MUST be the well-known - * port associated with the redirect scheme. Specifically "http" to port 80 - * and "https" to port 443. If the redirect scheme does not have a - * well-known port, the listener port of the Gateway SHOULD be used. - * * If redirect scheme is empty, the redirect port MUST be the Gateway - * Listener port. - * - * - * Implementations SHOULD NOT add the port number in the 'Location' - * header in the following cases: - * - * - * * A Location header that will use HTTP (whether that is determined via - * the Listener protocol or the Scheme field) _and_ use port 80. - * * A Location header that will use HTTPS (whether that is determined via - * the Listener protocol or the Scheme field) _and_ use port 443. - * - * - * Support: Extended + * Value is the value of HTTP Header to be matched. * - * @schema HttpRouteSpecRulesFiltersRequestRedirect#port + * @schema HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd#value */ - readonly port?: number; + readonly value: string; + +} + +/** + * Converts an object of type 'HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd(obj: HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ +/** + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * + * @schema HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet + */ +export interface HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet { /** - * Scheme is the scheme to be used in the value of the `Location` header in - * the response. When empty, the scheme of the request is used. - * - * - * Scheme redirects can affect the port of the redirect, for more information, - * refer to the documentation for the port field of this filter. - * - * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. - * - * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * * - * Support: Extended + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * - * @schema HttpRouteSpecRulesFiltersRequestRedirect#scheme + * @schema HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet#name */ - readonly scheme?: HttpRouteSpecRulesFiltersRequestRedirectScheme; + readonly name: string; /** - * StatusCode is the HTTP status code to be used in response. - * - * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. - * - * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. - * - * - * Support: Core + * Value is the value of HTTP Header to be matched. * - * @schema HttpRouteSpecRulesFiltersRequestRedirect#statusCode + * @schema HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet#value */ - readonly statusCode?: HttpRouteSpecRulesFiltersRequestRedirectStatusCode; + readonly value: string; } /** - * Converts an object of type 'HttpRouteSpecRulesFiltersRequestRedirect' to JSON representation. + * Converts an object of type 'HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesFiltersRequestRedirect(obj: HttpRouteSpecRulesFiltersRequestRedirect | undefined): Record | undefined { +export function toJson_HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet(obj: HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'hostname': obj.hostname, - 'path': toJson_HttpRouteSpecRulesFiltersRequestRedirectPath(obj.path), - 'port': obj.port, - 'scheme': obj.scheme, - 'statusCode': obj.statusCode, + 'name': obj.name, + 'value': obj.value, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -9361,102 +13626,88 @@ export function toJson_HttpRouteSpecRulesFiltersRequestRedirect(obj: HttpRouteSp /* eslint-enable max-len, quote-props */ /** - * ResponseHeaderModifier defines a schema for a filter that modifies response - * headers. + * Path defines a path rewrite. * * * Support: Extended * - * @schema HttpRouteSpecRulesFiltersResponseHeaderModifier + * @schema HttpRouteSpecRulesBackendRefsFiltersUrlRewritePath */ -export interface HttpRouteSpecRulesFiltersResponseHeaderModifier { +export interface HttpRouteSpecRulesBackendRefsFiltersUrlRewritePath { /** - * Add adds the given header(s) (name, value) to the request - * before the action. It appends to any existing values associated - * with the header name. - * - * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo - * - * - * Config: - * add: - * - name: "my-header" - * value: "bar,baz" - * - * - * Output: - * GET /foo HTTP/1.1 - * my-header: foo,bar,baz + * ReplaceFullPath specifies the value with which to replace the full path + * of a request during a rewrite or redirect. * - * @schema HttpRouteSpecRulesFiltersResponseHeaderModifier#add + * @schema HttpRouteSpecRulesBackendRefsFiltersUrlRewritePath#replaceFullPath */ - readonly add?: HttpRouteSpecRulesFiltersResponseHeaderModifierAdd[]; + readonly replaceFullPath?: string; /** - * Remove the given header(s) from the HTTP request before the action. The - * value of Remove is a list of HTTP header names. Note that the header - * names are case-insensitive (see - * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + * ReplacePrefixMatch specifies the value with which to replace the prefix + * match of a request during a rewrite or redirect. For example, a request + * to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch + * of "/xyz" would be modified to "/xyz/bar". * * - * Input: - * GET /foo HTTP/1.1 - * my-header1: foo - * my-header2: bar - * my-header3: baz + * Note that this matches the behavior of the PathPrefix match type. This + * matches full path elements. A path element refers to the list of labels + * in the path split by the `/` separator. When specified, a trailing `/` is + * ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all + * match the prefix `/abc`, but the path `/abcd` would not. * * - * Config: - * remove: ["my-header1", "my-header3"] + * ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. + * Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in + * the implementation setting the Accepted Condition for the Route to `status: False`. * * - * Output: - * GET /foo HTTP/1.1 - * my-header2: bar + * Request Path | Prefix Match | Replace Prefix | Modified Path + * -------------|--------------|----------------|---------- + * /foo/bar | /foo | /xyz | /xyz/bar + * /foo/bar | /foo | /xyz/ | /xyz/bar + * /foo/bar | /foo/ | /xyz | /xyz/bar + * /foo/bar | /foo/ | /xyz/ | /xyz/bar + * /foo | /foo | /xyz | /xyz + * /foo/ | /foo | /xyz | /xyz/ + * /foo/bar | /foo | | /bar + * /foo/ | /foo | | / + * /foo | /foo | | / + * /foo/ | /foo | / | / + * /foo | /foo | / | / * - * @schema HttpRouteSpecRulesFiltersResponseHeaderModifier#remove + * @schema HttpRouteSpecRulesBackendRefsFiltersUrlRewritePath#replacePrefixMatch */ - readonly remove?: string[]; + readonly replacePrefixMatch?: string; /** - * Set overwrites the request with the given header (name, value) - * before the action. - * - * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo + * Type defines the type of path modifier. Additional types may be + * added in a future release of the API. * * - * Config: - * set: - * - name: "my-header" - * value: "bar" + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. * * - * Output: - * GET /foo HTTP/1.1 - * my-header: bar + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. * - * @schema HttpRouteSpecRulesFiltersResponseHeaderModifier#set + * @schema HttpRouteSpecRulesBackendRefsFiltersUrlRewritePath#type */ - readonly set?: HttpRouteSpecRulesFiltersResponseHeaderModifierSet[]; + readonly type: HttpRouteSpecRulesBackendRefsFiltersUrlRewritePathType; } /** - * Converts an object of type 'HttpRouteSpecRulesFiltersResponseHeaderModifier' to JSON representation. + * Converts an object of type 'HttpRouteSpecRulesBackendRefsFiltersUrlRewritePath' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesFiltersResponseHeaderModifier(obj: HttpRouteSpecRulesFiltersResponseHeaderModifier | undefined): Record | undefined { +export function toJson_HttpRouteSpecRulesBackendRefsFiltersUrlRewritePath(obj: HttpRouteSpecRulesBackendRefsFiltersUrlRewritePath | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'add': obj.add?.map(y => toJson_HttpRouteSpecRulesFiltersResponseHeaderModifierAdd(y)), - 'remove': obj.remove?.map(y => y), - 'set': obj.set?.map(y => toJson_HttpRouteSpecRulesFiltersResponseHeaderModifierSet(y)), + 'replaceFullPath': obj.replaceFullPath, + 'replacePrefixMatch': obj.replacePrefixMatch, + 'type': obj.type, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -9464,36 +13715,52 @@ export function toJson_HttpRouteSpecRulesFiltersResponseHeaderModifier(obj: Http /* eslint-enable max-len, quote-props */ /** - * Type identifies the type of filter to apply. As with other API fields, - * types are classified into three conformance levels: + * Type defines the type of path modifier. Additional types may be + * added in a future release of the API. * * - * - Core: Filter types and their corresponding configuration defined by - * "Support: Core" in this package, e.g. "RequestHeaderModifier". All - * implementations must support core filters. + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. * * - * - Extended: Filter types and their corresponding configuration defined by - * "Support: Extended" in this package, e.g. "RequestMirror". Implementers - * are encouraged to support extended filters. + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. * + * @schema HttpRouteSpecRulesFiltersRequestRedirectPathType + */ +export enum HttpRouteSpecRulesFiltersRequestRedirectPathType { + /** ReplaceFullPath */ + REPLACE_FULL_PATH = "ReplaceFullPath", + /** ReplacePrefixMatch */ + REPLACE_PREFIX_MATCH = "ReplacePrefixMatch", +} + +/** + * Type defines the type of path modifier. Additional types may be + * added in a future release of the API. * - * - Implementation-specific: Filters that are defined and supported by - * specific vendors. - * In the future, filters showing convergence in behavior across multiple - * implementations will be considered for inclusion in extended or core - * conformance levels. Filter-specific configuration for such filters - * is specified using the ExtensionRef field. `Type` should be set to - * "ExtensionRef" for custom filters. * + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. * - * Implementers are encouraged to define custom implementation types to - * extend the core API with implementation-specific behavior. * + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. * - * If a reference to a custom filter type cannot be resolved, the filter - * MUST NOT be skipped. Instead, requests that would have been processed by - * that filter MUST receive a HTTP error response. + * @schema HttpRouteSpecRulesFiltersUrlRewritePathType + */ +export enum HttpRouteSpecRulesFiltersUrlRewritePathType { + /** ReplaceFullPath */ + REPLACE_FULL_PATH = "ReplaceFullPath", + /** ReplacePrefixMatch */ + REPLACE_PREFIX_MATCH = "ReplacePrefixMatch", +} + +/** + * Type defines the type of path modifier. Additional types may be + * added in a future release of the API. * * * Note that values may be added to this enum, implementations @@ -9504,212 +13771,127 @@ export function toJson_HttpRouteSpecRulesFiltersResponseHeaderModifier(obj: Http * Accepted Condition for the Route to `status: False`, with a * Reason of `UnsupportedValue`. * - * @schema HttpRouteSpecRulesFiltersType + * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPathType */ -export enum HttpRouteSpecRulesFiltersType { - /** RequestHeaderModifier */ - REQUEST_HEADER_MODIFIER = "RequestHeaderModifier", - /** ResponseHeaderModifier */ - RESPONSE_HEADER_MODIFIER = "ResponseHeaderModifier", - /** RequestMirror */ - REQUEST_MIRROR = "RequestMirror", - /** RequestRedirect */ - REQUEST_REDIRECT = "RequestRedirect", - /** URLRewrite */ - URL_REWRITE = "URLRewrite", - /** ExtensionRef */ - EXTENSION_REF = "ExtensionRef", +export enum HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPathType { + /** ReplaceFullPath */ + REPLACE_FULL_PATH = "ReplaceFullPath", + /** ReplacePrefixMatch */ + REPLACE_PREFIX_MATCH = "ReplacePrefixMatch", } /** - * URLRewrite defines a schema for a filter that modifies a request during forwarding. + * Type defines the type of path modifier. Additional types may be + * added in a future release of the API. * * - * Support: Extended + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. * - * @schema HttpRouteSpecRulesFiltersUrlRewrite + * + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. + * + * @schema HttpRouteSpecRulesBackendRefsFiltersUrlRewritePathType */ -export interface HttpRouteSpecRulesFiltersUrlRewrite { - /** - * Hostname is the value to be used to replace the Host header value during - * forwarding. - * - * - * Support: Extended - * - * @schema HttpRouteSpecRulesFiltersUrlRewrite#hostname - */ - readonly hostname?: string; - - /** - * Path defines a path rewrite. - * - * - * Support: Extended - * - * @schema HttpRouteSpecRulesFiltersUrlRewrite#path - */ - readonly path?: HttpRouteSpecRulesFiltersUrlRewritePath; - +export enum HttpRouteSpecRulesBackendRefsFiltersUrlRewritePathType { + /** ReplaceFullPath */ + REPLACE_FULL_PATH = "ReplaceFullPath", + /** ReplacePrefixMatch */ + REPLACE_PREFIX_MATCH = "ReplacePrefixMatch", } -/** - * Converts an object of type 'HttpRouteSpecRulesFiltersUrlRewrite' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesFiltersUrlRewrite(obj: HttpRouteSpecRulesFiltersUrlRewrite | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'hostname': obj.hostname, - 'path': toJson_HttpRouteSpecRulesFiltersUrlRewritePath(obj.path), - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ /** - * HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request - * headers. + * HTTPRoute provides a way to route HTTP requests. This includes the capability +to match requests by hostname, path, header, or query param. Filters can be +used to specify additional processing steps. Backends specify where matching +requests should be routed. * - * @schema HttpRouteSpecRulesMatchesHeaders + * @schema HTTPRouteV1Beta1 */ -export interface HttpRouteSpecRulesMatchesHeaders { +export class HttpRouteV1Beta1 extends ApiObject { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). - * - * - * If multiple entries specify equivalent header names, only the first - * entry with an equivalent name MUST be considered for a match. Subsequent - * entries with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. - * - * - * When a header is repeated in an HTTP request, it is - * implementation-specific behavior as to how this is represented. - * Generally, proxies should follow the guidance from the RFC: - * https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding - * processing a repeated header, with special handling for "Set-Cookie". - * - * @schema HttpRouteSpecRulesMatchesHeaders#name + * Returns the apiVersion and kind for "HTTPRouteV1Beta1" */ - readonly name: string; + public static readonly GVK: GroupVersionKind = { + apiVersion: 'gateway.networking.k8s.io/v1beta1', + kind: 'HTTPRoute', + } /** - * Type specifies how to match against the value of the header. - * - * - * Support: Core (Exact) - * - * - * Support: Implementation-specific (RegularExpression) - * + * Renders a Kubernetes manifest for "HTTPRouteV1Beta1". * - * Since RegularExpression HeaderMatchType has implementation-specific - * conformance, implementations can support POSIX, PCRE or any other dialects - * of regular expressions. Please read the implementation's documentation to - * determine the supported dialect. + * This can be used to inline resource manifests inside other objects (e.g. as templates). * - * @schema HttpRouteSpecRulesMatchesHeaders#type + * @param props initialization props */ - readonly type?: HttpRouteSpecRulesMatchesHeadersType; + public static manifest(props: HttpRouteV1Beta1Props): any { + return { + ...HttpRouteV1Beta1.GVK, + ...toJson_HttpRouteV1Beta1Props(props), + }; + } /** - * Value is the value of HTTP Header to be matched. - * - * @schema HttpRouteSpecRulesMatchesHeaders#value + * Defines a "HTTPRouteV1Beta1" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props */ - readonly value: string; - -} + public constructor(scope: Construct, id: string, props: HttpRouteV1Beta1Props) { + super(scope, id, { + ...HttpRouteV1Beta1.GVK, + ...props, + }); + } -/** - * Converts an object of type 'HttpRouteSpecRulesMatchesHeaders' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesMatchesHeaders(obj: HttpRouteSpecRulesMatchesHeaders | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'name': obj.name, - 'type': obj.type, - 'value': obj.value, - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ + /** + * Renders the object to Kubernetes JSON. + */ + public toJson(): any { + const resolved = super.toJson(); -/** - * Method specifies HTTP method matcher. - * When specified, this route will be matched only if the request has the - * specified method. - * - * - * Support: Extended - * - * @schema HttpRouteSpecRulesMatchesMethod - */ -export enum HttpRouteSpecRulesMatchesMethod { - /** GET */ - GET = "GET", - /** HEAD */ - HEAD = "HEAD", - /** POST */ - POST = "POST", - /** PUT */ - PUT = "PUT", - /** DELETE */ - DELETE = "DELETE", - /** CONNECT */ - CONNECT = "CONNECT", - /** OPTIONS */ - OPTIONS = "OPTIONS", - /** TRACE */ - TRACE = "TRACE", - /** PATCH */ - PATCH = "PATCH", + return { + ...HttpRouteV1Beta1.GVK, + ...toJson_HttpRouteV1Beta1Props(resolved), + }; + } } /** - * Path specifies a HTTP request path matcher. If this field is not - * specified, a default prefix match on the "/" path is provided. + * HTTPRoute provides a way to route HTTP requests. This includes the capability + * to match requests by hostname, path, header, or query param. Filters can be + * used to specify additional processing steps. Backends specify where matching + * requests should be routed. * - * @schema HttpRouteSpecRulesMatchesPath + * @schema HTTPRouteV1Beta1 */ -export interface HttpRouteSpecRulesMatchesPath { +export interface HttpRouteV1Beta1Props { /** - * Type specifies how to match against the path Value. - * - * - * Support: Core (Exact, PathPrefix) - * - * - * Support: Implementation-specific (RegularExpression) - * - * @schema HttpRouteSpecRulesMatchesPath#type + * @schema HTTPRouteV1Beta1#metadata */ - readonly type?: HttpRouteSpecRulesMatchesPathType; + readonly metadata?: ApiObjectMetadata; /** - * Value of the HTTP path to match against. + * Spec defines the desired state of HTTPRoute. * - * @schema HttpRouteSpecRulesMatchesPath#value + * @schema HTTPRouteV1Beta1#spec */ - readonly value?: string; + readonly spec: HttpRouteV1Beta1Spec; } /** - * Converts an object of type 'HttpRouteSpecRulesMatchesPath' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1Props' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesMatchesPath(obj: HttpRouteSpecRulesMatchesPath | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1Props(obj: HttpRouteV1Beta1Props | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'type': obj.type, - 'value': obj.value, + 'metadata': obj.metadata, + 'spec': toJson_HttpRouteV1Beta1Spec(obj.spec), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -9717,76 +13899,185 @@ export function toJson_HttpRouteSpecRulesMatchesPath(obj: HttpRouteSpecRulesMatc /* eslint-enable max-len, quote-props */ /** - * HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP - * query parameters. + * Spec defines the desired state of HTTPRoute. * - * @schema HttpRouteSpecRulesMatchesQueryParams + * @schema HttpRouteV1Beta1Spec */ -export interface HttpRouteSpecRulesMatchesQueryParams { +export interface HttpRouteV1Beta1Spec { /** - * Name is the name of the HTTP query param to be matched. This must be an - * exact string match. (See - * https://tools.ietf.org/html/rfc7230#section-2.7.3). + * Hostnames defines a set of hostnames that should match against the HTTP Host + * header to select a HTTPRoute used to process the request. Implementations + * MUST ignore any port value specified in the HTTP Host header while + * performing a match and (absent of any applicable header modification + * configuration) MUST forward this header unmodified to the backend. * * - * If multiple entries specify equivalent query param names, only the first - * entry with an equivalent name MUST be considered for a match. Subsequent - * entries with an equivalent query param name MUST be ignored. + * Valid values for Hostnames are determined by RFC 1123 definition of a + * hostname with 2 notable exceptions: * * - * If a query param is repeated in an HTTP request, the behavior is - * purposely left undefined, since different data planes have different - * capabilities. However, it is *recommended* that implementations should - * match against the first value of the param if the data plane supports it, - * as this behavior is expected in other load balancing contexts outside of - * the Gateway API. + * 1. IPs are not allowed. + * 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard + * label must appear by itself as the first label. * * - * Users SHOULD NOT route traffic based on repeated query params to guard - * themselves against potential differences in the implementations. + * If a hostname is specified by both the Listener and HTTPRoute, there + * must be at least one intersecting hostname for the HTTPRoute to be + * attached to the Listener. For example: + * + * + * * A Listener with `test.example.com` as the hostname matches HTTPRoutes + * that have either not specified any hostnames, or have specified at + * least one of `test.example.com` or `*.example.com`. + * * A Listener with `*.example.com` as the hostname matches HTTPRoutes + * that have either not specified any hostnames or have specified at least + * one hostname that matches the Listener hostname. For example, + * `*.example.com`, `test.example.com`, and `foo.test.example.com` would + * all match. On the other hand, `example.com` and `test.example.net` would + * not match. + * + * + * Hostnames that are prefixed with a wildcard label (`*.`) are interpreted + * as a suffix match. That means that a match for `*.example.com` would match + * both `test.example.com`, and `foo.test.example.com`, but not `example.com`. + * + * + * If both the Listener and HTTPRoute have specified hostnames, any + * HTTPRoute hostnames that do not match the Listener hostname MUST be + * ignored. For example, if a Listener specified `*.example.com`, and the + * HTTPRoute specified `test.example.com` and `test.example.net`, + * `test.example.net` must not be considered for a match. + * + * + * If both the Listener and HTTPRoute have specified hostnames, and none + * match with the criteria above, then the HTTPRoute is not accepted. The + * implementation must raise an 'Accepted' Condition with a status of + * `False` in the corresponding RouteParentStatus. + * + * + * In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. + * overlapping wildcard matching and exact matching hostnames), precedence must + * be given to rules from the HTTPRoute with the largest number of: + * + * + * * Characters in a matching non-wildcard hostname. + * * Characters in a matching hostname. + * + * + * If ties exist across multiple Routes, the matching precedence rules for + * HTTPRouteMatches takes over. + * + * + * Support: Core + * + * @schema HttpRouteV1Beta1Spec#hostnames + */ + readonly hostnames?: string[]; + + /** + * ParentRefs references the resources (usually Gateways) that a Route wants + * to be attached to. Note that the referenced parent resource needs to + * allow this for the attachment to be complete. For Gateways, that means + * the Gateway needs to allow attachment from Routes of this kind and + * namespace. For Services, that means the Service must either be in the same + * namespace for a "producer" route, or the mesh implementation must support + * and allow "consumer" routes for the referenced Service. ReferenceGrant is + * not applicable for governing ParentRefs to Services - it is not possible to + * create a "producer" route for a Service in a different namespace from the + * Route. + * + * + * There are two kinds of parent resources with "Core" support: + * + * + * * Gateway (Gateway conformance profile) + * * Service (Mesh conformance profile, ClusterIP Services only) + * + * + * This API may be extended in the future to support additional kinds of parent + * resources. + * + * + * ParentRefs must be _distinct_. This means either that: + * + * + * * They select different objects. If this is the case, then parentRef + * entries are distinct. In terms of fields, this means that the + * multi-part key defined by `group`, `kind`, `namespace`, and `name` must + * be unique across all parentRef entries in the Route. + * * They do not select different objects, but for each optional field used, + * each ParentRef that selects the same object must set the same set of + * optional fields to different values. If one ParentRef sets a + * combination of optional fields, all must set the same combination. + * + * + * Some examples: + * + * + * * If one ParentRef sets `sectionName`, all ParentRefs referencing the + * same object must also set `sectionName`. + * * If one ParentRef sets `port`, all ParentRefs referencing the same + * object must also set `port`. + * * If one ParentRef sets `sectionName` and `port`, all ParentRefs + * referencing the same object must also set `sectionName` and `port`. + * + * + * It is possible to separately reference multiple distinct objects that may + * be collapsed by an implementation. For example, some implementations may + * choose to merge compatible Gateway Listeners together. If that is the + * case, the list of routes attached to those resources should also be + * merged. + * + * + * Note that for ParentRefs that cross namespace boundaries, there are specific + * rules. Cross-namespace references are only valid if they are explicitly + * allowed by something in the namespace they are referring to. For example, + * Gateway has the AllowedRoutes field, and ReferenceGrant provides a + * generic way to enable other kinds of cross-namespace reference. + * + * + * + * ParentRefs from a Route to a Service in the same namespace are "producer" + * routes, which apply default routing rules to inbound connections from + * any namespace to the Service. + * * - * @schema HttpRouteSpecRulesMatchesQueryParams#name - */ - readonly name: string; - - /** - * Type specifies how to match against the value of the query parameter. + * ParentRefs from a Route to a Service in a different namespace are + * "consumer" routes, and these routing rules are only applied to outbound + * connections originating from the same namespace as the Route, for which + * the intended destination of the connections are a Service targeted as a + * ParentRef of the Route. * * - * Support: Extended (Exact) * * - * Support: Implementation-specific (RegularExpression) * * - * Since RegularExpression QueryParamMatchType has Implementation-specific - * conformance, implementations can support POSIX, PCRE or any other - * dialects of regular expressions. Please read the implementation's - * documentation to determine the supported dialect. * - * @schema HttpRouteSpecRulesMatchesQueryParams#type + * + * @schema HttpRouteV1Beta1Spec#parentRefs */ - readonly type?: HttpRouteSpecRulesMatchesQueryParamsType; + readonly parentRefs?: HttpRouteV1Beta1SpecParentRefs[]; /** - * Value is the value of HTTP query param to be matched. + * Rules are a list of HTTP matchers, filters and actions. * - * @schema HttpRouteSpecRulesMatchesQueryParams#value + * @schema HttpRouteV1Beta1Spec#rules */ - readonly value: string; + readonly rules?: HttpRouteV1Beta1SpecRules[]; } /** - * Converts an object of type 'HttpRouteSpecRulesMatchesQueryParams' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1Spec' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesMatchesQueryParams(obj: HttpRouteSpecRulesMatchesQueryParams | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1Spec(obj: HttpRouteV1Beta1Spec | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'name': obj.name, - 'type': obj.type, - 'value': obj.value, + 'hostnames': obj.hostnames?.map(y => y), + 'parentRefs': obj.parentRefs?.map(y => toJson_HttpRouteV1Beta1SpecParentRefs(y)), + 'rules': obj.rules?.map(y => toJson_HttpRouteV1Beta1SpecRules(y)), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -9794,224 +14085,187 @@ export function toJson_HttpRouteSpecRulesMatchesQueryParams(obj: HttpRouteSpecRu /* eslint-enable max-len, quote-props */ /** - * ExtensionRef is an optional, implementation-specific extension to the - * "filter" behavior. For example, resource "myroutefilter" in group - * "networking.example.net"). ExtensionRef MUST NOT be used for core and - * extended filters. + * ParentReference identifies an API object (usually a Gateway) that can be considered + * a parent of this resource (usually a route). There are two kinds of parent resources + * with "Core" support: * * - * This filter can be used multiple times within the same rule. + * * Gateway (Gateway conformance profile) + * * Service (Mesh conformance profile, ClusterIP Services only) * * - * Support: Implementation-specific + * This API may be extended in the future to support additional kinds of parent + * resources. * - * @schema HttpRouteSpecRulesBackendRefsFiltersExtensionRef + * + * The API object must be valid in the cluster; the Group and Kind must + * be registered in the cluster for this reference to be valid. + * + * @schema HttpRouteV1Beta1SpecParentRefs */ -export interface HttpRouteSpecRulesBackendRefsFiltersExtensionRef { +export interface HttpRouteV1Beta1SpecParentRefs { /** - * Group is the group of the referent. For example, "gateway.networking.k8s.io". - * When unspecified or empty string, core API group is inferred. + * Group is the group of the referent. + * When unspecified, "gateway.networking.k8s.io" is inferred. + * To set the core API group (such as for a "Service" kind referent), + * Group must be explicitly set to "" (empty string). * - * @schema HttpRouteSpecRulesBackendRefsFiltersExtensionRef#group + * + * Support: Core + * + * @schema HttpRouteV1Beta1SpecParentRefs#group */ - readonly group: string; + readonly group?: string; /** - * Kind is kind of the referent. For example "HTTPRoute" or "Service". + * Kind is kind of the referent. * - * @schema HttpRouteSpecRulesBackendRefsFiltersExtensionRef#kind + * + * There are two kinds of parent resources with "Core" support: + * + * + * * Gateway (Gateway conformance profile) + * * Service (Mesh conformance profile, ClusterIP Services only) + * + * + * Support for other resources is Implementation-Specific. + * + * @schema HttpRouteV1Beta1SpecParentRefs#kind */ - readonly kind: string; + readonly kind?: string; /** * Name is the name of the referent. * - * @schema HttpRouteSpecRulesBackendRefsFiltersExtensionRef#name + * + * Support: Core + * + * @schema HttpRouteV1Beta1SpecParentRefs#name */ readonly name: string; -} - -/** - * Converts an object of type 'HttpRouteSpecRulesBackendRefsFiltersExtensionRef' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesBackendRefsFiltersExtensionRef(obj: HttpRouteSpecRulesBackendRefsFiltersExtensionRef | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'group': obj.group, - 'kind': obj.kind, - 'name': obj.name, - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ - -/** - * RequestHeaderModifier defines a schema for a filter that modifies request - * headers. - * - * - * Support: Core - * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifier - */ -export interface HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifier { /** - * Add adds the given header(s) (name, value) to the request - * before the action. It appends to any existing values associated - * with the header name. + * Namespace is the namespace of the referent. When unspecified, this refers + * to the local namespace of the Route. * * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo + * Note that there are specific rules for ParentRefs which cross namespace + * boundaries. Cross-namespace references are only valid if they are explicitly + * allowed by something in the namespace they are referring to. For example: + * Gateway has the AllowedRoutes field, and ReferenceGrant provides a + * generic way to enable any other kind of cross-namespace reference. * * - * Config: - * add: - * - name: "my-header" - * value: "bar,baz" * + * ParentRefs from a Route to a Service in the same namespace are "producer" + * routes, which apply default routing rules to inbound connections from + * any namespace to the Service. * - * Output: - * GET /foo HTTP/1.1 - * my-header: foo,bar,baz * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifier#add + * ParentRefs from a Route to a Service in a different namespace are + * "consumer" routes, and these routing rules are only applied to outbound + * connections originating from the same namespace as the Route, for which + * the intended destination of the connections are a Service targeted as a + * ParentRef of the Route. + * + * + * + * Support: Core + * + * @schema HttpRouteV1Beta1SpecParentRefs#namespace */ - readonly add?: HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd[]; + readonly namespace?: string; /** - * Remove the given header(s) from the HTTP request before the action. The - * value of Remove is a list of HTTP header names. Note that the header - * names are case-insensitive (see - * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). - * + * Port is the network port this Route targets. It can be interpreted + * differently based on the type of parent resource. * - * Input: - * GET /foo HTTP/1.1 - * my-header1: foo - * my-header2: bar - * my-header3: baz * + * When the parent resource is a Gateway, this targets all listeners + * listening on the specified port that also support this kind of Route(and + * select this Route). It's not recommended to set `Port` unless the + * networking behaviors specified in a Route must apply to a specific port + * as opposed to a listener(s) whose port(s) may be changed. When both Port + * and SectionName are specified, the name and port of the selected listener + * must match both specified values. * - * Config: - * remove: ["my-header1", "my-header3"] * * - * Output: - * GET /foo HTTP/1.1 - * my-header2: bar + * When the parent resource is a Service, this targets a specific port in the + * Service spec. When both Port (experimental) and SectionName are specified, + * the name and port of the selected port must match both specified values. * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifier#remove - */ - readonly remove?: string[]; - - /** - * Set overwrites the request with the given header (name, value) - * before the action. * * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo + * Implementations MAY choose to support other parent resources. + * Implementations supporting other types of parent resources MUST clearly + * document how/if Port is interpreted. * * - * Config: - * set: - * - name: "my-header" - * value: "bar" + * For the purpose of status, an attachment is considered successful as + * long as the parent resource accepts it partially. For example, Gateway + * listeners can restrict which Routes can attach to them by Route kind, + * namespace, or hostname. If 1 of 2 Gateway listeners accept attachment + * from the referencing Route, the Route MUST be considered successfully + * attached. If no Gateway listeners accept attachment from this Route, + * the Route MUST be considered detached from the Gateway. * * - * Output: - * GET /foo HTTP/1.1 - * my-header: bar + * Support: Extended * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifier#set + * @schema HttpRouteV1Beta1SpecParentRefs#port */ - readonly set?: HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet[]; - -} - -/** - * Converts an object of type 'HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifier' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifier(obj: HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifier | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'add': obj.add?.map(y => toJson_HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd(y)), - 'remove': obj.remove?.map(y => y), - 'set': obj.set?.map(y => toJson_HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet(y)), - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ + readonly port?: number; -/** - * RequestMirror defines a schema for a filter that mirrors requests. - * Requests are sent to the specified destination, but responses from - * that destination are ignored. - * - * - * This filter can be used multiple times within the same rule. Note that - * not all implementations will be able to support mirroring to multiple - * backends. - * - * - * Support: Extended - * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestMirror - */ -export interface HttpRouteSpecRulesBackendRefsFiltersRequestMirror { /** - * BackendRef references a resource where mirrored requests are sent. - * - * - * Mirrored requests must be sent only to a single destination endpoint - * within this BackendRef, irrespective of how many endpoints are present - * within this BackendRef. - * - * - * If the referent cannot be found, this BackendRef is invalid and must be - * dropped from the Gateway. The controller must ensure the "ResolvedRefs" - * condition on the Route status is set to `status: False` and not configure - * this backend in the underlying implementation. + * SectionName is the name of a section within the target resource. In the + * following resources, SectionName is interpreted as the following: * * - * If there is a cross-namespace reference to an *existing* object - * that is not allowed by a ReferenceGrant, the controller must ensure the - * "ResolvedRefs" condition on the Route is set to `status: False`, - * with the "RefNotPermitted" reason and not configure this backend in the - * underlying implementation. + * * Gateway: Listener name. When both Port (experimental) and SectionName + * are specified, the name and port of the selected listener must match + * both specified values. + * * Service: Port name. When both Port (experimental) and SectionName + * are specified, the name and port of the selected listener must match + * both specified values. * * - * In either error case, the Message of the `ResolvedRefs` Condition - * should be used to provide more detail about the problem. + * Implementations MAY choose to support attaching Routes to other resources. + * If that is the case, they MUST clearly document how SectionName is + * interpreted. * * - * Support: Extended for Kubernetes Service + * When unspecified (empty string), this will reference the entire resource. + * For the purpose of status, an attachment is considered successful if at + * least one section in the parent resource accepts it. For example, Gateway + * listeners can restrict which Routes can attach to them by Route kind, + * namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from + * the referencing Route, the Route MUST be considered successfully + * attached. If no Gateway listeners accept attachment from this Route, the + * Route MUST be considered detached from the Gateway. * * - * Support: Implementation-specific for any other resource + * Support: Core * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestMirror#backendRef + * @schema HttpRouteV1Beta1SpecParentRefs#sectionName */ - readonly backendRef: HttpRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef; + readonly sectionName?: string; } /** - * Converts an object of type 'HttpRouteSpecRulesBackendRefsFiltersRequestMirror' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecParentRefs' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesBackendRefsFiltersRequestMirror(obj: HttpRouteSpecRulesBackendRefsFiltersRequestMirror | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecParentRefs(obj: HttpRouteV1Beta1SpecParentRefs | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'backendRef': toJson_HttpRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef(obj.backendRef), + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + 'namespace': obj.namespace, + 'port': obj.port, + 'sectionName': obj.sectionName, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -10019,427 +14273,224 @@ export function toJson_HttpRouteSpecRulesBackendRefsFiltersRequestMirror(obj: Ht /* eslint-enable max-len, quote-props */ /** - * RequestRedirect defines a schema for a filter that responds to the - * request with an HTTP redirection. - * - * - * Support: Core + * HTTPRouteRule defines semantics for matching an HTTP request based on + * conditions (matches), processing it (filters), and forwarding the request to + * an API object (backendRefs). * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirect + * @schema HttpRouteV1Beta1SpecRules */ -export interface HttpRouteSpecRulesBackendRefsFiltersRequestRedirect { +export interface HttpRouteV1Beta1SpecRules { /** - * Hostname is the hostname to be used in the value of the `Location` - * header in the response. - * When empty, the hostname in the `Host` header of the request is used. + * BackendRefs defines the backend(s) where matching requests should be + * sent. * * - * Support: Core + * Failure behavior here depends on how many BackendRefs are specified and + * how many are invalid. * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirect#hostname - */ - readonly hostname?: string; - - /** - * Path defines parameters used to modify the path of the incoming request. - * The modified path is then used to construct the `Location` header. When - * empty, the request path is used as-is. + * + * If *all* entries in BackendRefs are invalid, and there are also no filters + * specified in this route rule, *all* traffic which matches this rule MUST + * receive a 500 status code. * * - * Support: Extended + * See the HTTPBackendRef definition for the rules about what makes a single + * HTTPBackendRef invalid. * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirect#path - */ - readonly path?: HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPath; - - /** - * Port is the port to be used in the value of the `Location` - * header in the response. * + * When a HTTPBackendRef is invalid, 500 status codes MUST be returned for + * requests that would have otherwise been routed to an invalid backend. If + * multiple backends are specified, and some are invalid, the proportion of + * requests that would otherwise have been routed to an invalid backend + * MUST receive a 500 status code. * - * If no port is specified, the redirect port MUST be derived using the - * following rules: * + * For example, if two backends are specified with equal weights, and one is + * invalid, 50 percent of traffic must receive a 500. Implementations may + * choose how that 50 percent is determined. * - * * If redirect scheme is not-empty, the redirect port MUST be the well-known - * port associated with the redirect scheme. Specifically "http" to port 80 - * and "https" to port 443. If the redirect scheme does not have a - * well-known port, the listener port of the Gateway SHOULD be used. - * * If redirect scheme is empty, the redirect port MUST be the Gateway - * Listener port. * + * Support: Core for Kubernetes Service * - * Implementations SHOULD NOT add the port number in the 'Location' - * header in the following cases: * + * Support: Extended for Kubernetes ServiceImport * - * * A Location header that will use HTTP (whether that is determined via - * the Listener protocol or the Scheme field) _and_ use port 80. - * * A Location header that will use HTTPS (whether that is determined via - * the Listener protocol or the Scheme field) _and_ use port 443. * + * Support: Implementation-specific for any other resource * - * Support: Extended * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirect#port + * Support for weight: Core + * + * @schema HttpRouteV1Beta1SpecRules#backendRefs */ - readonly port?: number; + readonly backendRefs?: HttpRouteV1Beta1SpecRulesBackendRefs[]; /** - * Scheme is the scheme to be used in the value of the `Location` header in - * the response. When empty, the scheme of the request is used. + * Filters define the filters that are applied to requests that match + * this rule. * * - * Scheme redirects can affect the port of the redirect, for more information, - * refer to the documentation for the port field of this filter. + * Wherever possible, implementations SHOULD implement filters in the order + * they are specified. * * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. + * Implementations MAY choose to implement this ordering strictly, rejecting + * any combination or order of filters that can not be supported. If implementations + * choose a strict interpretation of filter ordering, they MUST clearly document + * that behavior. * * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. + * To reject an invalid combination or order of filters, implementations SHOULD + * consider the Route Rules with this configuration invalid. If all Route Rules + * in a Route are invalid, the entire Route would be considered invalid. If only + * a portion of Route Rules are invalid, implementations MUST set the + * "PartiallyInvalid" condition for the Route. * * - * Support: Extended + * Conformance-levels at this level are defined based on the type of filter: * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirect#scheme - */ - readonly scheme?: HttpRouteSpecRulesBackendRefsFiltersRequestRedirectScheme; - - /** - * StatusCode is the HTTP status code to be used in response. * + * - ALL core filters MUST be supported by all implementations. + * - Implementers are encouraged to support extended filters. + * - Implementation-specific custom filters have no API guarantees across + * implementations. * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. * + * Specifying the same filter multiple times is not supported unless explicitly + * indicated in the filter. * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. + * + * All filters are expected to be compatible with each other except for the + * URLRewrite and RequestRedirect filters, which may not be combined. If an + * implementation can not support other combinations of filters, they must clearly + * document that limitation. In cases where incompatible or unsupported + * filters are specified and cause the `Accepted` condition to be set to status + * `False`, implementations may use the `IncompatibleFilters` reason to specify + * this configuration error. * * * Support: Core * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirect#statusCode + * @schema HttpRouteV1Beta1SpecRules#filters */ - readonly statusCode?: HttpRouteSpecRulesBackendRefsFiltersRequestRedirectStatusCode; - -} - -/** - * Converts an object of type 'HttpRouteSpecRulesBackendRefsFiltersRequestRedirect' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesBackendRefsFiltersRequestRedirect(obj: HttpRouteSpecRulesBackendRefsFiltersRequestRedirect | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'hostname': obj.hostname, - 'path': toJson_HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPath(obj.path), - 'port': obj.port, - 'scheme': obj.scheme, - 'statusCode': obj.statusCode, - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ + readonly filters?: HttpRouteV1Beta1SpecRulesFilters[]; -/** - * ResponseHeaderModifier defines a schema for a filter that modifies response - * headers. - * - * - * Support: Extended - * - * @schema HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifier - */ -export interface HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifier { /** - * Add adds the given header(s) (name, value) to the request - * before the action. It appends to any existing values associated - * with the header name. + * Matches define conditions used for matching the rule against incoming + * HTTP requests. Each match is independent, i.e. this rule will be matched + * if **any** one of the matches is satisfied. * * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo + * For example, take the following matches configuration: * * - * Config: - * add: - * - name: "my-header" - * value: "bar,baz" + * ``` + * matches: + * - path: + * value: "/foo" + * headers: + * - name: "version" + * value: "v2" + * - path: + * value: "/v2/foo" + * ``` * * - * Output: - * GET /foo HTTP/1.1 - * my-header: foo,bar,baz + * For a request to match against this rule, a request must satisfy + * EITHER of the two conditions: * - * @schema HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifier#add - */ - readonly add?: HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd[]; - - /** - * Remove the given header(s) from the HTTP request before the action. The - * value of Remove is a list of HTTP header names. Note that the header - * names are case-insensitive (see - * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). * + * - path prefixed with `/foo` AND contains the header `version: v2` + * - path prefix of `/v2/foo` * - * Input: - * GET /foo HTTP/1.1 - * my-header1: foo - * my-header2: bar - * my-header3: baz * + * See the documentation for HTTPRouteMatch on how to specify multiple + * match conditions that should be ANDed together. * - * Config: - * remove: ["my-header1", "my-header3"] + * + * If no matches are specified, the default is a prefix + * path match on "/", which has the effect of matching every + * HTTP request. * * - * Output: - * GET /foo HTTP/1.1 - * my-header2: bar + * Proxy or Load Balancer routing configuration generated from HTTPRoutes + * MUST prioritize matches based on the following criteria, continuing on + * ties. Across all rules specified on applicable Routes, precedence must be + * given to the match having: + * + * + * * "Exact" path match. + * * "Prefix" path match with largest number of characters. + * * Method match. + * * Largest number of header matches. + * * Largest number of query param matches. * - * @schema HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifier#remove - */ - readonly remove?: string[]; - - /** - * Set overwrites the request with the given header (name, value) - * before the action. * + * Note: The precedence of RegularExpression path matches are implementation-specific. * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo * + * If ties still exist across multiple Routes, matching precedence MUST be + * determined in order of the following criteria, continuing on ties: * - * Config: - * set: - * - name: "my-header" - * value: "bar" * + * * The oldest Route based on creation timestamp. + * * The Route appearing first in alphabetical order by + * "{namespace}/{name}". * - * Output: - * GET /foo HTTP/1.1 - * my-header: bar * - * @schema HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifier#set - */ - readonly set?: HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet[]; - -} - -/** - * Converts an object of type 'HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifier' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifier(obj: HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifier | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'add': obj.add?.map(y => toJson_HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd(y)), - 'remove': obj.remove?.map(y => y), - 'set': obj.set?.map(y => toJson_HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet(y)), - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ - -/** - * Type identifies the type of filter to apply. As with other API fields, - * types are classified into three conformance levels: - * - * - * - Core: Filter types and their corresponding configuration defined by - * "Support: Core" in this package, e.g. "RequestHeaderModifier". All - * implementations must support core filters. - * - * - * - Extended: Filter types and their corresponding configuration defined by - * "Support: Extended" in this package, e.g. "RequestMirror". Implementers - * are encouraged to support extended filters. - * - * - * - Implementation-specific: Filters that are defined and supported by - * specific vendors. - * In the future, filters showing convergence in behavior across multiple - * implementations will be considered for inclusion in extended or core - * conformance levels. Filter-specific configuration for such filters - * is specified using the ExtensionRef field. `Type` should be set to - * "ExtensionRef" for custom filters. - * - * - * Implementers are encouraged to define custom implementation types to - * extend the core API with implementation-specific behavior. - * - * - * If a reference to a custom filter type cannot be resolved, the filter - * MUST NOT be skipped. Instead, requests that would have been processed by - * that filter MUST receive a HTTP error response. - * - * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. - * - * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. - * - * @schema HttpRouteSpecRulesBackendRefsFiltersType - */ -export enum HttpRouteSpecRulesBackendRefsFiltersType { - /** RequestHeaderModifier */ - REQUEST_HEADER_MODIFIER = "RequestHeaderModifier", - /** ResponseHeaderModifier */ - RESPONSE_HEADER_MODIFIER = "ResponseHeaderModifier", - /** RequestMirror */ - REQUEST_MIRROR = "RequestMirror", - /** RequestRedirect */ - REQUEST_REDIRECT = "RequestRedirect", - /** URLRewrite */ - URL_REWRITE = "URLRewrite", - /** ExtensionRef */ - EXTENSION_REF = "ExtensionRef", -} - -/** - * URLRewrite defines a schema for a filter that modifies a request during forwarding. - * - * - * Support: Extended - * - * @schema HttpRouteSpecRulesBackendRefsFiltersUrlRewrite - */ -export interface HttpRouteSpecRulesBackendRefsFiltersUrlRewrite { - /** - * Hostname is the value to be used to replace the Host header value during - * forwarding. + * If ties still exist within an HTTPRoute, matching precedence MUST be granted + * to the FIRST matching rule (in list order) with a match meeting the above + * criteria. * * - * Support: Extended + * When no rules matching a request have been successfully attached to the + * parent a request is coming from, a HTTP 404 status code MUST be returned. * - * @schema HttpRouteSpecRulesBackendRefsFiltersUrlRewrite#hostname + * @schema HttpRouteV1Beta1SpecRules#matches */ - readonly hostname?: string; + readonly matches?: HttpRouteV1Beta1SpecRulesMatches[]; /** - * Path defines a path rewrite. + * SessionPersistence defines and configures session persistence + * for the route rule. * * * Support: Extended * - * @schema HttpRouteSpecRulesBackendRefsFiltersUrlRewrite#path - */ - readonly path?: HttpRouteSpecRulesBackendRefsFiltersUrlRewritePath; - -} - -/** - * Converts an object of type 'HttpRouteSpecRulesBackendRefsFiltersUrlRewrite' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesBackendRefsFiltersUrlRewrite(obj: HttpRouteSpecRulesBackendRefsFiltersUrlRewrite | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'hostname': obj.hostname, - 'path': toJson_HttpRouteSpecRulesBackendRefsFiltersUrlRewritePath(obj.path), - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ - -/** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. - * - * @schema HttpRouteSpecRulesFiltersRequestHeaderModifierAdd - */ -export interface HttpRouteSpecRulesFiltersRequestHeaderModifierAdd { - /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. * - * @schema HttpRouteSpecRulesFiltersRequestHeaderModifierAdd#name + * @schema HttpRouteV1Beta1SpecRules#sessionPersistence */ - readonly name: string; + readonly sessionPersistence?: HttpRouteV1Beta1SpecRulesSessionPersistence; /** - * Value is the value of HTTP Header to be matched. + * Timeouts defines the timeouts that can be configured for an HTTP request. * - * @schema HttpRouteSpecRulesFiltersRequestHeaderModifierAdd#value - */ - readonly value: string; - -} - -/** - * Converts an object of type 'HttpRouteSpecRulesFiltersRequestHeaderModifierAdd' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesFiltersRequestHeaderModifierAdd(obj: HttpRouteSpecRulesFiltersRequestHeaderModifierAdd | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'name': obj.name, - 'value': obj.value, - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ - -/** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. - * - * @schema HttpRouteSpecRulesFiltersRequestHeaderModifierSet - */ -export interface HttpRouteSpecRulesFiltersRequestHeaderModifierSet { - /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * + * Support: Extended * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. * - * @schema HttpRouteSpecRulesFiltersRequestHeaderModifierSet#name - */ - readonly name: string; - - /** - * Value is the value of HTTP Header to be matched. * - * @schema HttpRouteSpecRulesFiltersRequestHeaderModifierSet#value + * + * @schema HttpRouteV1Beta1SpecRules#timeouts */ - readonly value: string; + readonly timeouts?: HttpRouteV1Beta1SpecRulesTimeouts; } /** - * Converts an object of type 'HttpRouteSpecRulesFiltersRequestHeaderModifierSet' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRules' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesFiltersRequestHeaderModifierSet(obj: HttpRouteSpecRulesFiltersRequestHeaderModifierSet | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRules(obj: HttpRouteV1Beta1SpecRules | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'name': obj.name, - 'value': obj.value, + 'backendRefs': obj.backendRefs?.map(y => toJson_HttpRouteV1Beta1SpecRulesBackendRefs(y)), + 'filters': obj.filters?.map(y => toJson_HttpRouteV1Beta1SpecRulesFilters(y)), + 'matches': obj.matches?.map(y => toJson_HttpRouteV1Beta1SpecRulesMatches(y)), + 'sessionPersistence': toJson_HttpRouteV1Beta1SpecRulesSessionPersistence(obj.sessionPersistence), + 'timeouts': toJson_HttpRouteV1Beta1SpecRulesTimeouts(obj.timeouts), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -10447,44 +14498,58 @@ export function toJson_HttpRouteSpecRulesFiltersRequestHeaderModifierSet(obj: Ht /* eslint-enable max-len, quote-props */ /** - * BackendRef references a resource where mirrored requests are sent. + * HTTPBackendRef defines how a HTTPRoute forwards a HTTP request. * * - * Mirrored requests must be sent only to a single destination endpoint - * within this BackendRef, irrespective of how many endpoints are present - * within this BackendRef. + * Note that when a namespace different than the local namespace is specified, a + * ReferenceGrant object is required in the referent namespace to allow that + * namespace's owner to accept the reference. See the ReferenceGrant + * documentation for details. * * - * If the referent cannot be found, this BackendRef is invalid and must be - * dropped from the Gateway. The controller must ensure the "ResolvedRefs" - * condition on the Route status is set to `status: False` and not configure - * this backend in the underlying implementation. + * * * - * If there is a cross-namespace reference to an *existing* object - * that is not allowed by a ReferenceGrant, the controller must ensure the - * "ResolvedRefs" condition on the Route is set to `status: False`, - * with the "RefNotPermitted" reason and not configure this backend in the - * underlying implementation. + * When the BackendRef points to a Kubernetes Service, implementations SHOULD + * honor the appProtocol field if it is set for the target Service Port. * * - * In either error case, the Message of the `ResolvedRefs` Condition - * should be used to provide more detail about the problem. + * Implementations supporting appProtocol SHOULD recognize the Kubernetes + * Standard Application Protocols defined in KEP-3726. * * - * Support: Extended for Kubernetes Service + * If a Service appProtocol isn't specified, an implementation MAY infer the + * backend protocol through its own means. Implementations MAY infer the + * protocol from the Route type referring to the backend Service. * * - * Support: Implementation-specific for any other resource + * If a Route is not able to send traffic to the backend using the specified + * protocol then the backend is considered invalid. Implementations MUST set the + * "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason. + * + * + * * - * @schema HttpRouteSpecRulesFiltersRequestMirrorBackendRef + * @schema HttpRouteV1Beta1SpecRulesBackendRefs */ -export interface HttpRouteSpecRulesFiltersRequestMirrorBackendRef { +export interface HttpRouteV1Beta1SpecRulesBackendRefs { + /** + * Filters defined at this level should be executed if and only if the + * request is being forwarded to the backend defined here. + * + * + * Support: Implementation-specific (For broader support of filters, use the + * Filters field in HTTPRouteRule.) + * + * @schema HttpRouteV1Beta1SpecRulesBackendRefs#filters + */ + readonly filters?: HttpRouteV1Beta1SpecRulesBackendRefsFilters[]; + /** * Group is the group of the referent. For example, "gateway.networking.k8s.io". * When unspecified or empty string, core API group is inferred. * - * @schema HttpRouteSpecRulesFiltersRequestMirrorBackendRef#group + * @schema HttpRouteV1Beta1SpecRulesBackendRefs#group */ readonly group?: string; @@ -10509,14 +14574,14 @@ export interface HttpRouteSpecRulesFiltersRequestMirrorBackendRef { * Support: Implementation-specific (Services with type ExternalName) * * @default Service" when not specified. - * @schema HttpRouteSpecRulesFiltersRequestMirrorBackendRef#kind + * @schema HttpRouteV1Beta1SpecRulesBackendRefs#kind */ readonly kind?: string; /** * Name is the name of the referent. * - * @schema HttpRouteSpecRulesFiltersRequestMirrorBackendRef#name + * @schema HttpRouteV1Beta1SpecRulesBackendRefs#name */ readonly name: string; @@ -10533,7 +14598,7 @@ export interface HttpRouteSpecRulesFiltersRequestMirrorBackendRef { * * Support: Core * - * @schema HttpRouteSpecRulesFiltersRequestMirrorBackendRef#namespace + * @schema HttpRouteV1Beta1SpecRulesBackendRefs#namespace */ readonly namespace?: string; @@ -10544,258 +14609,47 @@ export interface HttpRouteSpecRulesFiltersRequestMirrorBackendRef { * For other resources, destination port might be derived from the referent * resource or this field. * - * @schema HttpRouteSpecRulesFiltersRequestMirrorBackendRef#port + * @schema HttpRouteV1Beta1SpecRulesBackendRefs#port */ readonly port?: number; -} - -/** - * Converts an object of type 'HttpRouteSpecRulesFiltersRequestMirrorBackendRef' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesFiltersRequestMirrorBackendRef(obj: HttpRouteSpecRulesFiltersRequestMirrorBackendRef | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'group': obj.group, - 'kind': obj.kind, - 'name': obj.name, - 'namespace': obj.namespace, - 'port': obj.port, - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ - -/** - * Path defines parameters used to modify the path of the incoming request. - * The modified path is then used to construct the `Location` header. When - * empty, the request path is used as-is. - * - * - * Support: Extended - * - * @schema HttpRouteSpecRulesFiltersRequestRedirectPath - */ -export interface HttpRouteSpecRulesFiltersRequestRedirectPath { - /** - * ReplaceFullPath specifies the value with which to replace the full path - * of a request during a rewrite or redirect. - * - * @schema HttpRouteSpecRulesFiltersRequestRedirectPath#replaceFullPath - */ - readonly replaceFullPath?: string; - - /** - * ReplacePrefixMatch specifies the value with which to replace the prefix - * match of a request during a rewrite or redirect. For example, a request - * to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch - * of "/xyz" would be modified to "/xyz/bar". - * - * - * Note that this matches the behavior of the PathPrefix match type. This - * matches full path elements. A path element refers to the list of labels - * in the path split by the `/` separator. When specified, a trailing `/` is - * ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all - * match the prefix `/abc`, but the path `/abcd` would not. - * - * - * ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. - * Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in - * the implementation setting the Accepted Condition for the Route to `status: False`. - * - * - * Request Path | Prefix Match | Replace Prefix | Modified Path - * -------------|--------------|----------------|---------- - * /foo/bar | /foo | /xyz | /xyz/bar - * /foo/bar | /foo | /xyz/ | /xyz/bar - * /foo/bar | /foo/ | /xyz | /xyz/bar - * /foo/bar | /foo/ | /xyz/ | /xyz/bar - * /foo | /foo | /xyz | /xyz - * /foo/ | /foo | /xyz | /xyz/ - * /foo/bar | /foo | | /bar - * /foo/ | /foo | | / - * /foo | /foo | | / - * /foo/ | /foo | / | / - * /foo | /foo | / | / - * - * @schema HttpRouteSpecRulesFiltersRequestRedirectPath#replacePrefixMatch - */ - readonly replacePrefixMatch?: string; - - /** - * Type defines the type of path modifier. Additional types may be - * added in a future release of the API. - * - * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. - * - * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. - * - * @schema HttpRouteSpecRulesFiltersRequestRedirectPath#type - */ - readonly type: HttpRouteSpecRulesFiltersRequestRedirectPathType; - -} - -/** - * Converts an object of type 'HttpRouteSpecRulesFiltersRequestRedirectPath' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesFiltersRequestRedirectPath(obj: HttpRouteSpecRulesFiltersRequestRedirectPath | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'replaceFullPath': obj.replaceFullPath, - 'replacePrefixMatch': obj.replacePrefixMatch, - 'type': obj.type, - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ - -/** - * Scheme is the scheme to be used in the value of the `Location` header in - * the response. When empty, the scheme of the request is used. - * - * - * Scheme redirects can affect the port of the redirect, for more information, - * refer to the documentation for the port field of this filter. - * - * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. - * - * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. - * - * - * Support: Extended - * - * @schema HttpRouteSpecRulesFiltersRequestRedirectScheme - */ -export enum HttpRouteSpecRulesFiltersRequestRedirectScheme { - /** http */ - HTTP = "http", - /** https */ - HTTPS = "https", -} - -/** - * StatusCode is the HTTP status code to be used in response. - * - * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. - * - * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. - * - * - * Support: Core - * - * @schema HttpRouteSpecRulesFiltersRequestRedirectStatusCode - */ -export enum HttpRouteSpecRulesFiltersRequestRedirectStatusCode { - /** 301 */ - VALUE_301 = 301, - /** 302 */ - VALUE_302 = 302, -} - -/** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. - * - * @schema HttpRouteSpecRulesFiltersResponseHeaderModifierAdd - */ -export interface HttpRouteSpecRulesFiltersResponseHeaderModifierAdd { - /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). - * - * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. - * - * @schema HttpRouteSpecRulesFiltersResponseHeaderModifierAdd#name - */ - readonly name: string; - - /** - * Value is the value of HTTP Header to be matched. - * - * @schema HttpRouteSpecRulesFiltersResponseHeaderModifierAdd#value - */ - readonly value: string; - -} - -/** - * Converts an object of type 'HttpRouteSpecRulesFiltersResponseHeaderModifierAdd' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesFiltersResponseHeaderModifierAdd(obj: HttpRouteSpecRulesFiltersResponseHeaderModifierAdd | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'name': obj.name, - 'value': obj.value, - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ - -/** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. - * - * @schema HttpRouteSpecRulesFiltersResponseHeaderModifierSet - */ -export interface HttpRouteSpecRulesFiltersResponseHeaderModifierSet { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + * Weight specifies the proportion of requests forwarded to the referenced + * backend. This is computed as weight/(sum of all weights in this + * BackendRefs list). For non-zero values, there may be some epsilon from + * the exact proportion defined here depending on the precision an + * implementation supports. Weight is not a percentage and the sum of + * weights does not need to equal 100. * * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * If only one backend is specified and it has a weight greater than 0, 100% + * of the traffic is forwarded to that backend. If weight is set to 0, no + * traffic should be forwarded for this entry. If unspecified, weight + * defaults to 1. * - * @schema HttpRouteSpecRulesFiltersResponseHeaderModifierSet#name - */ - readonly name: string; - - /** - * Value is the value of HTTP Header to be matched. * - * @schema HttpRouteSpecRulesFiltersResponseHeaderModifierSet#value + * Support for this field varies based on the context where used. + * + * @schema HttpRouteV1Beta1SpecRulesBackendRefs#weight */ - readonly value: string; + readonly weight?: number; } /** - * Converts an object of type 'HttpRouteSpecRulesFiltersResponseHeaderModifierSet' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefs' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesFiltersResponseHeaderModifierSet(obj: HttpRouteSpecRulesFiltersResponseHeaderModifierSet | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesBackendRefs(obj: HttpRouteV1Beta1SpecRulesBackendRefs | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { + 'filters': obj.filters?.map(y => toJson_HttpRouteV1Beta1SpecRulesBackendRefsFilters(y)), + 'group': obj.group, + 'kind': obj.kind, 'name': obj.name, - 'value': obj.value, + 'namespace': obj.namespace, + 'port': obj.port, + 'weight': obj.weight, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -10803,62 +14657,113 @@ export function toJson_HttpRouteSpecRulesFiltersResponseHeaderModifierSet(obj: H /* eslint-enable max-len, quote-props */ /** - * Path defines a path rewrite. - * - * - * Support: Extended + * HTTPRouteFilter defines processing steps that must be completed during the + * request or response lifecycle. HTTPRouteFilters are meant as an extension + * point to express processing that may be done in Gateway implementations. Some + * examples include request or response modification, implementing + * authentication strategies, rate-limiting, and traffic shaping. API + * guarantee/conformance is defined based on the type of the filter. * - * @schema HttpRouteSpecRulesFiltersUrlRewritePath + * @schema HttpRouteV1Beta1SpecRulesFilters */ -export interface HttpRouteSpecRulesFiltersUrlRewritePath { +export interface HttpRouteV1Beta1SpecRulesFilters { /** - * ReplaceFullPath specifies the value with which to replace the full path - * of a request during a rewrite or redirect. + * ExtensionRef is an optional, implementation-specific extension to the + * "filter" behavior. For example, resource "myroutefilter" in group + * "networking.example.net"). ExtensionRef MUST NOT be used for core and + * extended filters. * - * @schema HttpRouteSpecRulesFiltersUrlRewritePath#replaceFullPath + * + * This filter can be used multiple times within the same rule. + * + * + * Support: Implementation-specific + * + * @schema HttpRouteV1Beta1SpecRulesFilters#extensionRef */ - readonly replaceFullPath?: string; + readonly extensionRef?: HttpRouteV1Beta1SpecRulesFiltersExtensionRef; /** - * ReplacePrefixMatch specifies the value with which to replace the prefix - * match of a request during a rewrite or redirect. For example, a request - * to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch - * of "/xyz" would be modified to "/xyz/bar". + * RequestHeaderModifier defines a schema for a filter that modifies request + * headers. * * - * Note that this matches the behavior of the PathPrefix match type. This - * matches full path elements. A path element refers to the list of labels - * in the path split by the `/` separator. When specified, a trailing `/` is - * ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all - * match the prefix `/abc`, but the path `/abcd` would not. + * Support: Core * + * @schema HttpRouteV1Beta1SpecRulesFilters#requestHeaderModifier + */ + readonly requestHeaderModifier?: HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifier; + + /** + * RequestMirror defines a schema for a filter that mirrors requests. + * Requests are sent to the specified destination, but responses from + * that destination are ignored. * - * ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. - * Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in - * the implementation setting the Accepted Condition for the Route to `status: False`. * + * This filter can be used multiple times within the same rule. Note that + * not all implementations will be able to support mirroring to multiple + * backends. * - * Request Path | Prefix Match | Replace Prefix | Modified Path - * -------------|--------------|----------------|---------- - * /foo/bar | /foo | /xyz | /xyz/bar - * /foo/bar | /foo | /xyz/ | /xyz/bar - * /foo/bar | /foo/ | /xyz | /xyz/bar - * /foo/bar | /foo/ | /xyz/ | /xyz/bar - * /foo | /foo | /xyz | /xyz - * /foo/ | /foo | /xyz | /xyz/ - * /foo/bar | /foo | | /bar - * /foo/ | /foo | | / - * /foo | /foo | | / - * /foo/ | /foo | / | / - * /foo | /foo | / | / * - * @schema HttpRouteSpecRulesFiltersUrlRewritePath#replacePrefixMatch + * Support: Extended + * + * @schema HttpRouteV1Beta1SpecRulesFilters#requestMirror */ - readonly replacePrefixMatch?: string; + readonly requestMirror?: HttpRouteV1Beta1SpecRulesFiltersRequestMirror; /** - * Type defines the type of path modifier. Additional types may be - * added in a future release of the API. + * RequestRedirect defines a schema for a filter that responds to the + * request with an HTTP redirection. + * + * + * Support: Core + * + * @schema HttpRouteV1Beta1SpecRulesFilters#requestRedirect + */ + readonly requestRedirect?: HttpRouteV1Beta1SpecRulesFiltersRequestRedirect; + + /** + * ResponseHeaderModifier defines a schema for a filter that modifies response + * headers. + * + * + * Support: Extended + * + * @schema HttpRouteV1Beta1SpecRulesFilters#responseHeaderModifier + */ + readonly responseHeaderModifier?: HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifier; + + /** + * Type identifies the type of filter to apply. As with other API fields, + * types are classified into three conformance levels: + * + * + * - Core: Filter types and their corresponding configuration defined by + * "Support: Core" in this package, e.g. "RequestHeaderModifier". All + * implementations must support core filters. + * + * + * - Extended: Filter types and their corresponding configuration defined by + * "Support: Extended" in this package, e.g. "RequestMirror". Implementers + * are encouraged to support extended filters. + * + * + * - Implementation-specific: Filters that are defined and supported by + * specific vendors. + * In the future, filters showing convergence in behavior across multiple + * implementations will be considered for inclusion in extended or core + * conformance levels. Filter-specific configuration for such filters + * is specified using the ExtensionRef field. `Type` should be set to + * "ExtensionRef" for custom filters. + * + * + * Implementers are encouraged to define custom implementation types to + * extend the core API with implementation-specific behavior. + * + * + * If a reference to a custom filter type cannot be resolved, the filter + * MUST NOT be skipped. Instead, requests that would have been processed by + * that filter MUST receive a HTTP error response. * * * Note that values may be added to this enum, implementations @@ -10869,22 +14774,36 @@ export interface HttpRouteSpecRulesFiltersUrlRewritePath { * Accepted Condition for the Route to `status: False`, with a * Reason of `UnsupportedValue`. * - * @schema HttpRouteSpecRulesFiltersUrlRewritePath#type + * @schema HttpRouteV1Beta1SpecRulesFilters#type */ - readonly type: HttpRouteSpecRulesFiltersUrlRewritePathType; + readonly type: HttpRouteV1Beta1SpecRulesFiltersType; + + /** + * URLRewrite defines a schema for a filter that modifies a request during forwarding. + * + * + * Support: Extended + * + * @schema HttpRouteV1Beta1SpecRulesFilters#urlRewrite + */ + readonly urlRewrite?: HttpRouteV1Beta1SpecRulesFiltersUrlRewrite; } /** - * Converts an object of type 'HttpRouteSpecRulesFiltersUrlRewritePath' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesFilters' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesFiltersUrlRewritePath(obj: HttpRouteSpecRulesFiltersUrlRewritePath | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesFilters(obj: HttpRouteV1Beta1SpecRulesFilters | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'replaceFullPath': obj.replaceFullPath, - 'replacePrefixMatch': obj.replacePrefixMatch, + 'extensionRef': toJson_HttpRouteV1Beta1SpecRulesFiltersExtensionRef(obj.extensionRef), + 'requestHeaderModifier': toJson_HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifier(obj.requestHeaderModifier), + 'requestMirror': toJson_HttpRouteV1Beta1SpecRulesFiltersRequestMirror(obj.requestMirror), + 'requestRedirect': toJson_HttpRouteV1Beta1SpecRulesFiltersRequestRedirect(obj.requestRedirect), + 'responseHeaderModifier': toJson_HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifier(obj.responseHeaderModifier), 'type': obj.type, + 'urlRewrite': toJson_HttpRouteV1Beta1SpecRulesFiltersUrlRewrite(obj.urlRewrite), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -10892,112 +14811,85 @@ export function toJson_HttpRouteSpecRulesFiltersUrlRewritePath(obj: HttpRouteSpe /* eslint-enable max-len, quote-props */ /** - * Type specifies how to match against the value of the header. - * - * - * Support: Core (Exact) - * - * - * Support: Implementation-specific (RegularExpression) - * - * - * Since RegularExpression HeaderMatchType has implementation-specific - * conformance, implementations can support POSIX, PCRE or any other dialects - * of regular expressions. Please read the implementation's documentation to - * determine the supported dialect. - * - * @schema HttpRouteSpecRulesMatchesHeadersType - */ -export enum HttpRouteSpecRulesMatchesHeadersType { - /** Exact */ - EXACT = "Exact", - /** RegularExpression */ - REGULAR_EXPRESSION = "RegularExpression", -} - -/** - * Type specifies how to match against the path Value. - * - * - * Support: Core (Exact, PathPrefix) - * - * - * Support: Implementation-specific (RegularExpression) - * - * @schema HttpRouteSpecRulesMatchesPathType - */ -export enum HttpRouteSpecRulesMatchesPathType { - /** Exact */ - EXACT = "Exact", - /** PathPrefix */ - PATH_PREFIX = "PathPrefix", - /** RegularExpression */ - REGULAR_EXPRESSION = "RegularExpression", -} - -/** - * Type specifies how to match against the value of the query parameter. - * + * HTTPRouteMatch defines the predicate used to match requests to a given + * action. Multiple match types are ANDed together, i.e. the match will + * evaluate to true only if all conditions are satisfied. * - * Support: Extended (Exact) * + * For example, the match below will match a HTTP request only if its path + * starts with `/foo` AND it contains the `version: v1` header: * - * Support: Implementation-specific (RegularExpression) * + * ``` + * match: * - * Since RegularExpression QueryParamMatchType has Implementation-specific - * conformance, implementations can support POSIX, PCRE or any other - * dialects of regular expressions. Please read the implementation's - * documentation to determine the supported dialect. * - * @schema HttpRouteSpecRulesMatchesQueryParamsType - */ -export enum HttpRouteSpecRulesMatchesQueryParamsType { - /** Exact */ - EXACT = "Exact", - /** RegularExpression */ - REGULAR_EXPRESSION = "RegularExpression", -} - -/** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * path: + * value: "/foo" + * headers: + * - name: "version" + * value "v1" * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd + * + * ``` + * + * @schema HttpRouteV1Beta1SpecRulesMatches */ -export interface HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd { +export interface HttpRouteV1Beta1SpecRulesMatches { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + * Headers specifies HTTP request header matchers. Multiple match values are + * ANDed together, meaning, a request must match all the specified headers + * to select the route. + * + * @schema HttpRouteV1Beta1SpecRulesMatches#headers + */ + readonly headers?: HttpRouteV1Beta1SpecRulesMatchesHeaders[]; + + /** + * Method specifies HTTP method matcher. + * When specified, this route will be matched only if the request has the + * specified method. * * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * Support: Extended * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd#name + * @schema HttpRouteV1Beta1SpecRulesMatches#method */ - readonly name: string; + readonly method?: HttpRouteV1Beta1SpecRulesMatchesMethod; /** - * Value is the value of HTTP Header to be matched. + * Path specifies a HTTP request path matcher. If this field is not + * specified, a default prefix match on the "/" path is provided. * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd#value + * @schema HttpRouteV1Beta1SpecRulesMatches#path */ - readonly value: string; + readonly path?: HttpRouteV1Beta1SpecRulesMatchesPath; + + /** + * QueryParams specifies HTTP query parameter matchers. Multiple match + * values are ANDed together, meaning, a request must match all the + * specified query parameters to select the route. + * + * + * Support: Extended + * + * @schema HttpRouteV1Beta1SpecRulesMatches#queryParams + */ + readonly queryParams?: HttpRouteV1Beta1SpecRulesMatchesQueryParams[]; } /** - * Converts an object of type 'HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesMatches' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd(obj: HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierAdd | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesMatches(obj: HttpRouteV1Beta1SpecRulesMatches | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'name': obj.name, - 'value': obj.value, + 'headers': obj.headers?.map(y => toJson_HttpRouteV1Beta1SpecRulesMatchesHeaders(y)), + 'method': obj.method, + 'path': toJson_HttpRouteV1Beta1SpecRulesMatchesPath(obj.path), + 'queryParams': obj.queryParams?.map(y => toJson_HttpRouteV1Beta1SpecRulesMatchesQueryParams(y)), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -11005,44 +14897,96 @@ export function toJson_HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifier /* eslint-enable max-len, quote-props */ /** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * SessionPersistence defines and configures session persistence + * for the route rule. * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet + * + * Support: Extended + * + * + * + * + * @schema HttpRouteV1Beta1SpecRulesSessionPersistence */ -export interface HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet { +export interface HttpRouteV1Beta1SpecRulesSessionPersistence { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + * AbsoluteTimeout defines the absolute timeout of the persistent + * session. Once the AbsoluteTimeout duration has elapsed, the + * session becomes invalid. * * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * Support: Extended * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet#name + * @schema HttpRouteV1Beta1SpecRulesSessionPersistence#absoluteTimeout */ - readonly name: string; + readonly absoluteTimeout?: string; /** - * Value is the value of HTTP Header to be matched. + * CookieConfig provides configuration settings that are specific + * to cookie-based session persistence. * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet#value + * + * Support: Core + * + * @schema HttpRouteV1Beta1SpecRulesSessionPersistence#cookieConfig */ - readonly value: string; + readonly cookieConfig?: HttpRouteV1Beta1SpecRulesSessionPersistenceCookieConfig; + + /** + * IdleTimeout defines the idle timeout of the persistent session. + * Once the session has been idle for more than the specified + * IdleTimeout duration, the session becomes invalid. + * + * + * Support: Extended + * + * @schema HttpRouteV1Beta1SpecRulesSessionPersistence#idleTimeout + */ + readonly idleTimeout?: string; + + /** + * SessionName defines the name of the persistent session token + * which may be reflected in the cookie or the header. Users + * should avoid reusing session names to prevent unintended + * consequences, such as rejection or unpredictable behavior. + * + * + * Support: Implementation-specific + * + * @schema HttpRouteV1Beta1SpecRulesSessionPersistence#sessionName + */ + readonly sessionName?: string; + + /** + * Type defines the type of session persistence such as through + * the use a header or cookie. Defaults to cookie based session + * persistence. + * + * + * Support: Core for "Cookie" type + * + * + * Support: Extended for "Header" type + * + * @default cookie based session + * @schema HttpRouteV1Beta1SpecRulesSessionPersistence#type + */ + readonly type?: HttpRouteV1Beta1SpecRulesSessionPersistenceType; } /** - * Converts an object of type 'HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesSessionPersistence' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet(obj: HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifierSet | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesSessionPersistence(obj: HttpRouteV1Beta1SpecRulesSessionPersistence | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'name': obj.name, - 'value': obj.value, + 'absoluteTimeout': obj.absoluteTimeout, + 'cookieConfig': toJson_HttpRouteV1Beta1SpecRulesSessionPersistenceCookieConfig(obj.cookieConfig), + 'idleTimeout': obj.idleTimeout, + 'sessionName': obj.sessionName, + 'type': obj.type, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -11050,121 +14994,87 @@ export function toJson_HttpRouteSpecRulesBackendRefsFiltersRequestHeaderModifier /* eslint-enable max-len, quote-props */ /** - * BackendRef references a resource where mirrored requests are sent. - * - * - * Mirrored requests must be sent only to a single destination endpoint - * within this BackendRef, irrespective of how many endpoints are present - * within this BackendRef. - * - * - * If the referent cannot be found, this BackendRef is invalid and must be - * dropped from the Gateway. The controller must ensure the "ResolvedRefs" - * condition on the Route status is set to `status: False` and not configure - * this backend in the underlying implementation. - * - * - * If there is a cross-namespace reference to an *existing* object - * that is not allowed by a ReferenceGrant, the controller must ensure the - * "ResolvedRefs" condition on the Route is set to `status: False`, - * with the "RefNotPermitted" reason and not configure this backend in the - * underlying implementation. - * + * Timeouts defines the timeouts that can be configured for an HTTP request. * - * In either error case, the Message of the `ResolvedRefs` Condition - * should be used to provide more detail about the problem. * + * Support: Extended * - * Support: Extended for Kubernetes Service * * - * Support: Implementation-specific for any other resource * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef + * @schema HttpRouteV1Beta1SpecRulesTimeouts */ -export interface HttpRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef { - /** - * Group is the group of the referent. For example, "gateway.networking.k8s.io". - * When unspecified or empty string, core API group is inferred. - * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef#group - */ - readonly group?: string; - +export interface HttpRouteV1Beta1SpecRulesTimeouts { /** - * Kind is the Kubernetes resource kind of the referent. For example - * "Service". + * BackendRequest specifies a timeout for an individual request from the gateway + * to a backend. This covers the time from when the request first starts being + * sent from the gateway to when the full response has been received from the backend. * * - * Defaults to "Service" when not specified. + * Setting a timeout to the zero duration (e.g. "0s") SHOULD disable the timeout + * completely. Implementations that cannot completely disable the timeout MUST + * instead interpret the zero duration as the longest possible value to which + * the timeout can be set. * * - * ExternalName services can refer to CNAME DNS records that may live - * outside of the cluster and as such are difficult to reason about in - * terms of conformance. They also may not be safe to forward to (see - * CVE-2021-25740 for more information). Implementations SHOULD NOT - * support ExternalName Services. + * An entire client HTTP transaction with a gateway, covered by the Request timeout, + * may result in more than one call from the gateway to the destination backend, + * for example, if automatic retries are supported. * * - * Support: Core (Services with a type other than ExternalName) + * Because the Request timeout encompasses the BackendRequest timeout, the value of + * BackendRequest must be <= the value of Request timeout. * * - * Support: Implementation-specific (Services with type ExternalName) + * Support: Extended * - * @default Service" when not specified. - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef#kind + * @schema HttpRouteV1Beta1SpecRulesTimeouts#backendRequest */ - readonly kind?: string; + readonly backendRequest?: string; /** - * Name is the name of the referent. + * Request specifies the maximum duration for a gateway to respond to an HTTP request. + * If the gateway has not been able to respond before this deadline is met, the gateway + * MUST return a timeout error. * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef#name - */ - readonly name: string; - - /** - * Namespace is the namespace of the backend. When unspecified, the local - * namespace is inferred. * + * For example, setting the `rules.timeouts.request` field to the value `10s` in an + * `HTTPRoute` will cause a timeout if a client request is taking longer than 10 seconds + * to complete. * - * Note that when a namespace different than the local namespace is specified, - * a ReferenceGrant object is required in the referent namespace to allow that - * namespace's owner to accept the reference. See the ReferenceGrant - * documentation for details. * + * Setting a timeout to the zero duration (e.g. "0s") SHOULD disable the timeout + * completely. Implementations that cannot completely disable the timeout MUST + * instead interpret the zero duration as the longest possible value to which + * the timeout can be set. * - * Support: Core * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef#namespace - */ - readonly namespace?: string; - - /** - * Port specifies the destination port number to use for this resource. - * Port is required when the referent is a Kubernetes Service. In this - * case, the port number is the service port number, not the target port. - * For other resources, destination port might be derived from the referent - * resource or this field. + * This timeout is intended to cover as close to the whole request-response transaction + * as possible although an implementation MAY choose to start the timeout after the entire + * request stream has been received instead of immediately after the transaction is + * initiated by the client. * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef#port + * + * When this field is unspecified, request timeout behavior is implementation-specific. + * + * + * Support: Extended + * + * @schema HttpRouteV1Beta1SpecRulesTimeouts#request */ - readonly port?: number; + readonly request?: string; } /** - * Converts an object of type 'HttpRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesTimeouts' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef(obj: HttpRouteSpecRulesBackendRefsFiltersRequestMirrorBackendRef | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesTimeouts(obj: HttpRouteV1Beta1SpecRulesTimeouts | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'group': obj.group, - 'kind': obj.kind, - 'name': obj.name, - 'namespace': obj.namespace, - 'port': obj.port, + 'backendRequest': obj.backendRequest, + 'request': obj.request, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -11172,64 +15082,113 @@ export function toJson_HttpRouteSpecRulesBackendRefsFiltersRequestMirrorBackendR /* eslint-enable max-len, quote-props */ /** - * Path defines parameters used to modify the path of the incoming request. - * The modified path is then used to construct the `Location` header. When - * empty, the request path is used as-is. - * - * - * Support: Extended + * HTTPRouteFilter defines processing steps that must be completed during the + * request or response lifecycle. HTTPRouteFilters are meant as an extension + * point to express processing that may be done in Gateway implementations. Some + * examples include request or response modification, implementing + * authentication strategies, rate-limiting, and traffic shaping. API + * guarantee/conformance is defined based on the type of the filter. * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPath + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFilters */ -export interface HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPath { +export interface HttpRouteV1Beta1SpecRulesBackendRefsFilters { /** - * ReplaceFullPath specifies the value with which to replace the full path - * of a request during a rewrite or redirect. + * ExtensionRef is an optional, implementation-specific extension to the + * "filter" behavior. For example, resource "myroutefilter" in group + * "networking.example.net"). ExtensionRef MUST NOT be used for core and + * extended filters. * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPath#replaceFullPath + * + * This filter can be used multiple times within the same rule. + * + * + * Support: Implementation-specific + * + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFilters#extensionRef + */ + readonly extensionRef?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersExtensionRef; + + /** + * RequestHeaderModifier defines a schema for a filter that modifies request + * headers. + * + * + * Support: Core + * + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFilters#requestHeaderModifier + */ + readonly requestHeaderModifier?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifier; + + /** + * RequestMirror defines a schema for a filter that mirrors requests. + * Requests are sent to the specified destination, but responses from + * that destination are ignored. + * + * + * This filter can be used multiple times within the same rule. Note that + * not all implementations will be able to support mirroring to multiple + * backends. + * + * + * Support: Extended + * + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFilters#requestMirror */ - readonly replaceFullPath?: string; + readonly requestMirror?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirror; /** - * ReplacePrefixMatch specifies the value with which to replace the prefix - * match of a request during a rewrite or redirect. For example, a request - * to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch - * of "/xyz" would be modified to "/xyz/bar". - * + * RequestRedirect defines a schema for a filter that responds to the + * request with an HTTP redirection. * - * Note that this matches the behavior of the PathPrefix match type. This - * matches full path elements. A path element refers to the list of labels - * in the path split by the `/` separator. When specified, a trailing `/` is - * ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all - * match the prefix `/abc`, but the path `/abcd` would not. * + * Support: Core * - * ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. - * Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in - * the implementation setting the Accepted Condition for the Route to `status: False`. + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFilters#requestRedirect + */ + readonly requestRedirect?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirect; + + /** + * ResponseHeaderModifier defines a schema for a filter that modifies response + * headers. * * - * Request Path | Prefix Match | Replace Prefix | Modified Path - * -------------|--------------|----------------|---------- - * /foo/bar | /foo | /xyz | /xyz/bar - * /foo/bar | /foo | /xyz/ | /xyz/bar - * /foo/bar | /foo/ | /xyz | /xyz/bar - * /foo/bar | /foo/ | /xyz/ | /xyz/bar - * /foo | /foo | /xyz | /xyz - * /foo/ | /foo | /xyz | /xyz/ - * /foo/bar | /foo | | /bar - * /foo/ | /foo | | / - * /foo | /foo | | / - * /foo/ | /foo | / | / - * /foo | /foo | / | / + * Support: Extended * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPath#replacePrefixMatch + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFilters#responseHeaderModifier */ - readonly replacePrefixMatch?: string; + readonly responseHeaderModifier?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifier; /** - * Type defines the type of path modifier. Additional types may be - * added in a future release of the API. + * Type identifies the type of filter to apply. As with other API fields, + * types are classified into three conformance levels: + * + * + * - Core: Filter types and their corresponding configuration defined by + * "Support: Core" in this package, e.g. "RequestHeaderModifier". All + * implementations must support core filters. + * + * + * - Extended: Filter types and their corresponding configuration defined by + * "Support: Extended" in this package, e.g. "RequestMirror". Implementers + * are encouraged to support extended filters. + * + * + * - Implementation-specific: Filters that are defined and supported by + * specific vendors. + * In the future, filters showing convergence in behavior across multiple + * implementations will be considered for inclusion in extended or core + * conformance levels. Filter-specific configuration for such filters + * is specified using the ExtensionRef field. `Type` should be set to + * "ExtensionRef" for custom filters. + * + * + * Implementers are encouraged to define custom implementation types to + * extend the core API with implementation-specific behavior. + * + * + * If a reference to a custom filter type cannot be resolved, the filter + * MUST NOT be skipped. Instead, requests that would have been processed by + * that filter MUST receive a HTTP error response. * * * Note that values may be added to this enum, implementations @@ -11240,22 +15199,36 @@ export interface HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPath { * Accepted Condition for the Route to `status: False`, with a * Reason of `UnsupportedValue`. * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPath#type + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFilters#type */ - readonly type: HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPathType; + readonly type: HttpRouteV1Beta1SpecRulesBackendRefsFiltersType; + + /** + * URLRewrite defines a schema for a filter that modifies a request during forwarding. + * + * + * Support: Extended + * + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFilters#urlRewrite + */ + readonly urlRewrite?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewrite; } /** - * Converts an object of type 'HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPath' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFilters' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPath(obj: HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPath | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFilters(obj: HttpRouteV1Beta1SpecRulesBackendRefsFilters | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'replaceFullPath': obj.replaceFullPath, - 'replacePrefixMatch': obj.replacePrefixMatch, + 'extensionRef': toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersExtensionRef(obj.extensionRef), + 'requestHeaderModifier': toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifier(obj.requestHeaderModifier), + 'requestMirror': toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirror(obj.requestMirror), + 'requestRedirect': toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirect(obj.requestRedirect), + 'responseHeaderModifier': toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifier(obj.responseHeaderModifier), 'type': obj.type, + 'urlRewrite': toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewrite(obj.urlRewrite), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -11263,142 +15236,54 @@ export function toJson_HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPath(o /* eslint-enable max-len, quote-props */ /** - * Scheme is the scheme to be used in the value of the `Location` header in - * the response. When empty, the scheme of the request is used. - * - * - * Scheme redirects can affect the port of the redirect, for more information, - * refer to the documentation for the port field of this filter. - * - * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. - * - * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. - * - * - * Support: Extended - * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirectScheme - */ -export enum HttpRouteSpecRulesBackendRefsFiltersRequestRedirectScheme { - /** http */ - HTTP = "http", - /** https */ - HTTPS = "https", -} - -/** - * StatusCode is the HTTP status code to be used in response. - * - * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. - * + * ExtensionRef is an optional, implementation-specific extension to the + * "filter" behavior. For example, resource "myroutefilter" in group + * "networking.example.net"). ExtensionRef MUST NOT be used for core and + * extended filters. * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. * + * This filter can be used multiple times within the same rule. * - * Support: Core * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirectStatusCode - */ -export enum HttpRouteSpecRulesBackendRefsFiltersRequestRedirectStatusCode { - /** 301 */ - VALUE_301 = 301, - /** 302 */ - VALUE_302 = 302, -} - -/** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * Support: Implementation-specific * - * @schema HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd + * @schema HttpRouteV1Beta1SpecRulesFiltersExtensionRef */ -export interface HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd { +export interface HttpRouteV1Beta1SpecRulesFiltersExtensionRef { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). - * - * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * Group is the group of the referent. For example, "gateway.networking.k8s.io". + * When unspecified or empty string, core API group is inferred. * - * @schema HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd#name + * @schema HttpRouteV1Beta1SpecRulesFiltersExtensionRef#group */ - readonly name: string; + readonly group: string; /** - * Value is the value of HTTP Header to be matched. + * Kind is kind of the referent. For example "HTTPRoute" or "Service". * - * @schema HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd#value + * @schema HttpRouteV1Beta1SpecRulesFiltersExtensionRef#kind */ - readonly value: string; - -} - -/** - * Converts an object of type 'HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd(obj: HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierAdd | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'name': obj.name, - 'value': obj.value, - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ + readonly kind: string; -/** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. - * - * @schema HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet - */ -export interface HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). - * - * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * Name is the name of the referent. * - * @schema HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet#name + * @schema HttpRouteV1Beta1SpecRulesFiltersExtensionRef#name */ readonly name: string; - /** - * Value is the value of HTTP Header to be matched. - * - * @schema HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet#value - */ - readonly value: string; - } /** - * Converts an object of type 'HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersExtensionRef' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet(obj: HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifierSet | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesFiltersExtensionRef(obj: HttpRouteV1Beta1SpecRulesFiltersExtensionRef | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { + 'group': obj.group, + 'kind': obj.kind, 'name': obj.name, - 'value': obj.value, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -11406,88 +15291,102 @@ export function toJson_HttpRouteSpecRulesBackendRefsFiltersResponseHeaderModifie /* eslint-enable max-len, quote-props */ /** - * Path defines a path rewrite. + * RequestHeaderModifier defines a schema for a filter that modifies request + * headers. * * - * Support: Extended + * Support: Core * - * @schema HttpRouteSpecRulesBackendRefsFiltersUrlRewritePath + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifier */ -export interface HttpRouteSpecRulesBackendRefsFiltersUrlRewritePath { +export interface HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifier { /** - * ReplaceFullPath specifies the value with which to replace the full path - * of a request during a rewrite or redirect. + * Add adds the given header(s) (name, value) to the request + * before the action. It appends to any existing values associated + * with the header name. + * + * + * Input: + * GET /foo HTTP/1.1 + * my-header: foo + * + * + * Config: + * add: + * - name: "my-header" + * value: "bar,baz" * - * @schema HttpRouteSpecRulesBackendRefsFiltersUrlRewritePath#replaceFullPath + * + * Output: + * GET /foo HTTP/1.1 + * my-header: foo,bar,baz + * + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifier#add */ - readonly replaceFullPath?: string; + readonly add?: HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierAdd[]; /** - * ReplacePrefixMatch specifies the value with which to replace the prefix - * match of a request during a rewrite or redirect. For example, a request - * to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch - * of "/xyz" would be modified to "/xyz/bar". + * Remove the given header(s) from the HTTP request before the action. The + * value of Remove is a list of HTTP header names. Note that the header + * names are case-insensitive (see + * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). * * - * Note that this matches the behavior of the PathPrefix match type. This - * matches full path elements. A path element refers to the list of labels - * in the path split by the `/` separator. When specified, a trailing `/` is - * ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all - * match the prefix `/abc`, but the path `/abcd` would not. + * Input: + * GET /foo HTTP/1.1 + * my-header1: foo + * my-header2: bar + * my-header3: baz * * - * ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. - * Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in - * the implementation setting the Accepted Condition for the Route to `status: False`. + * Config: + * remove: ["my-header1", "my-header3"] * * - * Request Path | Prefix Match | Replace Prefix | Modified Path - * -------------|--------------|----------------|---------- - * /foo/bar | /foo | /xyz | /xyz/bar - * /foo/bar | /foo | /xyz/ | /xyz/bar - * /foo/bar | /foo/ | /xyz | /xyz/bar - * /foo/bar | /foo/ | /xyz/ | /xyz/bar - * /foo | /foo | /xyz | /xyz - * /foo/ | /foo | /xyz | /xyz/ - * /foo/bar | /foo | | /bar - * /foo/ | /foo | | / - * /foo | /foo | | / - * /foo/ | /foo | / | / - * /foo | /foo | / | / + * Output: + * GET /foo HTTP/1.1 + * my-header2: bar * - * @schema HttpRouteSpecRulesBackendRefsFiltersUrlRewritePath#replacePrefixMatch + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifier#remove */ - readonly replacePrefixMatch?: string; + readonly remove?: string[]; /** - * Type defines the type of path modifier. Additional types may be - * added in a future release of the API. + * Set overwrites the request with the given header (name, value) + * before the action. * * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. + * Input: + * GET /foo HTTP/1.1 + * my-header: foo * * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. + * Config: + * set: + * - name: "my-header" + * value: "bar" * - * @schema HttpRouteSpecRulesBackendRefsFiltersUrlRewritePath#type + * + * Output: + * GET /foo HTTP/1.1 + * my-header: bar + * + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifier#set */ - readonly type: HttpRouteSpecRulesBackendRefsFiltersUrlRewritePathType; + readonly set?: HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierSet[]; } /** - * Converts an object of type 'HttpRouteSpecRulesBackendRefsFiltersUrlRewritePath' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifier' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteSpecRulesBackendRefsFiltersUrlRewritePath(obj: HttpRouteSpecRulesBackendRefsFiltersUrlRewritePath | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifier(obj: HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifier | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'replaceFullPath': obj.replaceFullPath, - 'replacePrefixMatch': obj.replacePrefixMatch, - 'type': obj.type, + 'add': obj.add?.map(y => toJson_HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierAdd(y)), + 'remove': obj.remove?.map(y => y), + 'set': obj.set?.map(y => toJson_HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierSet(y)), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -11495,183 +15394,66 @@ export function toJson_HttpRouteSpecRulesBackendRefsFiltersUrlRewritePath(obj: H /* eslint-enable max-len, quote-props */ /** - * Type defines the type of path modifier. Additional types may be - * added in a future release of the API. - * - * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. - * - * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. - * - * @schema HttpRouteSpecRulesFiltersRequestRedirectPathType - */ -export enum HttpRouteSpecRulesFiltersRequestRedirectPathType { - /** ReplaceFullPath */ - REPLACE_FULL_PATH = "ReplaceFullPath", - /** ReplacePrefixMatch */ - REPLACE_PREFIX_MATCH = "ReplacePrefixMatch", -} - -/** - * Type defines the type of path modifier. Additional types may be - * added in a future release of the API. - * - * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. - * - * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. - * - * @schema HttpRouteSpecRulesFiltersUrlRewritePathType - */ -export enum HttpRouteSpecRulesFiltersUrlRewritePathType { - /** ReplaceFullPath */ - REPLACE_FULL_PATH = "ReplaceFullPath", - /** ReplacePrefixMatch */ - REPLACE_PREFIX_MATCH = "ReplacePrefixMatch", -} - -/** - * Type defines the type of path modifier. Additional types may be - * added in a future release of the API. - * - * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. - * - * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. - * - * @schema HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPathType - */ -export enum HttpRouteSpecRulesBackendRefsFiltersRequestRedirectPathType { - /** ReplaceFullPath */ - REPLACE_FULL_PATH = "ReplaceFullPath", - /** ReplacePrefixMatch */ - REPLACE_PREFIX_MATCH = "ReplacePrefixMatch", -} - -/** - * Type defines the type of path modifier. Additional types may be - * added in a future release of the API. - * + * RequestMirror defines a schema for a filter that mirrors requests. + * Requests are sent to the specified destination, but responses from + * that destination are ignored. * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. * + * This filter can be used multiple times within the same rule. Note that + * not all implementations will be able to support mirroring to multiple + * backends. * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. * - * @schema HttpRouteSpecRulesBackendRefsFiltersUrlRewritePathType - */ -export enum HttpRouteSpecRulesBackendRefsFiltersUrlRewritePathType { - /** ReplaceFullPath */ - REPLACE_FULL_PATH = "ReplaceFullPath", - /** ReplacePrefixMatch */ - REPLACE_PREFIX_MATCH = "ReplacePrefixMatch", -} - - -/** - * HTTPRoute provides a way to route HTTP requests. This includes the capability -to match requests by hostname, path, header, or query param. Filters can be -used to specify additional processing steps. Backends specify where matching -requests should be routed. + * Support: Extended * - * @schema HTTPRouteV1Beta1 + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestMirror */ -export class HttpRouteV1Beta1 extends ApiObject { - /** - * Returns the apiVersion and kind for "HTTPRouteV1Beta1" - */ - public static readonly GVK: GroupVersionKind = { - apiVersion: 'gateway.networking.k8s.io/v1beta1', - kind: 'HTTPRoute', - } - +export interface HttpRouteV1Beta1SpecRulesFiltersRequestMirror { /** - * Renders a Kubernetes manifest for "HTTPRouteV1Beta1". + * BackendRef references a resource where mirrored requests are sent. * - * This can be used to inline resource manifests inside other objects (e.g. as templates). * - * @param props initialization props - */ - public static manifest(props: HttpRouteV1Beta1Props): any { - return { - ...HttpRouteV1Beta1.GVK, - ...toJson_HttpRouteV1Beta1Props(props), - }; - } - - /** - * Defines a "HTTPRouteV1Beta1" API object - * @param scope the scope in which to define this object - * @param id a scope-local name for the object - * @param props initialization props - */ - public constructor(scope: Construct, id: string, props: HttpRouteV1Beta1Props) { - super(scope, id, { - ...HttpRouteV1Beta1.GVK, - ...props, - }); - } - - /** - * Renders the object to Kubernetes JSON. - */ - public toJson(): any { - const resolved = super.toJson(); - - return { - ...HttpRouteV1Beta1.GVK, - ...toJson_HttpRouteV1Beta1Props(resolved), - }; - } -} - -/** - * HTTPRoute provides a way to route HTTP requests. This includes the capability - * to match requests by hostname, path, header, or query param. Filters can be - * used to specify additional processing steps. Backends specify where matching - * requests should be routed. - * - * @schema HTTPRouteV1Beta1 - */ -export interface HttpRouteV1Beta1Props { - /** - * @schema HTTPRouteV1Beta1#metadata - */ - readonly metadata?: ApiObjectMetadata; - - /** - * Spec defines the desired state of HTTPRoute. + * Mirrored requests must be sent only to a single destination endpoint + * within this BackendRef, irrespective of how many endpoints are present + * within this BackendRef. + * + * + * If the referent cannot be found, this BackendRef is invalid and must be + * dropped from the Gateway. The controller must ensure the "ResolvedRefs" + * condition on the Route status is set to `status: False` and not configure + * this backend in the underlying implementation. * - * @schema HTTPRouteV1Beta1#spec + * + * If there is a cross-namespace reference to an *existing* object + * that is not allowed by a ReferenceGrant, the controller must ensure the + * "ResolvedRefs" condition on the Route is set to `status: False`, + * with the "RefNotPermitted" reason and not configure this backend in the + * underlying implementation. + * + * + * In either error case, the Message of the `ResolvedRefs` Condition + * should be used to provide more detail about the problem. + * + * + * Support: Extended for Kubernetes Service + * + * + * Support: Implementation-specific for any other resource + * + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestMirror#backendRef */ - readonly spec: HttpRouteV1Beta1Spec; + readonly backendRef: HttpRouteV1Beta1SpecRulesFiltersRequestMirrorBackendRef; } /** - * Converts an object of type 'HttpRouteV1Beta1Props' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersRequestMirror' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1Props(obj: HttpRouteV1Beta1Props | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesFiltersRequestMirror(obj: HttpRouteV1Beta1SpecRulesFiltersRequestMirror | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'metadata': obj.metadata, - 'spec': toJson_HttpRouteV1Beta1Spec(obj.spec), + 'backendRef': toJson_HttpRouteV1Beta1SpecRulesFiltersRequestMirrorBackendRef(obj.backendRef), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -11679,174 +15461,232 @@ export function toJson_HttpRouteV1Beta1Props(obj: HttpRouteV1Beta1Props | undefi /* eslint-enable max-len, quote-props */ /** - * Spec defines the desired state of HTTPRoute. + * RequestRedirect defines a schema for a filter that responds to the + * request with an HTTP redirection. * - * @schema HttpRouteV1Beta1Spec + * + * Support: Core + * + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirect */ -export interface HttpRouteV1Beta1Spec { +export interface HttpRouteV1Beta1SpecRulesFiltersRequestRedirect { /** - * Hostnames defines a set of hostnames that should match against the HTTP Host - * header to select a HTTPRoute used to process the request. Implementations - * MUST ignore any port value specified in the HTTP Host header while - * performing a match and (absent of any applicable header modification - * configuration) MUST forward this header unmodified to the backend. + * Hostname is the hostname to be used in the value of the `Location` + * header in the response. + * When empty, the hostname in the `Host` header of the request is used. * * - * Valid values for Hostnames are determined by RFC 1123 definition of a - * hostname with 2 notable exceptions: + * Support: Core * + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirect#hostname + */ + readonly hostname?: string; + + /** + * Path defines parameters used to modify the path of the incoming request. + * The modified path is then used to construct the `Location` header. When + * empty, the request path is used as-is. * - * 1. IPs are not allowed. - * 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard - * label must appear by itself as the first label. * + * Support: Extended * - * If a hostname is specified by both the Listener and HTTPRoute, there - * must be at least one intersecting hostname for the HTTPRoute to be - * attached to the Listener. For example: + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirect#path + */ + readonly path?: HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPath; + + /** + * Port is the port to be used in the value of the `Location` + * header in the response. * * - * * A Listener with `test.example.com` as the hostname matches HTTPRoutes - * that have either not specified any hostnames, or have specified at - * least one of `test.example.com` or `*.example.com`. - * * A Listener with `*.example.com` as the hostname matches HTTPRoutes - * that have either not specified any hostnames or have specified at least - * one hostname that matches the Listener hostname. For example, - * `*.example.com`, `test.example.com`, and `foo.test.example.com` would - * all match. On the other hand, `example.com` and `test.example.net` would - * not match. + * If no port is specified, the redirect port MUST be derived using the + * following rules: * * - * Hostnames that are prefixed with a wildcard label (`*.`) are interpreted - * as a suffix match. That means that a match for `*.example.com` would match - * both `test.example.com`, and `foo.test.example.com`, but not `example.com`. + * * If redirect scheme is not-empty, the redirect port MUST be the well-known + * port associated with the redirect scheme. Specifically "http" to port 80 + * and "https" to port 443. If the redirect scheme does not have a + * well-known port, the listener port of the Gateway SHOULD be used. + * * If redirect scheme is empty, the redirect port MUST be the Gateway + * Listener port. * * - * If both the Listener and HTTPRoute have specified hostnames, any - * HTTPRoute hostnames that do not match the Listener hostname MUST be - * ignored. For example, if a Listener specified `*.example.com`, and the - * HTTPRoute specified `test.example.com` and `test.example.net`, - * `test.example.net` must not be considered for a match. + * Implementations SHOULD NOT add the port number in the 'Location' + * header in the following cases: * * - * If both the Listener and HTTPRoute have specified hostnames, and none - * match with the criteria above, then the HTTPRoute is not accepted. The - * implementation must raise an 'Accepted' Condition with a status of - * `False` in the corresponding RouteParentStatus. + * * A Location header that will use HTTP (whether that is determined via + * the Listener protocol or the Scheme field) _and_ use port 80. + * * A Location header that will use HTTPS (whether that is determined via + * the Listener protocol or the Scheme field) _and_ use port 443. * * - * In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. - * overlapping wildcard matching and exact matching hostnames), precedence must - * be given to rules from the HTTPRoute with the largest number of: + * Support: Extended * + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirect#port + */ + readonly port?: number; + + /** + * Scheme is the scheme to be used in the value of the `Location` header in + * the response. When empty, the scheme of the request is used. * - * * Characters in a matching non-wildcard hostname. - * * Characters in a matching hostname. * + * Scheme redirects can affect the port of the redirect, for more information, + * refer to the documentation for the port field of this filter. * - * If ties exist across multiple Routes, the matching precedence rules for - * HTTPRouteMatches takes over. * + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. * - * Support: Core * - * @schema HttpRouteV1Beta1Spec#hostnames + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. + * + * + * Support: Extended + * + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirect#scheme */ - readonly hostnames?: string[]; + readonly scheme?: HttpRouteV1Beta1SpecRulesFiltersRequestRedirectScheme; /** - * ParentRefs references the resources (usually Gateways) that a Route wants - * to be attached to. Note that the referenced parent resource needs to - * allow this for the attachment to be complete. For Gateways, that means - * the Gateway needs to allow attachment from Routes of this kind and - * namespace. For Services, that means the Service must either be in the same - * namespace for a "producer" route, or the mesh implementation must support - * and allow "consumer" routes for the referenced Service. ReferenceGrant is - * not applicable for governing ParentRefs to Services - it is not possible to - * create a "producer" route for a Service in a different namespace from the - * Route. - * + * StatusCode is the HTTP status code to be used in response. * - * There are two kinds of parent resources with "Core" support: * + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. * - * * Gateway (Gateway conformance profile) - * * Service (Mesh conformance profile, ClusterIP Services only) * + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. * - * This API may be extended in the future to support additional kinds of parent - * resources. * + * Support: Core * - * ParentRefs must be _distinct_. This means either that: + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirect#statusCode + */ + readonly statusCode?: HttpRouteV1Beta1SpecRulesFiltersRequestRedirectStatusCode; + +} + +/** + * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersRequestRedirect' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_HttpRouteV1Beta1SpecRulesFiltersRequestRedirect(obj: HttpRouteV1Beta1SpecRulesFiltersRequestRedirect | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'hostname': obj.hostname, + 'path': toJson_HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPath(obj.path), + 'port': obj.port, + 'scheme': obj.scheme, + 'statusCode': obj.statusCode, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ResponseHeaderModifier defines a schema for a filter that modifies response + * headers. + * + * + * Support: Extended + * + * @schema HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifier + */ +export interface HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifier { + /** + * Add adds the given header(s) (name, value) to the request + * before the action. It appends to any existing values associated + * with the header name. * * - * * They select different objects. If this is the case, then parentRef - * entries are distinct. In terms of fields, this means that the - * multi-part key defined by `group`, `kind`, `namespace`, and `name` must - * be unique across all parentRef entries in the Route. - * * They do not select different objects, but for each optional field used, - * each ParentRef that selects the same object must set the same set of - * optional fields to different values. If one ParentRef sets a - * combination of optional fields, all must set the same combination. + * Input: + * GET /foo HTTP/1.1 + * my-header: foo * * - * Some examples: + * Config: + * add: + * - name: "my-header" + * value: "bar,baz" * * - * * If one ParentRef sets `sectionName`, all ParentRefs referencing the - * same object must also set `sectionName`. - * * If one ParentRef sets `port`, all ParentRefs referencing the same - * object must also set `port`. - * * If one ParentRef sets `sectionName` and `port`, all ParentRefs - * referencing the same object must also set `sectionName` and `port`. + * Output: + * GET /foo HTTP/1.1 + * my-header: foo,bar,baz * + * @schema HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifier#add + */ + readonly add?: HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierAdd[]; + + /** + * Remove the given header(s) from the HTTP request before the action. The + * value of Remove is a list of HTTP header names. Note that the header + * names are case-insensitive (see + * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). * - * It is possible to separately reference multiple distinct objects that may - * be collapsed by an implementation. For example, some implementations may - * choose to merge compatible Gateway Listeners together. If that is the - * case, the list of routes attached to those resources should also be - * merged. * + * Input: + * GET /foo HTTP/1.1 + * my-header1: foo + * my-header2: bar + * my-header3: baz * - * Note that for ParentRefs that cross namespace boundaries, there are specific - * rules. Cross-namespace references are only valid if they are explicitly - * allowed by something in the namespace they are referring to. For example, - * Gateway has the AllowedRoutes field, and ReferenceGrant provides a - * generic way to enable other kinds of cross-namespace reference. * + * Config: + * remove: ["my-header1", "my-header3"] * * + * Output: + * GET /foo HTTP/1.1 + * my-header2: bar * + * @schema HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifier#remove + */ + readonly remove?: string[]; + + /** + * Set overwrites the request with the given header (name, value) + * before the action. * * + * Input: + * GET /foo HTTP/1.1 + * my-header: foo * * + * Config: + * set: + * - name: "my-header" + * value: "bar" * * - * @schema HttpRouteV1Beta1Spec#parentRefs - */ - readonly parentRefs?: HttpRouteV1Beta1SpecParentRefs[]; - - /** - * Rules are a list of HTTP matchers, filters and actions. + * Output: + * GET /foo HTTP/1.1 + * my-header: bar * - * @schema HttpRouteV1Beta1Spec#rules + * @schema HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifier#set */ - readonly rules?: HttpRouteV1Beta1SpecRules[]; + readonly set?: HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierSet[]; } /** - * Converts an object of type 'HttpRouteV1Beta1Spec' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifier' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1Spec(obj: HttpRouteV1Beta1Spec | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifier(obj: HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifier | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'hostnames': obj.hostnames?.map(y => y), - 'parentRefs': obj.parentRefs?.map(y => toJson_HttpRouteV1Beta1SpecParentRefs(y)), - 'rules': obj.rules?.map(y => toJson_HttpRouteV1Beta1SpecRules(y)), + 'add': obj.add?.map(y => toJson_HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierAdd(y)), + 'remove': obj.remove?.map(y => y), + 'set': obj.set?.map(y => toJson_HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierSet(y)), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -11854,172 +15694,252 @@ export function toJson_HttpRouteV1Beta1Spec(obj: HttpRouteV1Beta1Spec | undefine /* eslint-enable max-len, quote-props */ /** - * ParentReference identifies an API object (usually a Gateway) that can be considered - * a parent of this resource (usually a route). There are two kinds of parent resources - * with "Core" support: + * Type identifies the type of filter to apply. As with other API fields, + * types are classified into three conformance levels: * * - * * Gateway (Gateway conformance profile) - * * Service (Mesh conformance profile, ClusterIP Services only) + * - Core: Filter types and their corresponding configuration defined by + * "Support: Core" in this package, e.g. "RequestHeaderModifier". All + * implementations must support core filters. * * - * This API may be extended in the future to support additional kinds of parent - * resources. + * - Extended: Filter types and their corresponding configuration defined by + * "Support: Extended" in this package, e.g. "RequestMirror". Implementers + * are encouraged to support extended filters. * * - * The API object must be valid in the cluster; the Group and Kind must - * be registered in the cluster for this reference to be valid. + * - Implementation-specific: Filters that are defined and supported by + * specific vendors. + * In the future, filters showing convergence in behavior across multiple + * implementations will be considered for inclusion in extended or core + * conformance levels. Filter-specific configuration for such filters + * is specified using the ExtensionRef field. `Type` should be set to + * "ExtensionRef" for custom filters. * - * @schema HttpRouteV1Beta1SpecParentRefs + * + * Implementers are encouraged to define custom implementation types to + * extend the core API with implementation-specific behavior. + * + * + * If a reference to a custom filter type cannot be resolved, the filter + * MUST NOT be skipped. Instead, requests that would have been processed by + * that filter MUST receive a HTTP error response. + * + * + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. + * + * + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. + * + * @schema HttpRouteV1Beta1SpecRulesFiltersType */ -export interface HttpRouteV1Beta1SpecParentRefs { +export enum HttpRouteV1Beta1SpecRulesFiltersType { + /** RequestHeaderModifier */ + REQUEST_HEADER_MODIFIER = "RequestHeaderModifier", + /** ResponseHeaderModifier */ + RESPONSE_HEADER_MODIFIER = "ResponseHeaderModifier", + /** RequestMirror */ + REQUEST_MIRROR = "RequestMirror", + /** RequestRedirect */ + REQUEST_REDIRECT = "RequestRedirect", + /** URLRewrite */ + URL_REWRITE = "URLRewrite", + /** ExtensionRef */ + EXTENSION_REF = "ExtensionRef", +} + +/** + * URLRewrite defines a schema for a filter that modifies a request during forwarding. + * + * + * Support: Extended + * + * @schema HttpRouteV1Beta1SpecRulesFiltersUrlRewrite + */ +export interface HttpRouteV1Beta1SpecRulesFiltersUrlRewrite { /** - * Group is the group of the referent. - * When unspecified, "gateway.networking.k8s.io" is inferred. - * To set the core API group (such as for a "Service" kind referent), - * Group must be explicitly set to "" (empty string). + * Hostname is the value to be used to replace the Host header value during + * forwarding. * * - * Support: Core + * Support: Extended * - * @schema HttpRouteV1Beta1SpecParentRefs#group + * @schema HttpRouteV1Beta1SpecRulesFiltersUrlRewrite#hostname */ - readonly group?: string; + readonly hostname?: string; /** - * Kind is kind of the referent. - * - * - * There are two kinds of parent resources with "Core" support: - * - * - * * Gateway (Gateway conformance profile) - * * Service (Mesh conformance profile, ClusterIP Services only) + * Path defines a path rewrite. * * - * Support for other resources is Implementation-Specific. + * Support: Extended * - * @schema HttpRouteV1Beta1SpecParentRefs#kind + * @schema HttpRouteV1Beta1SpecRulesFiltersUrlRewrite#path */ - readonly kind?: string; + readonly path?: HttpRouteV1Beta1SpecRulesFiltersUrlRewritePath; + +} + +/** + * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersUrlRewrite' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_HttpRouteV1Beta1SpecRulesFiltersUrlRewrite(obj: HttpRouteV1Beta1SpecRulesFiltersUrlRewrite | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'hostname': obj.hostname, + 'path': toJson_HttpRouteV1Beta1SpecRulesFiltersUrlRewritePath(obj.path), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ +/** + * HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request + * headers. + * + * @schema HttpRouteV1Beta1SpecRulesMatchesHeaders + */ +export interface HttpRouteV1Beta1SpecRulesMatchesHeaders { /** - * Name is the name of the referent. + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * * - * Support: Core + * If multiple entries specify equivalent header names, only the first + * entry with an equivalent name MUST be considered for a match. Subsequent + * entries with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * - * @schema HttpRouteV1Beta1SpecParentRefs#name + * + * When a header is repeated in an HTTP request, it is + * implementation-specific behavior as to how this is represented. + * Generally, proxies should follow the guidance from the RFC: + * https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding + * processing a repeated header, with special handling for "Set-Cookie". + * + * @schema HttpRouteV1Beta1SpecRulesMatchesHeaders#name */ readonly name: string; /** - * Namespace is the namespace of the referent. When unspecified, this refers - * to the local namespace of the Route. - * + * Type specifies how to match against the value of the header. * - * Note that there are specific rules for ParentRefs which cross namespace - * boundaries. Cross-namespace references are only valid if they are explicitly - * allowed by something in the namespace they are referring to. For example: - * Gateway has the AllowedRoutes field, and ReferenceGrant provides a - * generic way to enable any other kind of cross-namespace reference. * + * Support: Core (Exact) * * + * Support: Implementation-specific (RegularExpression) * * - * Support: Core + * Since RegularExpression HeaderMatchType has implementation-specific + * conformance, implementations can support POSIX, PCRE or any other dialects + * of regular expressions. Please read the implementation's documentation to + * determine the supported dialect. * - * @schema HttpRouteV1Beta1SpecParentRefs#namespace + * @schema HttpRouteV1Beta1SpecRulesMatchesHeaders#type */ - readonly namespace?: string; + readonly type?: HttpRouteV1Beta1SpecRulesMatchesHeadersType; /** - * Port is the network port this Route targets. It can be interpreted - * differently based on the type of parent resource. - * - * - * When the parent resource is a Gateway, this targets all listeners - * listening on the specified port that also support this kind of Route(and - * select this Route). It's not recommended to set `Port` unless the - * networking behaviors specified in a Route must apply to a specific port - * as opposed to a listener(s) whose port(s) may be changed. When both Port - * and SectionName are specified, the name and port of the selected listener - * must match both specified values. - * - * - * - * + * Value is the value of HTTP Header to be matched. * - * Implementations MAY choose to support other parent resources. - * Implementations supporting other types of parent resources MUST clearly - * document how/if Port is interpreted. + * @schema HttpRouteV1Beta1SpecRulesMatchesHeaders#value + */ + readonly value: string; + +} + +/** + * Converts an object of type 'HttpRouteV1Beta1SpecRulesMatchesHeaders' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_HttpRouteV1Beta1SpecRulesMatchesHeaders(obj: HttpRouteV1Beta1SpecRulesMatchesHeaders | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'type': obj.type, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Method specifies HTTP method matcher. + * When specified, this route will be matched only if the request has the + * specified method. + * + * + * Support: Extended + * + * @schema HttpRouteV1Beta1SpecRulesMatchesMethod + */ +export enum HttpRouteV1Beta1SpecRulesMatchesMethod { + /** GET */ + GET = "GET", + /** HEAD */ + HEAD = "HEAD", + /** POST */ + POST = "POST", + /** PUT */ + PUT = "PUT", + /** DELETE */ + DELETE = "DELETE", + /** CONNECT */ + CONNECT = "CONNECT", + /** OPTIONS */ + OPTIONS = "OPTIONS", + /** TRACE */ + TRACE = "TRACE", + /** PATCH */ + PATCH = "PATCH", +} + +/** + * Path specifies a HTTP request path matcher. If this field is not + * specified, a default prefix match on the "/" path is provided. + * + * @schema HttpRouteV1Beta1SpecRulesMatchesPath + */ +export interface HttpRouteV1Beta1SpecRulesMatchesPath { + /** + * Type specifies how to match against the path Value. * * - * For the purpose of status, an attachment is considered successful as - * long as the parent resource accepts it partially. For example, Gateway - * listeners can restrict which Routes can attach to them by Route kind, - * namespace, or hostname. If 1 of 2 Gateway listeners accept attachment - * from the referencing Route, the Route MUST be considered successfully - * attached. If no Gateway listeners accept attachment from this Route, - * the Route MUST be considered detached from the Gateway. + * Support: Core (Exact, PathPrefix) * * - * Support: Extended + * Support: Implementation-specific (RegularExpression) * - * @schema HttpRouteV1Beta1SpecParentRefs#port + * @schema HttpRouteV1Beta1SpecRulesMatchesPath#type */ - readonly port?: number; + readonly type?: HttpRouteV1Beta1SpecRulesMatchesPathType; /** - * SectionName is the name of a section within the target resource. In the - * following resources, SectionName is interpreted as the following: - * - * - * * Gateway: Listener name. When both Port (experimental) and SectionName - * are specified, the name and port of the selected listener must match - * both specified values. - * * Service: Port name. When both Port (experimental) and SectionName - * are specified, the name and port of the selected listener must match - * both specified values. - * - * - * Implementations MAY choose to support attaching Routes to other resources. - * If that is the case, they MUST clearly document how SectionName is - * interpreted. - * - * - * When unspecified (empty string), this will reference the entire resource. - * For the purpose of status, an attachment is considered successful if at - * least one section in the parent resource accepts it. For example, Gateway - * listeners can restrict which Routes can attach to them by Route kind, - * namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from - * the referencing Route, the Route MUST be considered successfully - * attached. If no Gateway listeners accept attachment from this Route, the - * Route MUST be considered detached from the Gateway. - * - * - * Support: Core + * Value of the HTTP path to match against. * - * @schema HttpRouteV1Beta1SpecParentRefs#sectionName + * @schema HttpRouteV1Beta1SpecRulesMatchesPath#value */ - readonly sectionName?: string; + readonly value?: string; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecParentRefs' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesMatchesPath' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecParentRefs(obj: HttpRouteV1Beta1SpecParentRefs | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesMatchesPath(obj: HttpRouteV1Beta1SpecRulesMatchesPath | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'group': obj.group, - 'kind': obj.kind, - 'name': obj.name, - 'namespace': obj.namespace, - 'port': obj.port, - 'sectionName': obj.sectionName, + 'type': obj.type, + 'value': obj.value, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -12027,195 +15947,129 @@ export function toJson_HttpRouteV1Beta1SpecParentRefs(obj: HttpRouteV1Beta1SpecP /* eslint-enable max-len, quote-props */ /** - * HTTPRouteRule defines semantics for matching an HTTP request based on - * conditions (matches), processing it (filters), and forwarding the request to - * an API object (backendRefs). + * HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP + * query parameters. * - * @schema HttpRouteV1Beta1SpecRules + * @schema HttpRouteV1Beta1SpecRulesMatchesQueryParams */ -export interface HttpRouteV1Beta1SpecRules { +export interface HttpRouteV1Beta1SpecRulesMatchesQueryParams { /** - * BackendRefs defines the backend(s) where matching requests should be - * sent. - * - * - * Failure behavior here depends on how many BackendRefs are specified and - * how many are invalid. - * - * - * If *all* entries in BackendRefs are invalid, and there are also no filters - * specified in this route rule, *all* traffic which matches this rule MUST - * receive a 500 status code. - * - * - * See the HTTPBackendRef definition for the rules about what makes a single - * HTTPBackendRef invalid. - * - * - * When a HTTPBackendRef is invalid, 500 status codes MUST be returned for - * requests that would have otherwise been routed to an invalid backend. If - * multiple backends are specified, and some are invalid, the proportion of - * requests that would otherwise have been routed to an invalid backend - * MUST receive a 500 status code. - * - * - * For example, if two backends are specified with equal weights, and one is - * invalid, 50 percent of traffic must receive a 500. Implementations may - * choose how that 50 percent is determined. - * - * - * Support: Core for Kubernetes Service + * Name is the name of the HTTP query param to be matched. This must be an + * exact string match. (See + * https://tools.ietf.org/html/rfc7230#section-2.7.3). * * - * Support: Extended for Kubernetes ServiceImport + * If multiple entries specify equivalent query param names, only the first + * entry with an equivalent name MUST be considered for a match. Subsequent + * entries with an equivalent query param name MUST be ignored. * * - * Support: Implementation-specific for any other resource + * If a query param is repeated in an HTTP request, the behavior is + * purposely left undefined, since different data planes have different + * capabilities. However, it is *recommended* that implementations should + * match against the first value of the param if the data plane supports it, + * as this behavior is expected in other load balancing contexts outside of + * the Gateway API. * * - * Support for weight: Core + * Users SHOULD NOT route traffic based on repeated query params to guard + * themselves against potential differences in the implementations. * - * @schema HttpRouteV1Beta1SpecRules#backendRefs + * @schema HttpRouteV1Beta1SpecRulesMatchesQueryParams#name */ - readonly backendRefs?: HttpRouteV1Beta1SpecRulesBackendRefs[]; + readonly name: string; /** - * Filters define the filters that are applied to requests that match - * this rule. - * - * - * Wherever possible, implementations SHOULD implement filters in the order - * they are specified. - * - * - * Implementations MAY choose to implement this ordering strictly, rejecting - * any combination or order of filters that can not be supported. If implementations - * choose a strict interpretation of filter ordering, they MUST clearly document - * that behavior. - * - * - * To reject an invalid combination or order of filters, implementations SHOULD - * consider the Route Rules with this configuration invalid. If all Route Rules - * in a Route are invalid, the entire Route would be considered invalid. If only - * a portion of Route Rules are invalid, implementations MUST set the - * "PartiallyInvalid" condition for the Route. - * - * - * Conformance-levels at this level are defined based on the type of filter: - * - * - * - ALL core filters MUST be supported by all implementations. - * - Implementers are encouraged to support extended filters. - * - Implementation-specific custom filters have no API guarantees across - * implementations. + * Type specifies how to match against the value of the query parameter. * * - * Specifying the same filter multiple times is not supported unless explicitly - * indicated in the filter. + * Support: Extended (Exact) * * - * All filters are expected to be compatible with each other except for the - * URLRewrite and RequestRedirect filters, which may not be combined. If an - * implementation can not support other combinations of filters, they must clearly - * document that limitation. In cases where incompatible or unsupported - * filters are specified and cause the `Accepted` condition to be set to status - * `False`, implementations may use the `IncompatibleFilters` reason to specify - * this configuration error. + * Support: Implementation-specific (RegularExpression) * * - * Support: Core + * Since RegularExpression QueryParamMatchType has Implementation-specific + * conformance, implementations can support POSIX, PCRE or any other + * dialects of regular expressions. Please read the implementation's + * documentation to determine the supported dialect. * - * @schema HttpRouteV1Beta1SpecRules#filters + * @schema HttpRouteV1Beta1SpecRulesMatchesQueryParams#type */ - readonly filters?: HttpRouteV1Beta1SpecRulesFilters[]; + readonly type?: HttpRouteV1Beta1SpecRulesMatchesQueryParamsType; /** - * Matches define conditions used for matching the rule against incoming - * HTTP requests. Each match is independent, i.e. this rule will be matched - * if **any** one of the matches is satisfied. - * - * - * For example, take the following matches configuration: - * - * - * ``` - * matches: - * - path: - * value: "/foo" - * headers: - * - name: "version" - * value: "v2" - * - path: - * value: "/v2/foo" - * ``` - * - * - * For a request to match against this rule, a request must satisfy - * EITHER of the two conditions: - * - * - * - path prefixed with `/foo` AND contains the header `version: v2` - * - path prefix of `/v2/foo` - * - * - * See the documentation for HTTPRouteMatch on how to specify multiple - * match conditions that should be ANDed together. - * - * - * If no matches are specified, the default is a prefix - * path match on "/", which has the effect of matching every - * HTTP request. - * - * - * Proxy or Load Balancer routing configuration generated from HTTPRoutes - * MUST prioritize matches based on the following criteria, continuing on - * ties. Across all rules specified on applicable Routes, precedence must be - * given to the match having: - * - * - * * "Exact" path match. - * * "Prefix" path match with largest number of characters. - * * Method match. - * * Largest number of header matches. - * * Largest number of query param matches. - * + * Value is the value of HTTP query param to be matched. * - * Note: The precedence of RegularExpression path matches are implementation-specific. + * @schema HttpRouteV1Beta1SpecRulesMatchesQueryParams#value + */ + readonly value: string; + +} + +/** + * Converts an object of type 'HttpRouteV1Beta1SpecRulesMatchesQueryParams' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_HttpRouteV1Beta1SpecRulesMatchesQueryParams(obj: HttpRouteV1Beta1SpecRulesMatchesQueryParams | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'type': obj.type, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * CookieConfig provides configuration settings that are specific + * to cookie-based session persistence. + * + * + * Support: Core + * + * @schema HttpRouteV1Beta1SpecRulesSessionPersistenceCookieConfig + */ +export interface HttpRouteV1Beta1SpecRulesSessionPersistenceCookieConfig { + /** + * LifetimeType specifies whether the cookie has a permanent or + * session-based lifetime. A permanent cookie persists until its + * specified expiry time, defined by the Expires or Max-Age cookie + * attributes, while a session cookie is deleted when the current + * session ends. * * - * If ties still exist across multiple Routes, matching precedence MUST be - * determined in order of the following criteria, continuing on ties: + * When set to "Permanent", AbsoluteTimeout indicates the + * cookie's lifetime via the Expires or Max-Age cookie attributes + * and is required. * * - * * The oldest Route based on creation timestamp. - * * The Route appearing first in alphabetical order by - * "{namespace}/{name}". + * When set to "Session", AbsoluteTimeout indicates the + * absolute lifetime of the cookie tracked by the gateway and + * is optional. * * - * If ties still exist within an HTTPRoute, matching precedence MUST be granted - * to the FIRST matching rule (in list order) with a match meeting the above - * criteria. + * Support: Core for "Session" type * * - * When no rules matching a request have been successfully attached to the - * parent a request is coming from, a HTTP 404 status code MUST be returned. + * Support: Extended for "Permanent" type * - * @schema HttpRouteV1Beta1SpecRules#matches + * @schema HttpRouteV1Beta1SpecRulesSessionPersistenceCookieConfig#lifetimeType */ - readonly matches?: HttpRouteV1Beta1SpecRulesMatches[]; + readonly lifetimeType?: HttpRouteV1Beta1SpecRulesSessionPersistenceCookieConfigLifetimeType; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRules' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesSessionPersistenceCookieConfig' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRules(obj: HttpRouteV1Beta1SpecRules | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesSessionPersistenceCookieConfig(obj: HttpRouteV1Beta1SpecRulesSessionPersistenceCookieConfig | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'backendRefs': obj.backendRefs?.map(y => toJson_HttpRouteV1Beta1SpecRulesBackendRefs(y)), - 'filters': obj.filters?.map(y => toJson_HttpRouteV1Beta1SpecRulesFilters(y)), - 'matches': obj.matches?.map(y => toJson_HttpRouteV1Beta1SpecRulesMatches(y)), + 'lifetimeType': obj.lifetimeType, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -12223,158 +16077,75 @@ export function toJson_HttpRouteV1Beta1SpecRules(obj: HttpRouteV1Beta1SpecRules /* eslint-enable max-len, quote-props */ /** - * HTTPBackendRef defines how a HTTPRoute forwards a HTTP request. - * - * - * Note that when a namespace different than the local namespace is specified, a - * ReferenceGrant object is required in the referent namespace to allow that - * namespace's owner to accept the reference. See the ReferenceGrant - * documentation for details. - * + * Type defines the type of session persistence such as through + * the use a header or cookie. Defaults to cookie based session + * persistence. * - * - * - * - * When the BackendRef points to a Kubernetes Service, implementations SHOULD - * honor the appProtocol field if it is set for the target Service Port. * + * Support: Core for "Cookie" type * - * Implementations supporting appProtocol SHOULD recognize the Kubernetes - * Standard Application Protocols defined in KEP-3726. * + * Support: Extended for "Header" type * - * If a Service appProtocol isn't specified, an implementation MAY infer the - * backend protocol through its own means. Implementations MAY infer the - * protocol from the Route type referring to the backend Service. + * @default cookie based session + * @schema HttpRouteV1Beta1SpecRulesSessionPersistenceType + */ +export enum HttpRouteV1Beta1SpecRulesSessionPersistenceType { + /** Cookie */ + COOKIE = "Cookie", + /** Header */ + HEADER = "Header", +} + +/** + * ExtensionRef is an optional, implementation-specific extension to the + * "filter" behavior. For example, resource "myroutefilter" in group + * "networking.example.net"). ExtensionRef MUST NOT be used for core and + * extended filters. * * - * If a Route is not able to send traffic to the backend using the specified - * protocol then the backend is considered invalid. Implementations MUST set the - * "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason. + * This filter can be used multiple times within the same rule. * * - * + * Support: Implementation-specific * - * @schema HttpRouteV1Beta1SpecRulesBackendRefs + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersExtensionRef */ -export interface HttpRouteV1Beta1SpecRulesBackendRefs { - /** - * Filters defined at this level should be executed if and only if the - * request is being forwarded to the backend defined here. - * - * - * Support: Implementation-specific (For broader support of filters, use the - * Filters field in HTTPRouteRule.) - * - * @schema HttpRouteV1Beta1SpecRulesBackendRefs#filters - */ - readonly filters?: HttpRouteV1Beta1SpecRulesBackendRefsFilters[]; - +export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersExtensionRef { /** * Group is the group of the referent. For example, "gateway.networking.k8s.io". * When unspecified or empty string, core API group is inferred. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefs#group + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersExtensionRef#group */ - readonly group?: string; + readonly group: string; /** - * Kind is the Kubernetes resource kind of the referent. For example - * "Service". - * - * - * Defaults to "Service" when not specified. - * - * - * ExternalName services can refer to CNAME DNS records that may live - * outside of the cluster and as such are difficult to reason about in - * terms of conformance. They also may not be safe to forward to (see - * CVE-2021-25740 for more information). Implementations SHOULD NOT - * support ExternalName Services. - * - * - * Support: Core (Services with a type other than ExternalName) - * - * - * Support: Implementation-specific (Services with type ExternalName) + * Kind is kind of the referent. For example "HTTPRoute" or "Service". * - * @default Service" when not specified. - * @schema HttpRouteV1Beta1SpecRulesBackendRefs#kind + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersExtensionRef#kind */ - readonly kind?: string; + readonly kind: string; /** * Name is the name of the referent. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefs#name + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersExtensionRef#name */ readonly name: string; - /** - * Namespace is the namespace of the backend. When unspecified, the local - * namespace is inferred. - * - * - * Note that when a namespace different than the local namespace is specified, - * a ReferenceGrant object is required in the referent namespace to allow that - * namespace's owner to accept the reference. See the ReferenceGrant - * documentation for details. - * - * - * Support: Core - * - * @schema HttpRouteV1Beta1SpecRulesBackendRefs#namespace - */ - readonly namespace?: string; - - /** - * Port specifies the destination port number to use for this resource. - * Port is required when the referent is a Kubernetes Service. In this - * case, the port number is the service port number, not the target port. - * For other resources, destination port might be derived from the referent - * resource or this field. - * - * @schema HttpRouteV1Beta1SpecRulesBackendRefs#port - */ - readonly port?: number; - - /** - * Weight specifies the proportion of requests forwarded to the referenced - * backend. This is computed as weight/(sum of all weights in this - * BackendRefs list). For non-zero values, there may be some epsilon from - * the exact proportion defined here depending on the precision an - * implementation supports. Weight is not a percentage and the sum of - * weights does not need to equal 100. - * - * - * If only one backend is specified and it has a weight greater than 0, 100% - * of the traffic is forwarded to that backend. If weight is set to 0, no - * traffic should be forwarded for this entry. If unspecified, weight - * defaults to 1. - * - * - * Support for this field varies based on the context where used. - * - * @schema HttpRouteV1Beta1SpecRulesBackendRefs#weight - */ - readonly weight?: number; - } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefs' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersExtensionRef' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesBackendRefs(obj: HttpRouteV1Beta1SpecRulesBackendRefs | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersExtensionRef(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersExtensionRef | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'filters': obj.filters?.map(y => toJson_HttpRouteV1Beta1SpecRulesBackendRefsFilters(y)), 'group': obj.group, 'kind': obj.kind, 'name': obj.name, - 'namespace': obj.namespace, - 'port': obj.port, - 'weight': obj.weight, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -12382,153 +16153,102 @@ export function toJson_HttpRouteV1Beta1SpecRulesBackendRefs(obj: HttpRouteV1Beta /* eslint-enable max-len, quote-props */ /** - * HTTPRouteFilter defines processing steps that must be completed during the - * request or response lifecycle. HTTPRouteFilters are meant as an extension - * point to express processing that may be done in Gateway implementations. Some - * examples include request or response modification, implementing - * authentication strategies, rate-limiting, and traffic shaping. API - * guarantee/conformance is defined based on the type of the filter. + * RequestHeaderModifier defines a schema for a filter that modifies request + * headers. * - * @schema HttpRouteV1Beta1SpecRulesFilters + * + * Support: Core + * + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifier */ -export interface HttpRouteV1Beta1SpecRulesFilters { - /** - * ExtensionRef is an optional, implementation-specific extension to the - * "filter" behavior. For example, resource "myroutefilter" in group - * "networking.example.net"). ExtensionRef MUST NOT be used for core and - * extended filters. - * - * - * This filter can be used multiple times within the same rule. - * - * - * Support: Implementation-specific - * - * @schema HttpRouteV1Beta1SpecRulesFilters#extensionRef - */ - readonly extensionRef?: HttpRouteV1Beta1SpecRulesFiltersExtensionRef; - - /** - * RequestHeaderModifier defines a schema for a filter that modifies request - * headers. - * - * - * Support: Core - * - * @schema HttpRouteV1Beta1SpecRulesFilters#requestHeaderModifier - */ - readonly requestHeaderModifier?: HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifier; - - /** - * RequestMirror defines a schema for a filter that mirrors requests. - * Requests are sent to the specified destination, but responses from - * that destination are ignored. - * - * - * This filter can be used multiple times within the same rule. Note that - * not all implementations will be able to support mirroring to multiple - * backends. - * - * - * Support: Extended - * - * @schema HttpRouteV1Beta1SpecRulesFilters#requestMirror - */ - readonly requestMirror?: HttpRouteV1Beta1SpecRulesFiltersRequestMirror; - - /** - * RequestRedirect defines a schema for a filter that responds to the - * request with an HTTP redirection. - * - * - * Support: Core - * - * @schema HttpRouteV1Beta1SpecRulesFilters#requestRedirect - */ - readonly requestRedirect?: HttpRouteV1Beta1SpecRulesFiltersRequestRedirect; - - /** - * ResponseHeaderModifier defines a schema for a filter that modifies response - * headers. - * - * - * Support: Extended - * - * @schema HttpRouteV1Beta1SpecRulesFilters#responseHeaderModifier - */ - readonly responseHeaderModifier?: HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifier; - +export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifier { /** - * Type identifies the type of filter to apply. As with other API fields, - * types are classified into three conformance levels: - * + * Add adds the given header(s) (name, value) to the request + * before the action. It appends to any existing values associated + * with the header name. * - * - Core: Filter types and their corresponding configuration defined by - * "Support: Core" in this package, e.g. "RequestHeaderModifier". All - * implementations must support core filters. * + * Input: + * GET /foo HTTP/1.1 + * my-header: foo * - * - Extended: Filter types and their corresponding configuration defined by - * "Support: Extended" in this package, e.g. "RequestMirror". Implementers - * are encouraged to support extended filters. * + * Config: + * add: + * - name: "my-header" + * value: "bar,baz" * - * - Implementation-specific: Filters that are defined and supported by - * specific vendors. - * In the future, filters showing convergence in behavior across multiple - * implementations will be considered for inclusion in extended or core - * conformance levels. Filter-specific configuration for such filters - * is specified using the ExtensionRef field. `Type` should be set to - * "ExtensionRef" for custom filters. * + * Output: + * GET /foo HTTP/1.1 + * my-header: foo,bar,baz * - * Implementers are encouraged to define custom implementation types to - * extend the core API with implementation-specific behavior. + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifier#add + */ + readonly add?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierAdd[]; + + /** + * Remove the given header(s) from the HTTP request before the action. The + * value of Remove is a list of HTTP header names. Note that the header + * names are case-insensitive (see + * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). * * - * If a reference to a custom filter type cannot be resolved, the filter - * MUST NOT be skipped. Instead, requests that would have been processed by - * that filter MUST receive a HTTP error response. + * Input: + * GET /foo HTTP/1.1 + * my-header1: foo + * my-header2: bar + * my-header3: baz * * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. + * Config: + * remove: ["my-header1", "my-header3"] * * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. + * Output: + * GET /foo HTTP/1.1 + * my-header2: bar * - * @schema HttpRouteV1Beta1SpecRulesFilters#type + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifier#remove */ - readonly type: HttpRouteV1Beta1SpecRulesFiltersType; + readonly remove?: string[]; /** - * URLRewrite defines a schema for a filter that modifies a request during forwarding. + * Set overwrites the request with the given header (name, value) + * before the action. * * - * Support: Extended + * Input: + * GET /foo HTTP/1.1 + * my-header: foo * - * @schema HttpRouteV1Beta1SpecRulesFilters#urlRewrite + * + * Config: + * set: + * - name: "my-header" + * value: "bar" + * + * + * Output: + * GET /foo HTTP/1.1 + * my-header: bar + * + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifier#set */ - readonly urlRewrite?: HttpRouteV1Beta1SpecRulesFiltersUrlRewrite; + readonly set?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierSet[]; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesFilters' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifier' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesFilters(obj: HttpRouteV1Beta1SpecRulesFilters | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifier(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifier | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'extensionRef': toJson_HttpRouteV1Beta1SpecRulesFiltersExtensionRef(obj.extensionRef), - 'requestHeaderModifier': toJson_HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifier(obj.requestHeaderModifier), - 'requestMirror': toJson_HttpRouteV1Beta1SpecRulesFiltersRequestMirror(obj.requestMirror), - 'requestRedirect': toJson_HttpRouteV1Beta1SpecRulesFiltersRequestRedirect(obj.requestRedirect), - 'responseHeaderModifier': toJson_HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifier(obj.responseHeaderModifier), - 'type': obj.type, - 'urlRewrite': toJson_HttpRouteV1Beta1SpecRulesFiltersUrlRewrite(obj.urlRewrite), + 'add': obj.add?.map(y => toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierAdd(y)), + 'remove': obj.remove?.map(y => y), + 'set': obj.set?.map(y => toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierSet(y)), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -12536,85 +16256,66 @@ export function toJson_HttpRouteV1Beta1SpecRulesFilters(obj: HttpRouteV1Beta1Spe /* eslint-enable max-len, quote-props */ /** - * HTTPRouteMatch defines the predicate used to match requests to a given - * action. Multiple match types are ANDed together, i.e. the match will - * evaluate to true only if all conditions are satisfied. - * - * - * For example, the match below will match a HTTP request only if its path - * starts with `/foo` AND it contains the `version: v1` header: - * - * - * ``` - * match: + * RequestMirror defines a schema for a filter that mirrors requests. + * Requests are sent to the specified destination, but responses from + * that destination are ignored. * * - * path: - * value: "/foo" - * headers: - * - name: "version" - * value "v1" + * This filter can be used multiple times within the same rule. Note that + * not all implementations will be able to support mirroring to multiple + * backends. * * - * ``` + * Support: Extended * - * @schema HttpRouteV1Beta1SpecRulesMatches + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirror */ -export interface HttpRouteV1Beta1SpecRulesMatches { +export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirror { /** - * Headers specifies HTTP request header matchers. Multiple match values are - * ANDed together, meaning, a request must match all the specified headers - * to select the route. + * BackendRef references a resource where mirrored requests are sent. * - * @schema HttpRouteV1Beta1SpecRulesMatches#headers - */ - readonly headers?: HttpRouteV1Beta1SpecRulesMatchesHeaders[]; - - /** - * Method specifies HTTP method matcher. - * When specified, this route will be matched only if the request has the - * specified method. + * + * Mirrored requests must be sent only to a single destination endpoint + * within this BackendRef, irrespective of how many endpoints are present + * within this BackendRef. * * - * Support: Extended + * If the referent cannot be found, this BackendRef is invalid and must be + * dropped from the Gateway. The controller must ensure the "ResolvedRefs" + * condition on the Route status is set to `status: False` and not configure + * this backend in the underlying implementation. * - * @schema HttpRouteV1Beta1SpecRulesMatches#method - */ - readonly method?: HttpRouteV1Beta1SpecRulesMatchesMethod; - - /** - * Path specifies a HTTP request path matcher. If this field is not - * specified, a default prefix match on the "/" path is provided. * - * @schema HttpRouteV1Beta1SpecRulesMatches#path - */ - readonly path?: HttpRouteV1Beta1SpecRulesMatchesPath; - - /** - * QueryParams specifies HTTP query parameter matchers. Multiple match - * values are ANDed together, meaning, a request must match all the - * specified query parameters to select the route. + * If there is a cross-namespace reference to an *existing* object + * that is not allowed by a ReferenceGrant, the controller must ensure the + * "ResolvedRefs" condition on the Route is set to `status: False`, + * with the "RefNotPermitted" reason and not configure this backend in the + * underlying implementation. * * - * Support: Extended + * In either error case, the Message of the `ResolvedRefs` Condition + * should be used to provide more detail about the problem. * - * @schema HttpRouteV1Beta1SpecRulesMatches#queryParams + * + * Support: Extended for Kubernetes Service + * + * + * Support: Implementation-specific for any other resource + * + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirror#backendRef */ - readonly queryParams?: HttpRouteV1Beta1SpecRulesMatchesQueryParams[]; + readonly backendRef: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirrorBackendRef; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesMatches' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirror' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesMatches(obj: HttpRouteV1Beta1SpecRulesMatches | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirror(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirror | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'headers': obj.headers?.map(y => toJson_HttpRouteV1Beta1SpecRulesMatchesHeaders(y)), - 'method': obj.method, - 'path': toJson_HttpRouteV1Beta1SpecRulesMatchesPath(obj.path), - 'queryParams': obj.queryParams?.map(y => toJson_HttpRouteV1Beta1SpecRulesMatchesQueryParams(y)), + 'backendRef': toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirrorBackendRef(obj.backendRef), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -12622,113 +16323,98 @@ export function toJson_HttpRouteV1Beta1SpecRulesMatches(obj: HttpRouteV1Beta1Spe /* eslint-enable max-len, quote-props */ /** - * HTTPRouteFilter defines processing steps that must be completed during the - * request or response lifecycle. HTTPRouteFilters are meant as an extension - * point to express processing that may be done in Gateway implementations. Some - * examples include request or response modification, implementing - * authentication strategies, rate-limiting, and traffic shaping. API - * guarantee/conformance is defined based on the type of the filter. + * RequestRedirect defines a schema for a filter that responds to the + * request with an HTTP redirection. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFilters + * + * Support: Core + * + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirect */ -export interface HttpRouteV1Beta1SpecRulesBackendRefsFilters { +export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirect { /** - * ExtensionRef is an optional, implementation-specific extension to the - * "filter" behavior. For example, resource "myroutefilter" in group - * "networking.example.net"). ExtensionRef MUST NOT be used for core and - * extended filters. - * - * - * This filter can be used multiple times within the same rule. + * Hostname is the hostname to be used in the value of the `Location` + * header in the response. + * When empty, the hostname in the `Host` header of the request is used. * * - * Support: Implementation-specific + * Support: Core * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFilters#extensionRef + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirect#hostname */ - readonly extensionRef?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersExtensionRef; + readonly hostname?: string; /** - * RequestHeaderModifier defines a schema for a filter that modifies request - * headers. + * Path defines parameters used to modify the path of the incoming request. + * The modified path is then used to construct the `Location` header. When + * empty, the request path is used as-is. * * - * Support: Core + * Support: Extended * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFilters#requestHeaderModifier + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirect#path */ - readonly requestHeaderModifier?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifier; + readonly path?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPath; /** - * RequestMirror defines a schema for a filter that mirrors requests. - * Requests are sent to the specified destination, but responses from - * that destination are ignored. + * Port is the port to be used in the value of the `Location` + * header in the response. * * - * This filter can be used multiple times within the same rule. Note that - * not all implementations will be able to support mirroring to multiple - * backends. + * If no port is specified, the redirect port MUST be derived using the + * following rules: * * - * Support: Extended + * * If redirect scheme is not-empty, the redirect port MUST be the well-known + * port associated with the redirect scheme. Specifically "http" to port 80 + * and "https" to port 443. If the redirect scheme does not have a + * well-known port, the listener port of the Gateway SHOULD be used. + * * If redirect scheme is empty, the redirect port MUST be the Gateway + * Listener port. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFilters#requestMirror - */ - readonly requestMirror?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirror; - - /** - * RequestRedirect defines a schema for a filter that responds to the - * request with an HTTP redirection. * + * Implementations SHOULD NOT add the port number in the 'Location' + * header in the following cases: * - * Support: Core * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFilters#requestRedirect - */ - readonly requestRedirect?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirect; - - /** - * ResponseHeaderModifier defines a schema for a filter that modifies response - * headers. + * * A Location header that will use HTTP (whether that is determined via + * the Listener protocol or the Scheme field) _and_ use port 80. + * * A Location header that will use HTTPS (whether that is determined via + * the Listener protocol or the Scheme field) _and_ use port 443. * * * Support: Extended * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFilters#responseHeaderModifier + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirect#port */ - readonly responseHeaderModifier?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifier; + readonly port?: number; /** - * Type identifies the type of filter to apply. As with other API fields, - * types are classified into three conformance levels: - * + * Scheme is the scheme to be used in the value of the `Location` header in + * the response. When empty, the scheme of the request is used. * - * - Core: Filter types and their corresponding configuration defined by - * "Support: Core" in this package, e.g. "RequestHeaderModifier". All - * implementations must support core filters. * + * Scheme redirects can affect the port of the redirect, for more information, + * refer to the documentation for the port field of this filter. * - * - Extended: Filter types and their corresponding configuration defined by - * "Support: Extended" in this package, e.g. "RequestMirror". Implementers - * are encouraged to support extended filters. * + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. * - * - Implementation-specific: Filters that are defined and supported by - * specific vendors. - * In the future, filters showing convergence in behavior across multiple - * implementations will be considered for inclusion in extended or core - * conformance levels. Filter-specific configuration for such filters - * is specified using the ExtensionRef field. `Type` should be set to - * "ExtensionRef" for custom filters. * + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. * - * Implementers are encouraged to define custom implementation types to - * extend the core API with implementation-specific behavior. * + * Support: Extended * - * If a reference to a custom filter type cannot be resolved, the filter - * MUST NOT be skipped. Instead, requests that would have been processed by - * that filter MUST receive a HTTP error response. + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirect#scheme + */ + readonly scheme?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectScheme; + + /** + * StatusCode is the HTTP status code to be used in response. * * * Note that values may be added to this enum, implementations @@ -12739,36 +16425,27 @@ export interface HttpRouteV1Beta1SpecRulesBackendRefsFilters { * Accepted Condition for the Route to `status: False`, with a * Reason of `UnsupportedValue`. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFilters#type - */ - readonly type: HttpRouteV1Beta1SpecRulesBackendRefsFiltersType; - - /** - * URLRewrite defines a schema for a filter that modifies a request during forwarding. - * * - * Support: Extended + * Support: Core * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFilters#urlRewrite + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirect#statusCode */ - readonly urlRewrite?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewrite; + readonly statusCode?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectStatusCode; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFilters' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirect' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFilters(obj: HttpRouteV1Beta1SpecRulesBackendRefsFilters | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirect(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirect | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'extensionRef': toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersExtensionRef(obj.extensionRef), - 'requestHeaderModifier': toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifier(obj.requestHeaderModifier), - 'requestMirror': toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirror(obj.requestMirror), - 'requestRedirect': toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirect(obj.requestRedirect), - 'responseHeaderModifier': toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifier(obj.responseHeaderModifier), - 'type': obj.type, - 'urlRewrite': toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewrite(obj.urlRewrite), + 'hostname': obj.hostname, + 'path': toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPath(obj.path), + 'port': obj.port, + 'scheme': obj.scheme, + 'statusCode': obj.statusCode, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -12776,54 +16453,102 @@ export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFilters(obj: HttpRout /* eslint-enable max-len, quote-props */ /** - * ExtensionRef is an optional, implementation-specific extension to the - * "filter" behavior. For example, resource "myroutefilter" in group - * "networking.example.net"). ExtensionRef MUST NOT be used for core and - * extended filters. - * - * - * This filter can be used multiple times within the same rule. + * ResponseHeaderModifier defines a schema for a filter that modifies response + * headers. * * - * Support: Implementation-specific + * Support: Extended * - * @schema HttpRouteV1Beta1SpecRulesFiltersExtensionRef + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifier */ -export interface HttpRouteV1Beta1SpecRulesFiltersExtensionRef { +export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifier { /** - * Group is the group of the referent. For example, "gateway.networking.k8s.io". - * When unspecified or empty string, core API group is inferred. + * Add adds the given header(s) (name, value) to the request + * before the action. It appends to any existing values associated + * with the header name. * - * @schema HttpRouteV1Beta1SpecRulesFiltersExtensionRef#group + * + * Input: + * GET /foo HTTP/1.1 + * my-header: foo + * + * + * Config: + * add: + * - name: "my-header" + * value: "bar,baz" + * + * + * Output: + * GET /foo HTTP/1.1 + * my-header: foo,bar,baz + * + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifier#add */ - readonly group: string; + readonly add?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierAdd[]; /** - * Kind is kind of the referent. For example "HTTPRoute" or "Service". + * Remove the given header(s) from the HTTP request before the action. The + * value of Remove is a list of HTTP header names. Note that the header + * names are case-insensitive (see + * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). * - * @schema HttpRouteV1Beta1SpecRulesFiltersExtensionRef#kind + * + * Input: + * GET /foo HTTP/1.1 + * my-header1: foo + * my-header2: bar + * my-header3: baz + * + * + * Config: + * remove: ["my-header1", "my-header3"] + * + * + * Output: + * GET /foo HTTP/1.1 + * my-header2: bar + * + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifier#remove */ - readonly kind: string; + readonly remove?: string[]; /** - * Name is the name of the referent. + * Set overwrites the request with the given header (name, value) + * before the action. * - * @schema HttpRouteV1Beta1SpecRulesFiltersExtensionRef#name + * + * Input: + * GET /foo HTTP/1.1 + * my-header: foo + * + * + * Config: + * set: + * - name: "my-header" + * value: "bar" + * + * + * Output: + * GET /foo HTTP/1.1 + * my-header: bar + * + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifier#set */ - readonly name: string; + readonly set?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierSet[]; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersExtensionRef' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifier' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesFiltersExtensionRef(obj: HttpRouteV1Beta1SpecRulesFiltersExtensionRef | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifier(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifier | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'group': obj.group, - 'kind': obj.kind, - 'name': obj.name, + 'add': obj.add?.map(y => toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierAdd(y)), + 'remove': obj.remove?.map(y => y), + 'set': obj.set?.map(y => toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierSet(y)), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -12831,102 +16556,104 @@ export function toJson_HttpRouteV1Beta1SpecRulesFiltersExtensionRef(obj: HttpRou /* eslint-enable max-len, quote-props */ /** - * RequestHeaderModifier defines a schema for a filter that modifies request - * headers. + * Type identifies the type of filter to apply. As with other API fields, + * types are classified into three conformance levels: * * - * Support: Core + * - Core: Filter types and their corresponding configuration defined by + * "Support: Core" in this package, e.g. "RequestHeaderModifier". All + * implementations must support core filters. * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifier + * + * - Extended: Filter types and their corresponding configuration defined by + * "Support: Extended" in this package, e.g. "RequestMirror". Implementers + * are encouraged to support extended filters. + * + * + * - Implementation-specific: Filters that are defined and supported by + * specific vendors. + * In the future, filters showing convergence in behavior across multiple + * implementations will be considered for inclusion in extended or core + * conformance levels. Filter-specific configuration for such filters + * is specified using the ExtensionRef field. `Type` should be set to + * "ExtensionRef" for custom filters. + * + * + * Implementers are encouraged to define custom implementation types to + * extend the core API with implementation-specific behavior. + * + * + * If a reference to a custom filter type cannot be resolved, the filter + * MUST NOT be skipped. Instead, requests that would have been processed by + * that filter MUST receive a HTTP error response. + * + * + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. + * + * + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. + * + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersType */ -export interface HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifier { - /** - * Add adds the given header(s) (name, value) to the request - * before the action. It appends to any existing values associated - * with the header name. - * - * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo - * - * - * Config: - * add: - * - name: "my-header" - * value: "bar,baz" - * - * - * Output: - * GET /foo HTTP/1.1 - * my-header: foo,bar,baz - * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifier#add - */ - readonly add?: HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierAdd[]; +export enum HttpRouteV1Beta1SpecRulesBackendRefsFiltersType { + /** RequestHeaderModifier */ + REQUEST_HEADER_MODIFIER = "RequestHeaderModifier", + /** ResponseHeaderModifier */ + RESPONSE_HEADER_MODIFIER = "ResponseHeaderModifier", + /** RequestMirror */ + REQUEST_MIRROR = "RequestMirror", + /** RequestRedirect */ + REQUEST_REDIRECT = "RequestRedirect", + /** URLRewrite */ + URL_REWRITE = "URLRewrite", + /** ExtensionRef */ + EXTENSION_REF = "ExtensionRef", +} +/** + * URLRewrite defines a schema for a filter that modifies a request during forwarding. + * + * + * Support: Extended + * + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewrite + */ +export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewrite { /** - * Remove the given header(s) from the HTTP request before the action. The - * value of Remove is a list of HTTP header names. Note that the header - * names are case-insensitive (see - * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). - * - * - * Input: - * GET /foo HTTP/1.1 - * my-header1: foo - * my-header2: bar - * my-header3: baz - * - * - * Config: - * remove: ["my-header1", "my-header3"] + * Hostname is the value to be used to replace the Host header value during + * forwarding. * * - * Output: - * GET /foo HTTP/1.1 - * my-header2: bar + * Support: Extended * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifier#remove + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewrite#hostname */ - readonly remove?: string[]; + readonly hostname?: string; /** - * Set overwrites the request with the given header (name, value) - * before the action. - * - * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo - * - * - * Config: - * set: - * - name: "my-header" - * value: "bar" + * Path defines a path rewrite. * * - * Output: - * GET /foo HTTP/1.1 - * my-header: bar + * Support: Extended * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifier#set + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewrite#path */ - readonly set?: HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierSet[]; + readonly path?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePath; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifier' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewrite' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifier(obj: HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifier | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewrite(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewrite | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'add': obj.add?.map(y => toJson_HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierAdd(y)), - 'remove': obj.remove?.map(y => y), - 'set': obj.set?.map(y => toJson_HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierSet(y)), + 'hostname': obj.hostname, + 'path': toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePath(obj.path), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -12934,66 +16661,44 @@ export function toJson_HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifier(obj /* eslint-enable max-len, quote-props */ /** - * RequestMirror defines a schema for a filter that mirrors requests. - * Requests are sent to the specified destination, but responses from - * that destination are ignored. - * - * - * This filter can be used multiple times within the same rule. Note that - * not all implementations will be able to support mirroring to multiple - * backends. - * - * - * Support: Extended + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestMirror + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierAdd */ -export interface HttpRouteV1Beta1SpecRulesFiltersRequestMirror { +export interface HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierAdd { /** - * BackendRef references a resource where mirrored requests are sent. - * - * - * Mirrored requests must be sent only to a single destination endpoint - * within this BackendRef, irrespective of how many endpoints are present - * within this BackendRef. - * - * - * If the referent cannot be found, this BackendRef is invalid and must be - * dropped from the Gateway. The controller must ensure the "ResolvedRefs" - * condition on the Route status is set to `status: False` and not configure - * this backend in the underlying implementation. - * - * - * If there is a cross-namespace reference to an *existing* object - * that is not allowed by a ReferenceGrant, the controller must ensure the - * "ResolvedRefs" condition on the Route is set to `status: False`, - * with the "RefNotPermitted" reason and not configure this backend in the - * underlying implementation. - * - * - * In either error case, the Message of the `ResolvedRefs` Condition - * should be used to provide more detail about the problem. - * + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * - * Support: Extended for Kubernetes Service * + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * - * Support: Implementation-specific for any other resource + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierAdd#name + */ + readonly name: string; + + /** + * Value is the value of HTTP Header to be matched. * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestMirror#backendRef + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierAdd#value */ - readonly backendRef: HttpRouteV1Beta1SpecRulesFiltersRequestMirrorBackendRef; + readonly value: string; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersRequestMirror' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierAdd' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesFiltersRequestMirror(obj: HttpRouteV1Beta1SpecRulesFiltersRequestMirror | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierAdd(obj: HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierAdd | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'backendRef': toJson_HttpRouteV1Beta1SpecRulesFiltersRequestMirrorBackendRef(obj.backendRef), + 'name': obj.name, + 'value': obj.value, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -13001,129 +16706,166 @@ export function toJson_HttpRouteV1Beta1SpecRulesFiltersRequestMirror(obj: HttpRo /* eslint-enable max-len, quote-props */ /** - * RequestRedirect defines a schema for a filter that responds to the - * request with an HTTP redirection. - * - * - * Support: Core + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirect + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierSet */ -export interface HttpRouteV1Beta1SpecRulesFiltersRequestRedirect { +export interface HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierSet { /** - * Hostname is the hostname to be used in the value of the `Location` - * header in the response. - * When empty, the hostname in the `Host` header of the request is used. + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * * - * Support: Core + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirect#hostname + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierSet#name */ - readonly hostname?: string; + readonly name: string; /** - * Path defines parameters used to modify the path of the incoming request. - * The modified path is then used to construct the `Location` header. When - * empty, the request path is used as-is. - * - * - * Support: Extended + * Value is the value of HTTP Header to be matched. * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirect#path + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierSet#value */ - readonly path?: HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPath; + readonly value: string; + +} + +/** + * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierSet' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierSet(obj: HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierSet | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ +/** + * BackendRef references a resource where mirrored requests are sent. + * + * + * Mirrored requests must be sent only to a single destination endpoint + * within this BackendRef, irrespective of how many endpoints are present + * within this BackendRef. + * + * + * If the referent cannot be found, this BackendRef is invalid and must be + * dropped from the Gateway. The controller must ensure the "ResolvedRefs" + * condition on the Route status is set to `status: False` and not configure + * this backend in the underlying implementation. + * + * + * If there is a cross-namespace reference to an *existing* object + * that is not allowed by a ReferenceGrant, the controller must ensure the + * "ResolvedRefs" condition on the Route is set to `status: False`, + * with the "RefNotPermitted" reason and not configure this backend in the + * underlying implementation. + * + * + * In either error case, the Message of the `ResolvedRefs` Condition + * should be used to provide more detail about the problem. + * + * + * Support: Extended for Kubernetes Service + * + * + * Support: Implementation-specific for any other resource + * + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestMirrorBackendRef + */ +export interface HttpRouteV1Beta1SpecRulesFiltersRequestMirrorBackendRef { /** - * Port is the port to be used in the value of the `Location` - * header in the response. - * - * - * If no port is specified, the redirect port MUST be derived using the - * following rules: - * - * - * * If redirect scheme is not-empty, the redirect port MUST be the well-known - * port associated with the redirect scheme. Specifically "http" to port 80 - * and "https" to port 443. If the redirect scheme does not have a - * well-known port, the listener port of the Gateway SHOULD be used. - * * If redirect scheme is empty, the redirect port MUST be the Gateway - * Listener port. - * - * - * Implementations SHOULD NOT add the port number in the 'Location' - * header in the following cases: - * - * - * * A Location header that will use HTTP (whether that is determined via - * the Listener protocol or the Scheme field) _and_ use port 80. - * * A Location header that will use HTTPS (whether that is determined via - * the Listener protocol or the Scheme field) _and_ use port 443. - * - * - * Support: Extended + * Group is the group of the referent. For example, "gateway.networking.k8s.io". + * When unspecified or empty string, core API group is inferred. * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirect#port + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestMirrorBackendRef#group */ - readonly port?: number; + readonly group?: string; /** - * Scheme is the scheme to be used in the value of the `Location` header in - * the response. When empty, the scheme of the request is used. + * Kind is the Kubernetes resource kind of the referent. For example + * "Service". * * - * Scheme redirects can affect the port of the redirect, for more information, - * refer to the documentation for the port field of this filter. + * Defaults to "Service" when not specified. * * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. + * ExternalName services can refer to CNAME DNS records that may live + * outside of the cluster and as such are difficult to reason about in + * terms of conformance. They also may not be safe to forward to (see + * CVE-2021-25740 for more information). Implementations SHOULD NOT + * support ExternalName Services. * * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. + * Support: Core (Services with a type other than ExternalName) * * - * Support: Extended + * Support: Implementation-specific (Services with type ExternalName) * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirect#scheme + * @default Service" when not specified. + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestMirrorBackendRef#kind */ - readonly scheme?: HttpRouteV1Beta1SpecRulesFiltersRequestRedirectScheme; + readonly kind?: string; /** - * StatusCode is the HTTP status code to be used in response. - * + * Name is the name of the referent. * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestMirrorBackendRef#name + */ + readonly name: string; + + /** + * Namespace is the namespace of the backend. When unspecified, the local + * namespace is inferred. * * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. + * Note that when a namespace different than the local namespace is specified, + * a ReferenceGrant object is required in the referent namespace to allow that + * namespace's owner to accept the reference. See the ReferenceGrant + * documentation for details. * * * Support: Core * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirect#statusCode + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestMirrorBackendRef#namespace */ - readonly statusCode?: HttpRouteV1Beta1SpecRulesFiltersRequestRedirectStatusCode; + readonly namespace?: string; + + /** + * Port specifies the destination port number to use for this resource. + * Port is required when the referent is a Kubernetes Service. In this + * case, the port number is the service port number, not the target port. + * For other resources, destination port might be derived from the referent + * resource or this field. + * + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestMirrorBackendRef#port + */ + readonly port?: number; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersRequestRedirect' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersRequestMirrorBackendRef' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesFiltersRequestRedirect(obj: HttpRouteV1Beta1SpecRulesFiltersRequestRedirect | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesFiltersRequestMirrorBackendRef(obj: HttpRouteV1Beta1SpecRulesFiltersRequestMirrorBackendRef | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'hostname': obj.hostname, - 'path': toJson_HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPath(obj.path), + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + 'namespace': obj.namespace, 'port': obj.port, - 'scheme': obj.scheme, - 'statusCode': obj.statusCode, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -13131,102 +16873,90 @@ export function toJson_HttpRouteV1Beta1SpecRulesFiltersRequestRedirect(obj: Http /* eslint-enable max-len, quote-props */ /** - * ResponseHeaderModifier defines a schema for a filter that modifies response - * headers. + * Path defines parameters used to modify the path of the incoming request. + * The modified path is then used to construct the `Location` header. When + * empty, the request path is used as-is. * * * Support: Extended * - * @schema HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifier + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPath */ -export interface HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifier { +export interface HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPath { /** - * Add adds the given header(s) (name, value) to the request - * before the action. It appends to any existing values associated - * with the header name. - * - * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo - * - * - * Config: - * add: - * - name: "my-header" - * value: "bar,baz" - * - * - * Output: - * GET /foo HTTP/1.1 - * my-header: foo,bar,baz + * ReplaceFullPath specifies the value with which to replace the full path + * of a request during a rewrite or redirect. * - * @schema HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifier#add + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPath#replaceFullPath */ - readonly add?: HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierAdd[]; + readonly replaceFullPath?: string; /** - * Remove the given header(s) from the HTTP request before the action. The - * value of Remove is a list of HTTP header names. Note that the header - * names are case-insensitive (see - * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + * ReplacePrefixMatch specifies the value with which to replace the prefix + * match of a request during a rewrite or redirect. For example, a request + * to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch + * of "/xyz" would be modified to "/xyz/bar". * * - * Input: - * GET /foo HTTP/1.1 - * my-header1: foo - * my-header2: bar - * my-header3: baz + * Note that this matches the behavior of the PathPrefix match type. This + * matches full path elements. A path element refers to the list of labels + * in the path split by the `/` separator. When specified, a trailing `/` is + * ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all + * match the prefix `/abc`, but the path `/abcd` would not. * * - * Config: - * remove: ["my-header1", "my-header3"] + * ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. + * Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in + * the implementation setting the Accepted Condition for the Route to `status: False`. * * - * Output: - * GET /foo HTTP/1.1 - * my-header2: bar + * Request Path | Prefix Match | Replace Prefix | Modified Path + * -------------|--------------|----------------|---------- + * /foo/bar | /foo | /xyz | /xyz/bar + * /foo/bar | /foo | /xyz/ | /xyz/bar + * /foo/bar | /foo/ | /xyz | /xyz/bar + * /foo/bar | /foo/ | /xyz/ | /xyz/bar + * /foo | /foo | /xyz | /xyz + * /foo/ | /foo | /xyz | /xyz/ + * /foo/bar | /foo | | /bar + * /foo/ | /foo | | / + * /foo | /foo | | / + * /foo/ | /foo | / | / + * /foo | /foo | / | / * - * @schema HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifier#remove + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPath#replacePrefixMatch */ - readonly remove?: string[]; + readonly replacePrefixMatch?: string; /** - * Set overwrites the request with the given header (name, value) - * before the action. - * - * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo + * Type defines the type of path modifier. Additional types may be + * added in a future release of the API. * * - * Config: - * set: - * - name: "my-header" - * value: "bar" + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. * * - * Output: - * GET /foo HTTP/1.1 - * my-header: bar + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. * - * @schema HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifier#set + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPath#type */ - readonly set?: HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierSet[]; + readonly type: HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPathType; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifier' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPath' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifier(obj: HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifier | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPath(obj: HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPath | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'add': obj.add?.map(y => toJson_HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierAdd(y)), - 'remove': obj.remove?.map(y => y), - 'set': obj.set?.map(y => toJson_HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierSet(y)), + 'replaceFullPath': obj.replaceFullPath, + 'replacePrefixMatch': obj.replacePrefixMatch, + 'type': obj.type, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -13234,36 +16964,36 @@ export function toJson_HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifier(ob /* eslint-enable max-len, quote-props */ /** - * Type identifies the type of filter to apply. As with other API fields, - * types are classified into three conformance levels: - * + * Scheme is the scheme to be used in the value of the `Location` header in + * the response. When empty, the scheme of the request is used. * - * - Core: Filter types and their corresponding configuration defined by - * "Support: Core" in this package, e.g. "RequestHeaderModifier". All - * implementations must support core filters. * + * Scheme redirects can affect the port of the redirect, for more information, + * refer to the documentation for the port field of this filter. * - * - Extended: Filter types and their corresponding configuration defined by - * "Support: Extended" in this package, e.g. "RequestMirror". Implementers - * are encouraged to support extended filters. * + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. * - * - Implementation-specific: Filters that are defined and supported by - * specific vendors. - * In the future, filters showing convergence in behavior across multiple - * implementations will be considered for inclusion in extended or core - * conformance levels. Filter-specific configuration for such filters - * is specified using the ExtensionRef field. `Type` should be set to - * "ExtensionRef" for custom filters. * + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. * - * Implementers are encouraged to define custom implementation types to - * extend the core API with implementation-specific behavior. * + * Support: Extended * - * If a reference to a custom filter type cannot be resolved, the filter - * MUST NOT be skipped. Instead, requests that would have been processed by - * that filter MUST receive a HTTP error response. + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirectScheme + */ +export enum HttpRouteV1Beta1SpecRulesFiltersRequestRedirectScheme { + /** http */ + HTTP = "http", + /** https */ + HTTPS = "https", +} + +/** + * StatusCode is the HTTP status code to be used in response. * * * Note that values may be added to this enum, implementations @@ -13274,64 +17004,57 @@ export function toJson_HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifier(ob * Accepted Condition for the Route to `status: False`, with a * Reason of `UnsupportedValue`. * - * @schema HttpRouteV1Beta1SpecRulesFiltersType + * + * Support: Core + * + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirectStatusCode */ -export enum HttpRouteV1Beta1SpecRulesFiltersType { - /** RequestHeaderModifier */ - REQUEST_HEADER_MODIFIER = "RequestHeaderModifier", - /** ResponseHeaderModifier */ - RESPONSE_HEADER_MODIFIER = "ResponseHeaderModifier", - /** RequestMirror */ - REQUEST_MIRROR = "RequestMirror", - /** RequestRedirect */ - REQUEST_REDIRECT = "RequestRedirect", - /** URLRewrite */ - URL_REWRITE = "URLRewrite", - /** ExtensionRef */ - EXTENSION_REF = "ExtensionRef", +export enum HttpRouteV1Beta1SpecRulesFiltersRequestRedirectStatusCode { + /** 301 */ + VALUE_301 = 301, + /** 302 */ + VALUE_302 = 302, } /** - * URLRewrite defines a schema for a filter that modifies a request during forwarding. - * - * - * Support: Extended + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. * - * @schema HttpRouteV1Beta1SpecRulesFiltersUrlRewrite + * @schema HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierAdd */ -export interface HttpRouteV1Beta1SpecRulesFiltersUrlRewrite { +export interface HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierAdd { /** - * Hostname is the value to be used to replace the Host header value during - * forwarding. + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * * - * Support: Extended + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * - * @schema HttpRouteV1Beta1SpecRulesFiltersUrlRewrite#hostname + * @schema HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierAdd#name */ - readonly hostname?: string; + readonly name: string; /** - * Path defines a path rewrite. - * - * - * Support: Extended + * Value is the value of HTTP Header to be matched. * - * @schema HttpRouteV1Beta1SpecRulesFiltersUrlRewrite#path + * @schema HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierAdd#value */ - readonly path?: HttpRouteV1Beta1SpecRulesFiltersUrlRewritePath; + readonly value: string; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersUrlRewrite' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierAdd' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesFiltersUrlRewrite(obj: HttpRouteV1Beta1SpecRulesFiltersUrlRewrite | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierAdd(obj: HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierAdd | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'hostname': obj.hostname, - 'path': toJson_HttpRouteV1Beta1SpecRulesFiltersUrlRewritePath(obj.path), + 'name': obj.name, + 'value': obj.value, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -13339,72 +17062,133 @@ export function toJson_HttpRouteV1Beta1SpecRulesFiltersUrlRewrite(obj: HttpRoute /* eslint-enable max-len, quote-props */ /** - * HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request - * headers. + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. * - * @schema HttpRouteV1Beta1SpecRulesMatchesHeaders + * @schema HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierSet */ -export interface HttpRouteV1Beta1SpecRulesMatchesHeaders { +export interface HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierSet { /** * Name is the name of the HTTP Header to be matched. Name matching MUST be * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * * - * If multiple entries specify equivalent header names, only the first - * entry with an equivalent name MUST be considered for a match. Subsequent - * entries with an equivalent header name MUST be ignored. Due to the + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the * case-insensitivity of header names, "foo" and "Foo" are considered * equivalent. * + * @schema HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierSet#name + */ + readonly name: string; + + /** + * Value is the value of HTTP Header to be matched. * - * When a header is repeated in an HTTP request, it is - * implementation-specific behavior as to how this is represented. - * Generally, proxies should follow the guidance from the RFC: - * https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding - * processing a repeated header, with special handling for "Set-Cookie". + * @schema HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierSet#value + */ + readonly value: string; + +} + +/** + * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierSet' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierSet(obj: HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierSet | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Path defines a path rewrite. + * + * + * Support: Extended + * + * @schema HttpRouteV1Beta1SpecRulesFiltersUrlRewritePath + */ +export interface HttpRouteV1Beta1SpecRulesFiltersUrlRewritePath { + /** + * ReplaceFullPath specifies the value with which to replace the full path + * of a request during a rewrite or redirect. * - * @schema HttpRouteV1Beta1SpecRulesMatchesHeaders#name + * @schema HttpRouteV1Beta1SpecRulesFiltersUrlRewritePath#replaceFullPath */ - readonly name: string; + readonly replaceFullPath?: string; /** - * Type specifies how to match against the value of the header. + * ReplacePrefixMatch specifies the value with which to replace the prefix + * match of a request during a rewrite or redirect. For example, a request + * to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch + * of "/xyz" would be modified to "/xyz/bar". * * - * Support: Core (Exact) + * Note that this matches the behavior of the PathPrefix match type. This + * matches full path elements. A path element refers to the list of labels + * in the path split by the `/` separator. When specified, a trailing `/` is + * ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all + * match the prefix `/abc`, but the path `/abcd` would not. * * - * Support: Implementation-specific (RegularExpression) + * ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. + * Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in + * the implementation setting the Accepted Condition for the Route to `status: False`. * * - * Since RegularExpression HeaderMatchType has implementation-specific - * conformance, implementations can support POSIX, PCRE or any other dialects - * of regular expressions. Please read the implementation's documentation to - * determine the supported dialect. + * Request Path | Prefix Match | Replace Prefix | Modified Path + * -------------|--------------|----------------|---------- + * /foo/bar | /foo | /xyz | /xyz/bar + * /foo/bar | /foo | /xyz/ | /xyz/bar + * /foo/bar | /foo/ | /xyz | /xyz/bar + * /foo/bar | /foo/ | /xyz/ | /xyz/bar + * /foo | /foo | /xyz | /xyz + * /foo/ | /foo | /xyz | /xyz/ + * /foo/bar | /foo | | /bar + * /foo/ | /foo | | / + * /foo | /foo | | / + * /foo/ | /foo | / | / + * /foo | /foo | / | / * - * @schema HttpRouteV1Beta1SpecRulesMatchesHeaders#type + * @schema HttpRouteV1Beta1SpecRulesFiltersUrlRewritePath#replacePrefixMatch */ - readonly type?: HttpRouteV1Beta1SpecRulesMatchesHeadersType; + readonly replacePrefixMatch?: string; /** - * Value is the value of HTTP Header to be matched. + * Type defines the type of path modifier. Additional types may be + * added in a future release of the API. * - * @schema HttpRouteV1Beta1SpecRulesMatchesHeaders#value + * + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. + * + * + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. + * + * @schema HttpRouteV1Beta1SpecRulesFiltersUrlRewritePath#type */ - readonly value: string; + readonly type: HttpRouteV1Beta1SpecRulesFiltersUrlRewritePathType; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesMatchesHeaders' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersUrlRewritePath' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesMatchesHeaders(obj: HttpRouteV1Beta1SpecRulesMatchesHeaders | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesFiltersUrlRewritePath(obj: HttpRouteV1Beta1SpecRulesFiltersUrlRewritePath | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'name': obj.name, + 'replaceFullPath': obj.replaceFullPath, + 'replacePrefixMatch': obj.replacePrefixMatch, 'type': obj.type, - 'value': obj.value, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -13412,73 +17196,143 @@ export function toJson_HttpRouteV1Beta1SpecRulesMatchesHeaders(obj: HttpRouteV1B /* eslint-enable max-len, quote-props */ /** - * Method specifies HTTP method matcher. - * When specified, this route will be matched only if the request has the - * specified method. + * Type specifies how to match against the value of the header. * * - * Support: Extended + * Support: Core (Exact) * - * @schema HttpRouteV1Beta1SpecRulesMatchesMethod + * + * Support: Implementation-specific (RegularExpression) + * + * + * Since RegularExpression HeaderMatchType has implementation-specific + * conformance, implementations can support POSIX, PCRE or any other dialects + * of regular expressions. Please read the implementation's documentation to + * determine the supported dialect. + * + * @schema HttpRouteV1Beta1SpecRulesMatchesHeadersType */ -export enum HttpRouteV1Beta1SpecRulesMatchesMethod { - /** GET */ - GET = "GET", - /** HEAD */ - HEAD = "HEAD", - /** POST */ - POST = "POST", - /** PUT */ - PUT = "PUT", - /** DELETE */ - DELETE = "DELETE", - /** CONNECT */ - CONNECT = "CONNECT", - /** OPTIONS */ - OPTIONS = "OPTIONS", - /** TRACE */ - TRACE = "TRACE", - /** PATCH */ - PATCH = "PATCH", +export enum HttpRouteV1Beta1SpecRulesMatchesHeadersType { + /** Exact */ + EXACT = "Exact", + /** RegularExpression */ + REGULAR_EXPRESSION = "RegularExpression", } /** - * Path specifies a HTTP request path matcher. If this field is not - * specified, a default prefix match on the "/" path is provided. + * Type specifies how to match against the path Value. * - * @schema HttpRouteV1Beta1SpecRulesMatchesPath + * + * Support: Core (Exact, PathPrefix) + * + * + * Support: Implementation-specific (RegularExpression) + * + * @schema HttpRouteV1Beta1SpecRulesMatchesPathType */ -export interface HttpRouteV1Beta1SpecRulesMatchesPath { +export enum HttpRouteV1Beta1SpecRulesMatchesPathType { + /** Exact */ + EXACT = "Exact", + /** PathPrefix */ + PATH_PREFIX = "PathPrefix", + /** RegularExpression */ + REGULAR_EXPRESSION = "RegularExpression", +} + +/** + * Type specifies how to match against the value of the query parameter. + * + * + * Support: Extended (Exact) + * + * + * Support: Implementation-specific (RegularExpression) + * + * + * Since RegularExpression QueryParamMatchType has Implementation-specific + * conformance, implementations can support POSIX, PCRE or any other + * dialects of regular expressions. Please read the implementation's + * documentation to determine the supported dialect. + * + * @schema HttpRouteV1Beta1SpecRulesMatchesQueryParamsType + */ +export enum HttpRouteV1Beta1SpecRulesMatchesQueryParamsType { + /** Exact */ + EXACT = "Exact", + /** RegularExpression */ + REGULAR_EXPRESSION = "RegularExpression", +} + +/** + * LifetimeType specifies whether the cookie has a permanent or + * session-based lifetime. A permanent cookie persists until its + * specified expiry time, defined by the Expires or Max-Age cookie + * attributes, while a session cookie is deleted when the current + * session ends. + * + * + * When set to "Permanent", AbsoluteTimeout indicates the + * cookie's lifetime via the Expires or Max-Age cookie attributes + * and is required. + * + * + * When set to "Session", AbsoluteTimeout indicates the + * absolute lifetime of the cookie tracked by the gateway and + * is optional. + * + * + * Support: Core for "Session" type + * + * + * Support: Extended for "Permanent" type + * + * @schema HttpRouteV1Beta1SpecRulesSessionPersistenceCookieConfigLifetimeType + */ +export enum HttpRouteV1Beta1SpecRulesSessionPersistenceCookieConfigLifetimeType { + /** Permanent */ + PERMANENT = "Permanent", + /** Session */ + SESSION = "Session", +} + +/** + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierAdd + */ +export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierAdd { /** - * Type specifies how to match against the path Value. - * - * - * Support: Core (Exact, PathPrefix) + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * * - * Support: Implementation-specific (RegularExpression) + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * - * @schema HttpRouteV1Beta1SpecRulesMatchesPath#type + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierAdd#name */ - readonly type?: HttpRouteV1Beta1SpecRulesMatchesPathType; + readonly name: string; /** - * Value of the HTTP path to match against. + * Value is the value of HTTP Header to be matched. * - * @schema HttpRouteV1Beta1SpecRulesMatchesPath#value + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierAdd#value */ - readonly value?: string; + readonly value: string; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesMatchesPath' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierAdd' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesMatchesPath(obj: HttpRouteV1Beta1SpecRulesMatchesPath | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierAdd(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierAdd | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'type': obj.type, + 'name': obj.name, 'value': obj.value, }; // filter undefined values @@ -13487,75 +17341,43 @@ export function toJson_HttpRouteV1Beta1SpecRulesMatchesPath(obj: HttpRouteV1Beta /* eslint-enable max-len, quote-props */ /** - * HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP - * query parameters. + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. * - * @schema HttpRouteV1Beta1SpecRulesMatchesQueryParams + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierSet */ -export interface HttpRouteV1Beta1SpecRulesMatchesQueryParams { +export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierSet { /** - * Name is the name of the HTTP query param to be matched. This must be an - * exact string match. (See - * https://tools.ietf.org/html/rfc7230#section-2.7.3). - * - * - * If multiple entries specify equivalent query param names, only the first - * entry with an equivalent name MUST be considered for a match. Subsequent - * entries with an equivalent query param name MUST be ignored. - * - * - * If a query param is repeated in an HTTP request, the behavior is - * purposely left undefined, since different data planes have different - * capabilities. However, it is *recommended* that implementations should - * match against the first value of the param if the data plane supports it, - * as this behavior is expected in other load balancing contexts outside of - * the Gateway API. + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * * - * Users SHOULD NOT route traffic based on repeated query params to guard - * themselves against potential differences in the implementations. + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * - * @schema HttpRouteV1Beta1SpecRulesMatchesQueryParams#name + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierSet#name */ readonly name: string; /** - * Type specifies how to match against the value of the query parameter. - * - * - * Support: Extended (Exact) - * - * - * Support: Implementation-specific (RegularExpression) - * - * - * Since RegularExpression QueryParamMatchType has Implementation-specific - * conformance, implementations can support POSIX, PCRE or any other - * dialects of regular expressions. Please read the implementation's - * documentation to determine the supported dialect. - * - * @schema HttpRouteV1Beta1SpecRulesMatchesQueryParams#type - */ - readonly type?: HttpRouteV1Beta1SpecRulesMatchesQueryParamsType; - - /** - * Value is the value of HTTP query param to be matched. + * Value is the value of HTTP Header to be matched. * - * @schema HttpRouteV1Beta1SpecRulesMatchesQueryParams#value + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierSet#value */ readonly value: string; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesMatchesQueryParams' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierSet' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesMatchesQueryParams(obj: HttpRouteV1Beta1SpecRulesMatchesQueryParams | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierSet(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierSet | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { 'name': obj.name, - 'type': obj.type, 'value': obj.value, }; // filter undefined values @@ -13564,54 +17386,121 @@ export function toJson_HttpRouteV1Beta1SpecRulesMatchesQueryParams(obj: HttpRout /* eslint-enable max-len, quote-props */ /** - * ExtensionRef is an optional, implementation-specific extension to the - * "filter" behavior. For example, resource "myroutefilter" in group - * "networking.example.net"). ExtensionRef MUST NOT be used for core and - * extended filters. + * BackendRef references a resource where mirrored requests are sent. * * - * This filter can be used multiple times within the same rule. + * Mirrored requests must be sent only to a single destination endpoint + * within this BackendRef, irrespective of how many endpoints are present + * within this BackendRef. * * - * Support: Implementation-specific + * If the referent cannot be found, this BackendRef is invalid and must be + * dropped from the Gateway. The controller must ensure the "ResolvedRefs" + * condition on the Route status is set to `status: False` and not configure + * this backend in the underlying implementation. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersExtensionRef + * + * If there is a cross-namespace reference to an *existing* object + * that is not allowed by a ReferenceGrant, the controller must ensure the + * "ResolvedRefs" condition on the Route is set to `status: False`, + * with the "RefNotPermitted" reason and not configure this backend in the + * underlying implementation. + * + * + * In either error case, the Message of the `ResolvedRefs` Condition + * should be used to provide more detail about the problem. + * + * + * Support: Extended for Kubernetes Service + * + * + * Support: Implementation-specific for any other resource + * + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirrorBackendRef */ -export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersExtensionRef { +export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirrorBackendRef { /** * Group is the group of the referent. For example, "gateway.networking.k8s.io". * When unspecified or empty string, core API group is inferred. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersExtensionRef#group + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirrorBackendRef#group */ - readonly group: string; + readonly group?: string; /** - * Kind is kind of the referent. For example "HTTPRoute" or "Service". + * Kind is the Kubernetes resource kind of the referent. For example + * "Service". * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersExtensionRef#kind + * + * Defaults to "Service" when not specified. + * + * + * ExternalName services can refer to CNAME DNS records that may live + * outside of the cluster and as such are difficult to reason about in + * terms of conformance. They also may not be safe to forward to (see + * CVE-2021-25740 for more information). Implementations SHOULD NOT + * support ExternalName Services. + * + * + * Support: Core (Services with a type other than ExternalName) + * + * + * Support: Implementation-specific (Services with type ExternalName) + * + * @default Service" when not specified. + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirrorBackendRef#kind */ - readonly kind: string; + readonly kind?: string; /** * Name is the name of the referent. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersExtensionRef#name + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirrorBackendRef#name */ readonly name: string; + /** + * Namespace is the namespace of the backend. When unspecified, the local + * namespace is inferred. + * + * + * Note that when a namespace different than the local namespace is specified, + * a ReferenceGrant object is required in the referent namespace to allow that + * namespace's owner to accept the reference. See the ReferenceGrant + * documentation for details. + * + * + * Support: Core + * + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirrorBackendRef#namespace + */ + readonly namespace?: string; + + /** + * Port specifies the destination port number to use for this resource. + * Port is required when the referent is a Kubernetes Service. In this + * case, the port number is the service port number, not the target port. + * For other resources, destination port might be derived from the referent + * resource or this field. + * + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirrorBackendRef#port + */ + readonly port?: number; + } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersExtensionRef' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirrorBackendRef' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersExtensionRef(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersExtensionRef | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirrorBackendRef(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirrorBackendRef | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { 'group': obj.group, 'kind': obj.kind, 'name': obj.name, + 'namespace': obj.namespace, + 'port': obj.port, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -13619,102 +17508,90 @@ export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersExtensionRef(o /* eslint-enable max-len, quote-props */ /** - * RequestHeaderModifier defines a schema for a filter that modifies request - * headers. + * Path defines parameters used to modify the path of the incoming request. + * The modified path is then used to construct the `Location` header. When + * empty, the request path is used as-is. * * - * Support: Core + * Support: Extended * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifier + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPath */ -export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifier { +export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPath { /** - * Add adds the given header(s) (name, value) to the request - * before the action. It appends to any existing values associated - * with the header name. - * - * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo - * - * - * Config: - * add: - * - name: "my-header" - * value: "bar,baz" - * - * - * Output: - * GET /foo HTTP/1.1 - * my-header: foo,bar,baz + * ReplaceFullPath specifies the value with which to replace the full path + * of a request during a rewrite or redirect. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifier#add + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPath#replaceFullPath */ - readonly add?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierAdd[]; + readonly replaceFullPath?: string; /** - * Remove the given header(s) from the HTTP request before the action. The - * value of Remove is a list of HTTP header names. Note that the header - * names are case-insensitive (see - * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + * ReplacePrefixMatch specifies the value with which to replace the prefix + * match of a request during a rewrite or redirect. For example, a request + * to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch + * of "/xyz" would be modified to "/xyz/bar". * * - * Input: - * GET /foo HTTP/1.1 - * my-header1: foo - * my-header2: bar - * my-header3: baz + * Note that this matches the behavior of the PathPrefix match type. This + * matches full path elements. A path element refers to the list of labels + * in the path split by the `/` separator. When specified, a trailing `/` is + * ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all + * match the prefix `/abc`, but the path `/abcd` would not. * * - * Config: - * remove: ["my-header1", "my-header3"] + * ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. + * Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in + * the implementation setting the Accepted Condition for the Route to `status: False`. * * - * Output: - * GET /foo HTTP/1.1 - * my-header2: bar + * Request Path | Prefix Match | Replace Prefix | Modified Path + * -------------|--------------|----------------|---------- + * /foo/bar | /foo | /xyz | /xyz/bar + * /foo/bar | /foo | /xyz/ | /xyz/bar + * /foo/bar | /foo/ | /xyz | /xyz/bar + * /foo/bar | /foo/ | /xyz/ | /xyz/bar + * /foo | /foo | /xyz | /xyz + * /foo/ | /foo | /xyz | /xyz/ + * /foo/bar | /foo | | /bar + * /foo/ | /foo | | / + * /foo | /foo | | / + * /foo/ | /foo | / | / + * /foo | /foo | / | / * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifier#remove + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPath#replacePrefixMatch */ - readonly remove?: string[]; + readonly replacePrefixMatch?: string; /** - * Set overwrites the request with the given header (name, value) - * before the action. - * - * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo + * Type defines the type of path modifier. Additional types may be + * added in a future release of the API. * * - * Config: - * set: - * - name: "my-header" - * value: "bar" + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. * * - * Output: - * GET /foo HTTP/1.1 - * my-header: bar + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifier#set + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPath#type */ - readonly set?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierSet[]; + readonly type: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPathType; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifier' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPath' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifier(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifier | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPath(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPath | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'add': obj.add?.map(y => toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierAdd(y)), - 'remove': obj.remove?.map(y => y), - 'set': obj.set?.map(y => toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierSet(y)), + 'replaceFullPath': obj.replaceFullPath, + 'replacePrefixMatch': obj.replacePrefixMatch, + 'type': obj.type, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -13722,66 +17599,97 @@ export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderM /* eslint-enable max-len, quote-props */ /** - * RequestMirror defines a schema for a filter that mirrors requests. - * Requests are sent to the specified destination, but responses from - * that destination are ignored. + * Scheme is the scheme to be used in the value of the `Location` header in + * the response. When empty, the scheme of the request is used. * * - * This filter can be used multiple times within the same rule. Note that - * not all implementations will be able to support mirroring to multiple - * backends. + * Scheme redirects can affect the port of the redirect, for more information, + * refer to the documentation for the port field of this filter. + * + * + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. + * + * + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. * * * Support: Extended * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirror + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectScheme */ -export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirror { +export enum HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectScheme { + /** http */ + HTTP = "http", + /** https */ + HTTPS = "https", +} + +/** + * StatusCode is the HTTP status code to be used in response. + * + * + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. + * + * + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. + * + * + * Support: Core + * + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectStatusCode + */ +export enum HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectStatusCode { + /** 301 */ + VALUE_301 = 301, + /** 302 */ + VALUE_302 = 302, +} + +/** + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierAdd + */ +export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierAdd { /** - * BackendRef references a resource where mirrored requests are sent. - * - * - * Mirrored requests must be sent only to a single destination endpoint - * within this BackendRef, irrespective of how many endpoints are present - * within this BackendRef. - * - * - * If the referent cannot be found, this BackendRef is invalid and must be - * dropped from the Gateway. The controller must ensure the "ResolvedRefs" - * condition on the Route status is set to `status: False` and not configure - * this backend in the underlying implementation. - * - * - * If there is a cross-namespace reference to an *existing* object - * that is not allowed by a ReferenceGrant, the controller must ensure the - * "ResolvedRefs" condition on the Route is set to `status: False`, - * with the "RefNotPermitted" reason and not configure this backend in the - * underlying implementation. - * - * - * In either error case, the Message of the `ResolvedRefs` Condition - * should be used to provide more detail about the problem. - * + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * - * Support: Extended for Kubernetes Service * + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * - * Support: Implementation-specific for any other resource + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierAdd#name + */ + readonly name: string; + + /** + * Value is the value of HTTP Header to be matched. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirror#backendRef + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierAdd#value */ - readonly backendRef: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirrorBackendRef; + readonly value: string; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirror' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierAdd' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirror(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirror | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierAdd(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierAdd | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'backendRef': toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirrorBackendRef(obj.backendRef), + 'name': obj.name, + 'value': obj.value, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -13789,129 +17697,44 @@ export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirror( /* eslint-enable max-len, quote-props */ /** - * RequestRedirect defines a schema for a filter that responds to the - * request with an HTTP redirection. - * - * - * Support: Core + * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirect + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierSet */ -export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirect { - /** - * Hostname is the hostname to be used in the value of the `Location` - * header in the response. - * When empty, the hostname in the `Host` header of the request is used. - * - * - * Support: Core - * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirect#hostname - */ - readonly hostname?: string; - - /** - * Path defines parameters used to modify the path of the incoming request. - * The modified path is then used to construct the `Location` header. When - * empty, the request path is used as-is. - * - * - * Support: Extended - * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirect#path - */ - readonly path?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPath; - - /** - * Port is the port to be used in the value of the `Location` - * header in the response. - * - * - * If no port is specified, the redirect port MUST be derived using the - * following rules: - * - * - * * If redirect scheme is not-empty, the redirect port MUST be the well-known - * port associated with the redirect scheme. Specifically "http" to port 80 - * and "https" to port 443. If the redirect scheme does not have a - * well-known port, the listener port of the Gateway SHOULD be used. - * * If redirect scheme is empty, the redirect port MUST be the Gateway - * Listener port. - * - * - * Implementations SHOULD NOT add the port number in the 'Location' - * header in the following cases: - * - * - * * A Location header that will use HTTP (whether that is determined via - * the Listener protocol or the Scheme field) _and_ use port 80. - * * A Location header that will use HTTPS (whether that is determined via - * the Listener protocol or the Scheme field) _and_ use port 443. - * - * - * Support: Extended - * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirect#port - */ - readonly port?: number; - +export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierSet { /** - * Scheme is the scheme to be used in the value of the `Location` header in - * the response. When empty, the scheme of the request is used. - * - * - * Scheme redirects can affect the port of the redirect, for more information, - * refer to the documentation for the port field of this filter. - * - * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. - * - * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. + * Name is the name of the HTTP Header to be matched. Name matching MUST be + * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). * * - * Support: Extended + * If multiple entries specify equivalent header names, the first entry with + * an equivalent name MUST be considered for a match. Subsequent entries + * with an equivalent header name MUST be ignored. Due to the + * case-insensitivity of header names, "foo" and "Foo" are considered + * equivalent. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirect#scheme + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierSet#name */ - readonly scheme?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectScheme; + readonly name: string; /** - * StatusCode is the HTTP status code to be used in response. - * - * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. - * - * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. - * - * - * Support: Core + * Value is the value of HTTP Header to be matched. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirect#statusCode + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierSet#value */ - readonly statusCode?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectStatusCode; + readonly value: string; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirect' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierSet' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirect(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirect | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierSet(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierSet | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'hostname': obj.hostname, - 'path': toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPath(obj.path), - 'port': obj.port, - 'scheme': obj.scheme, - 'statusCode': obj.statusCode, + 'name': obj.name, + 'value': obj.value, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -13919,102 +17742,88 @@ export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirec /* eslint-enable max-len, quote-props */ /** - * ResponseHeaderModifier defines a schema for a filter that modifies response - * headers. + * Path defines a path rewrite. * * * Support: Extended * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifier + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePath */ -export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifier { +export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePath { /** - * Add adds the given header(s) (name, value) to the request - * before the action. It appends to any existing values associated - * with the header name. - * - * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo - * - * - * Config: - * add: - * - name: "my-header" - * value: "bar,baz" - * - * - * Output: - * GET /foo HTTP/1.1 - * my-header: foo,bar,baz + * ReplaceFullPath specifies the value with which to replace the full path + * of a request during a rewrite or redirect. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifier#add + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePath#replaceFullPath */ - readonly add?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierAdd[]; + readonly replaceFullPath?: string; /** - * Remove the given header(s) from the HTTP request before the action. The - * value of Remove is a list of HTTP header names. Note that the header - * names are case-insensitive (see - * https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + * ReplacePrefixMatch specifies the value with which to replace the prefix + * match of a request during a rewrite or redirect. For example, a request + * to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch + * of "/xyz" would be modified to "/xyz/bar". * * - * Input: - * GET /foo HTTP/1.1 - * my-header1: foo - * my-header2: bar - * my-header3: baz + * Note that this matches the behavior of the PathPrefix match type. This + * matches full path elements. A path element refers to the list of labels + * in the path split by the `/` separator. When specified, a trailing `/` is + * ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all + * match the prefix `/abc`, but the path `/abcd` would not. * * - * Config: - * remove: ["my-header1", "my-header3"] + * ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. + * Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in + * the implementation setting the Accepted Condition for the Route to `status: False`. * * - * Output: - * GET /foo HTTP/1.1 - * my-header2: bar + * Request Path | Prefix Match | Replace Prefix | Modified Path + * -------------|--------------|----------------|---------- + * /foo/bar | /foo | /xyz | /xyz/bar + * /foo/bar | /foo | /xyz/ | /xyz/bar + * /foo/bar | /foo/ | /xyz | /xyz/bar + * /foo/bar | /foo/ | /xyz/ | /xyz/bar + * /foo | /foo | /xyz | /xyz + * /foo/ | /foo | /xyz | /xyz/ + * /foo/bar | /foo | | /bar + * /foo/ | /foo | | / + * /foo | /foo | | / + * /foo/ | /foo | / | / + * /foo | /foo | / | / * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifier#remove + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePath#replacePrefixMatch */ - readonly remove?: string[]; + readonly replacePrefixMatch?: string; /** - * Set overwrites the request with the given header (name, value) - * before the action. - * - * - * Input: - * GET /foo HTTP/1.1 - * my-header: foo + * Type defines the type of path modifier. Additional types may be + * added in a future release of the API. * * - * Config: - * set: - * - name: "my-header" - * value: "bar" + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. * * - * Output: - * GET /foo HTTP/1.1 - * my-header: bar + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifier#set + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePath#type */ - readonly set?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierSet[]; + readonly type: HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePathType; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifier' to JSON representation. + * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePath' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifier(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifier | undefined): Record | undefined { +export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePath(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePath | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'add': obj.add?.map(y => toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierAdd(y)), - 'remove': obj.remove?.map(y => y), - 'set': obj.set?.map(y => toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierSet(y)), + 'replaceFullPath': obj.replaceFullPath, + 'replacePrefixMatch': obj.replacePrefixMatch, + 'type': obj.type, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -14022,36 +17831,52 @@ export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeader /* eslint-enable max-len, quote-props */ /** - * Type identifies the type of filter to apply. As with other API fields, - * types are classified into three conformance levels: + * Type defines the type of path modifier. Additional types may be + * added in a future release of the API. * * - * - Core: Filter types and their corresponding configuration defined by - * "Support: Core" in this package, e.g. "RequestHeaderModifier". All - * implementations must support core filters. + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. * * - * - Extended: Filter types and their corresponding configuration defined by - * "Support: Extended" in this package, e.g. "RequestMirror". Implementers - * are encouraged to support extended filters. + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. * + * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPathType + */ +export enum HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPathType { + /** ReplaceFullPath */ + REPLACE_FULL_PATH = "ReplaceFullPath", + /** ReplacePrefixMatch */ + REPLACE_PREFIX_MATCH = "ReplacePrefixMatch", +} + +/** + * Type defines the type of path modifier. Additional types may be + * added in a future release of the API. * - * - Implementation-specific: Filters that are defined and supported by - * specific vendors. - * In the future, filters showing convergence in behavior across multiple - * implementations will be considered for inclusion in extended or core - * conformance levels. Filter-specific configuration for such filters - * is specified using the ExtensionRef field. `Type` should be set to - * "ExtensionRef" for custom filters. * + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. * - * Implementers are encouraged to define custom implementation types to - * extend the core API with implementation-specific behavior. * + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. * - * If a reference to a custom filter type cannot be resolved, the filter - * MUST NOT be skipped. Instead, requests that would have been processed by - * that filter MUST receive a HTTP error response. + * @schema HttpRouteV1Beta1SpecRulesFiltersUrlRewritePathType + */ +export enum HttpRouteV1Beta1SpecRulesFiltersUrlRewritePathType { + /** ReplaceFullPath */ + REPLACE_FULL_PATH = "ReplaceFullPath", + /** ReplacePrefixMatch */ + REPLACE_PREFIX_MATCH = "ReplacePrefixMatch", +} + +/** + * Type defines the type of path modifier. Additional types may be + * added in a future release of the API. * * * Note that values may be added to this enum, implementations @@ -14062,109 +17887,165 @@ export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeader * Accepted Condition for the Route to `status: False`, with a * Reason of `UnsupportedValue`. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersType + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPathType */ -export enum HttpRouteV1Beta1SpecRulesBackendRefsFiltersType { - /** RequestHeaderModifier */ - REQUEST_HEADER_MODIFIER = "RequestHeaderModifier", - /** ResponseHeaderModifier */ - RESPONSE_HEADER_MODIFIER = "ResponseHeaderModifier", - /** RequestMirror */ - REQUEST_MIRROR = "RequestMirror", - /** RequestRedirect */ - REQUEST_REDIRECT = "RequestRedirect", - /** URLRewrite */ - URL_REWRITE = "URLRewrite", - /** ExtensionRef */ - EXTENSION_REF = "ExtensionRef", +export enum HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPathType { + /** ReplaceFullPath */ + REPLACE_FULL_PATH = "ReplaceFullPath", + /** ReplacePrefixMatch */ + REPLACE_PREFIX_MATCH = "ReplacePrefixMatch", } /** - * URLRewrite defines a schema for a filter that modifies a request during forwarding. + * Type defines the type of path modifier. Additional types may be + * added in a future release of the API. * * - * Support: Extended + * Note that values may be added to this enum, implementations + * must ensure that unknown values will not cause a crash. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewrite + * + * Unknown values here must result in the implementation setting the + * Accepted Condition for the Route to `status: False`, with a + * Reason of `UnsupportedValue`. + * + * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePathType */ -export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewrite { +export enum HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePathType { + /** ReplaceFullPath */ + REPLACE_FULL_PATH = "ReplaceFullPath", + /** ReplacePrefixMatch */ + REPLACE_PREFIX_MATCH = "ReplacePrefixMatch", +} + + +/** + * ReferenceGrant identifies kinds of resources in other namespaces that are +trusted to reference the specified kinds of resources in the same namespace +as the policy. + + +Each ReferenceGrant can be used to represent a unique trust relationship. +Additional Reference Grants can be used to add to the set of trusted +sources of inbound references for the namespace they are defined within. + + +A ReferenceGrant is required for all cross-namespace references in Gateway API +(with the exception of cross-namespace Route-Gateway attachment, which is +governed by the AllowedRoutes configuration on the Gateway, and cross-namespace +Service ParentRefs on a "consumer" mesh Route, which defines routing rules +applicable only to workloads in the Route namespace). ReferenceGrants allowing +a reference from a Route to a Service are only applicable to BackendRefs. + + +ReferenceGrant is a form of runtime verification allowing users to assert +which cross-namespace object references are permitted. Implementations that +support ReferenceGrant MUST NOT permit cross-namespace references which have +no grant, and MUST respond to the removal of a grant by revoking the access +that the grant allowed. + * + * @schema ReferenceGrant + */ +export class ReferenceGrant extends ApiObject { + /** + * Returns the apiVersion and kind for "ReferenceGrant" + */ + public static readonly GVK: GroupVersionKind = { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'ReferenceGrant', + } + /** - * Hostname is the value to be used to replace the Host header value during - * forwarding. - * + * Renders a Kubernetes manifest for "ReferenceGrant". * - * Support: Extended + * This can be used to inline resource manifests inside other objects (e.g. as templates). * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewrite#hostname + * @param props initialization props */ - readonly hostname?: string; + public static manifest(props: ReferenceGrantProps = {}): any { + return { + ...ReferenceGrant.GVK, + ...toJson_ReferenceGrantProps(props), + }; + } /** - * Path defines a path rewrite. - * - * - * Support: Extended - * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewrite#path + * Defines a "ReferenceGrant" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props */ - readonly path?: HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePath; + public constructor(scope: Construct, id: string, props: ReferenceGrantProps = {}) { + super(scope, id, { + ...ReferenceGrant.GVK, + ...props, + }); + } -} + /** + * Renders the object to Kubernetes JSON. + */ + public toJson(): any { + const resolved = super.toJson(); -/** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewrite' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewrite(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewrite | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'hostname': obj.hostname, - 'path': toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePath(obj.path), - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); + return { + ...ReferenceGrant.GVK, + ...toJson_ReferenceGrantProps(resolved), + }; + } } -/* eslint-enable max-len, quote-props */ /** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * ReferenceGrant identifies kinds of resources in other namespaces that are + * trusted to reference the specified kinds of resources in the same namespace + * as the policy. * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierAdd + * + * Each ReferenceGrant can be used to represent a unique trust relationship. + * Additional Reference Grants can be used to add to the set of trusted + * sources of inbound references for the namespace they are defined within. + * + * + * A ReferenceGrant is required for all cross-namespace references in Gateway API + * (with the exception of cross-namespace Route-Gateway attachment, which is + * governed by the AllowedRoutes configuration on the Gateway, and cross-namespace + * Service ParentRefs on a "consumer" mesh Route, which defines routing rules + * applicable only to workloads in the Route namespace). ReferenceGrants allowing + * a reference from a Route to a Service are only applicable to BackendRefs. + * + * + * ReferenceGrant is a form of runtime verification allowing users to assert + * which cross-namespace object references are permitted. Implementations that + * support ReferenceGrant MUST NOT permit cross-namespace references which have + * no grant, and MUST respond to the removal of a grant by revoking the access + * that the grant allowed. + * + * @schema ReferenceGrant */ -export interface HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierAdd { +export interface ReferenceGrantProps { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). - * - * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. - * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierAdd#name + * @schema ReferenceGrant#metadata */ - readonly name: string; + readonly metadata?: ApiObjectMetadata; /** - * Value is the value of HTTP Header to be matched. + * Spec defines the desired state of ReferenceGrant. * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierAdd#value + * @schema ReferenceGrant#spec */ - readonly value: string; + readonly spec?: ReferenceGrantSpec; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierAdd' to JSON representation. + * Converts an object of type 'ReferenceGrantProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierAdd(obj: HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierAdd | undefined): Record | undefined { +export function toJson_ReferenceGrantProps(obj: ReferenceGrantProps | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'name': obj.name, - 'value': obj.value, + 'metadata': obj.metadata, + 'spec': toJson_ReferenceGrantSpec(obj.spec), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -14172,44 +18053,48 @@ export function toJson_HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierAdd( /* eslint-enable max-len, quote-props */ /** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * Spec defines the desired state of ReferenceGrant. * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierSet + * @schema ReferenceGrantSpec */ -export interface HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierSet { +export interface ReferenceGrantSpec { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + * From describes the trusted namespaces and kinds that can reference the + * resources described in "To". Each entry in this list MUST be considered + * to be an additional place that references can be valid from, or to put + * this another way, entries MUST be combined using OR. * * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * Support: Core * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierSet#name + * @schema ReferenceGrantSpec#from */ - readonly name: string; + readonly from: ReferenceGrantSpecFrom[]; /** - * Value is the value of HTTP Header to be matched. + * To describes the resources that may be referenced by the resources + * described in "From". Each entry in this list MUST be considered to be an + * additional place that references can be valid to, or to put this another + * way, entries MUST be combined using OR. * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierSet#value + * + * Support: Core + * + * @schema ReferenceGrantSpec#to */ - readonly value: string; + readonly to: ReferenceGrantSpecTo[]; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierSet' to JSON representation. + * Converts an object of type 'ReferenceGrantSpec' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierSet(obj: HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierSet | undefined): Record | undefined { +export function toJson_ReferenceGrantSpec(obj: ReferenceGrantSpec | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'name': obj.name, - 'value': obj.value, + 'from': obj.from?.map(y => toJson_ReferenceGrantSpecFrom(y)), + 'to': obj.to?.map(y => toJson_ReferenceGrantSpecTo(y)), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -14217,121 +18102,69 @@ export function toJson_HttpRouteV1Beta1SpecRulesFiltersRequestHeaderModifierSet( /* eslint-enable max-len, quote-props */ /** - * BackendRef references a resource where mirrored requests are sent. - * - * - * Mirrored requests must be sent only to a single destination endpoint - * within this BackendRef, irrespective of how many endpoints are present - * within this BackendRef. - * - * - * If the referent cannot be found, this BackendRef is invalid and must be - * dropped from the Gateway. The controller must ensure the "ResolvedRefs" - * condition on the Route status is set to `status: False` and not configure - * this backend in the underlying implementation. - * - * - * If there is a cross-namespace reference to an *existing* object - * that is not allowed by a ReferenceGrant, the controller must ensure the - * "ResolvedRefs" condition on the Route is set to `status: False`, - * with the "RefNotPermitted" reason and not configure this backend in the - * underlying implementation. - * - * - * In either error case, the Message of the `ResolvedRefs` Condition - * should be used to provide more detail about the problem. - * - * - * Support: Extended for Kubernetes Service - * - * - * Support: Implementation-specific for any other resource + * ReferenceGrantFrom describes trusted namespaces and kinds. * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestMirrorBackendRef + * @schema ReferenceGrantSpecFrom */ -export interface HttpRouteV1Beta1SpecRulesFiltersRequestMirrorBackendRef { +export interface ReferenceGrantSpecFrom { /** - * Group is the group of the referent. For example, "gateway.networking.k8s.io". - * When unspecified or empty string, core API group is inferred. + * Group is the group of the referent. + * When empty, the Kubernetes core API group is inferred. * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestMirrorBackendRef#group + * + * Support: Core + * + * @schema ReferenceGrantSpecFrom#group */ - readonly group?: string; + readonly group: string; /** - * Kind is the Kubernetes resource kind of the referent. For example - * "Service". - * + * Kind is the kind of the referent. Although implementations may support + * additional resources, the following types are part of the "Core" + * support level for this field. * - * Defaults to "Service" when not specified. * + * When used to permit a SecretObjectReference: * - * ExternalName services can refer to CNAME DNS records that may live - * outside of the cluster and as such are difficult to reason about in - * terms of conformance. They also may not be safe to forward to (see - * CVE-2021-25740 for more information). Implementations SHOULD NOT - * support ExternalName Services. * + * * Gateway * - * Support: Core (Services with a type other than ExternalName) * + * When used to permit a BackendObjectReference: * - * Support: Implementation-specific (Services with type ExternalName) * - * @default Service" when not specified. - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestMirrorBackendRef#kind - */ - readonly kind?: string; - - /** - * Name is the name of the referent. + * * GRPCRoute + * * HTTPRoute + * * TCPRoute + * * TLSRoute + * * UDPRoute * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestMirrorBackendRef#name + * @schema ReferenceGrantSpecFrom#kind */ - readonly name: string; + readonly kind: string; /** - * Namespace is the namespace of the backend. When unspecified, the local - * namespace is inferred. - * - * - * Note that when a namespace different than the local namespace is specified, - * a ReferenceGrant object is required in the referent namespace to allow that - * namespace's owner to accept the reference. See the ReferenceGrant - * documentation for details. + * Namespace is the namespace of the referent. * * * Support: Core * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestMirrorBackendRef#namespace - */ - readonly namespace?: string; - - /** - * Port specifies the destination port number to use for this resource. - * Port is required when the referent is a Kubernetes Service. In this - * case, the port number is the service port number, not the target port. - * For other resources, destination port might be derived from the referent - * resource or this field. - * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestMirrorBackendRef#port + * @schema ReferenceGrantSpecFrom#namespace */ - readonly port?: number; + readonly namespace: string; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersRequestMirrorBackendRef' to JSON representation. + * Converts an object of type 'ReferenceGrantSpecFrom' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesFiltersRequestMirrorBackendRef(obj: HttpRouteV1Beta1SpecRulesFiltersRequestMirrorBackendRef | undefined): Record | undefined { +export function toJson_ReferenceGrantSpecFrom(obj: ReferenceGrantSpecFrom | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { 'group': obj.group, 'kind': obj.kind, - 'name': obj.name, 'namespace': obj.namespace, - 'port': obj.port, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -14339,233 +18172,183 @@ export function toJson_HttpRouteV1Beta1SpecRulesFiltersRequestMirrorBackendRef(o /* eslint-enable max-len, quote-props */ /** - * Path defines parameters used to modify the path of the incoming request. - * The modified path is then used to construct the `Location` header. When - * empty, the request path is used as-is. - * - * - * Support: Extended + * ReferenceGrantTo describes what Kinds are allowed as targets of the + * references. * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPath + * @schema ReferenceGrantSpecTo */ -export interface HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPath { +export interface ReferenceGrantSpecTo { /** - * ReplaceFullPath specifies the value with which to replace the full path - * of a request during a rewrite or redirect. + * Group is the group of the referent. + * When empty, the Kubernetes core API group is inferred. * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPath#replaceFullPath + * + * Support: Core + * + * @schema ReferenceGrantSpecTo#group */ - readonly replaceFullPath?: string; + readonly group: string; /** - * ReplacePrefixMatch specifies the value with which to replace the prefix - * match of a request during a rewrite or redirect. For example, a request - * to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch - * of "/xyz" would be modified to "/xyz/bar". - * - * - * Note that this matches the behavior of the PathPrefix match type. This - * matches full path elements. A path element refers to the list of labels - * in the path split by the `/` separator. When specified, a trailing `/` is - * ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all - * match the prefix `/abc`, but the path `/abcd` would not. - * - * - * ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. - * Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in - * the implementation setting the Accepted Condition for the Route to `status: False`. + * Kind is the kind of the referent. Although implementations may support + * additional resources, the following types are part of the "Core" + * support level for this field: * * - * Request Path | Prefix Match | Replace Prefix | Modified Path - * -------------|--------------|----------------|---------- - * /foo/bar | /foo | /xyz | /xyz/bar - * /foo/bar | /foo | /xyz/ | /xyz/bar - * /foo/bar | /foo/ | /xyz | /xyz/bar - * /foo/bar | /foo/ | /xyz/ | /xyz/bar - * /foo | /foo | /xyz | /xyz - * /foo/ | /foo | /xyz | /xyz/ - * /foo/bar | /foo | | /bar - * /foo/ | /foo | | / - * /foo | /foo | | / - * /foo/ | /foo | / | / - * /foo | /foo | / | / + * * Secret when used to permit a SecretObjectReference + * * Service when used to permit a BackendObjectReference * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPath#replacePrefixMatch + * @schema ReferenceGrantSpecTo#kind */ - readonly replacePrefixMatch?: string; + readonly kind: string; /** - * Type defines the type of path modifier. Additional types may be - * added in a future release of the API. - * - * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. - * - * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. + * Name is the name of the referent. When unspecified, this policy + * refers to all resources of the specified Group and Kind in the local + * namespace. * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPath#type + * @schema ReferenceGrantSpecTo#name */ - readonly type: HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPathType; + readonly name?: string; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPath' to JSON representation. + * Converts an object of type 'ReferenceGrantSpecTo' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPath(obj: HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPath | undefined): Record | undefined { +export function toJson_ReferenceGrantSpecTo(obj: ReferenceGrantSpecTo | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'replaceFullPath': obj.replaceFullPath, - 'replacePrefixMatch': obj.replacePrefixMatch, - 'type': obj.type, + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ -/** - * Scheme is the scheme to be used in the value of the `Location` header in - * the response. When empty, the scheme of the request is used. - * - * - * Scheme redirects can affect the port of the redirect, for more information, - * refer to the documentation for the port field of this filter. - * - * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. - * - * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. - * - * - * Support: Extended - * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirectScheme - */ -export enum HttpRouteV1Beta1SpecRulesFiltersRequestRedirectScheme { - /** http */ - HTTP = "http", - /** https */ - HTTPS = "https", -} /** - * StatusCode is the HTTP status code to be used in response. - * - * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. - * - * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. - * - * - * Support: Core - * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirectStatusCode - */ -export enum HttpRouteV1Beta1SpecRulesFiltersRequestRedirectStatusCode { - /** 301 */ - VALUE_301 = 301, - /** 302 */ - VALUE_302 = 302, -} + * ReferenceGrant identifies kinds of resources in other namespaces that are +trusted to reference the specified kinds of resources in the same namespace +as the policy. -/** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + +Each ReferenceGrant can be used to represent a unique trust relationship. +Additional Reference Grants can be used to add to the set of trusted +sources of inbound references for the namespace they are defined within. + + +All cross-namespace references in Gateway API (with the exception of cross-namespace +Gateway-route attachment) require a ReferenceGrant. + + +ReferenceGrant is a form of runtime verification allowing users to assert +which cross-namespace object references are permitted. Implementations that +support ReferenceGrant MUST NOT permit cross-namespace references which have +no grant, and MUST respond to the removal of a grant by revoking the access +that the grant allowed. * - * @schema HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierAdd + * @schema ReferenceGrantV1Beta1 */ -export interface HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierAdd { +export class ReferenceGrantV1Beta1 extends ApiObject { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). - * + * Returns the apiVersion and kind for "ReferenceGrantV1Beta1" + */ + public static readonly GVK: GroupVersionKind = { + apiVersion: 'gateway.networking.k8s.io/v1beta1', + kind: 'ReferenceGrant', + } + + /** + * Renders a Kubernetes manifest for "ReferenceGrantV1Beta1". * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * This can be used to inline resource manifests inside other objects (e.g. as templates). * - * @schema HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierAdd#name + * @param props initialization props */ - readonly name: string; + public static manifest(props: ReferenceGrantV1Beta1Props = {}): any { + return { + ...ReferenceGrantV1Beta1.GVK, + ...toJson_ReferenceGrantV1Beta1Props(props), + }; + } /** - * Value is the value of HTTP Header to be matched. - * - * @schema HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierAdd#value + * Defines a "ReferenceGrantV1Beta1" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props */ - readonly value: string; + public constructor(scope: Construct, id: string, props: ReferenceGrantV1Beta1Props = {}) { + super(scope, id, { + ...ReferenceGrantV1Beta1.GVK, + ...props, + }); + } -} + /** + * Renders the object to Kubernetes JSON. + */ + public toJson(): any { + const resolved = super.toJson(); -/** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierAdd' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierAdd(obj: HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierAdd | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'name': obj.name, - 'value': obj.value, - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); + return { + ...ReferenceGrantV1Beta1.GVK, + ...toJson_ReferenceGrantV1Beta1Props(resolved), + }; + } } -/* eslint-enable max-len, quote-props */ /** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * ReferenceGrant identifies kinds of resources in other namespaces that are + * trusted to reference the specified kinds of resources in the same namespace + * as the policy. + * + * + * Each ReferenceGrant can be used to represent a unique trust relationship. + * Additional Reference Grants can be used to add to the set of trusted + * sources of inbound references for the namespace they are defined within. + * + * + * All cross-namespace references in Gateway API (with the exception of cross-namespace + * Gateway-route attachment) require a ReferenceGrant. + * + * + * ReferenceGrant is a form of runtime verification allowing users to assert + * which cross-namespace object references are permitted. Implementations that + * support ReferenceGrant MUST NOT permit cross-namespace references which have + * no grant, and MUST respond to the removal of a grant by revoking the access + * that the grant allowed. * - * @schema HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierSet + * @schema ReferenceGrantV1Beta1 */ -export interface HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierSet { +export interface ReferenceGrantV1Beta1Props { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). - * - * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. - * - * @schema HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierSet#name + * @schema ReferenceGrantV1Beta1#metadata */ - readonly name: string; + readonly metadata?: ApiObjectMetadata; /** - * Value is the value of HTTP Header to be matched. + * Spec defines the desired state of ReferenceGrant. * - * @schema HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierSet#value + * @schema ReferenceGrantV1Beta1#spec */ - readonly value: string; + readonly spec?: ReferenceGrantV1Beta1Spec; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierSet' to JSON representation. + * Converts an object of type 'ReferenceGrantV1Beta1Props' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierSet(obj: HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierSet | undefined): Record | undefined { +export function toJson_ReferenceGrantV1Beta1Props(obj: ReferenceGrantV1Beta1Props | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'name': obj.name, - 'value': obj.value, + 'metadata': obj.metadata, + 'spec': toJson_ReferenceGrantV1Beta1Spec(obj.spec), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -14573,88 +18356,48 @@ export function toJson_HttpRouteV1Beta1SpecRulesFiltersResponseHeaderModifierSet /* eslint-enable max-len, quote-props */ /** - * Path defines a path rewrite. - * - * - * Support: Extended + * Spec defines the desired state of ReferenceGrant. * - * @schema HttpRouteV1Beta1SpecRulesFiltersUrlRewritePath + * @schema ReferenceGrantV1Beta1Spec */ -export interface HttpRouteV1Beta1SpecRulesFiltersUrlRewritePath { - /** - * ReplaceFullPath specifies the value with which to replace the full path - * of a request during a rewrite or redirect. - * - * @schema HttpRouteV1Beta1SpecRulesFiltersUrlRewritePath#replaceFullPath - */ - readonly replaceFullPath?: string; - +export interface ReferenceGrantV1Beta1Spec { /** - * ReplacePrefixMatch specifies the value with which to replace the prefix - * match of a request during a rewrite or redirect. For example, a request - * to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch - * of "/xyz" would be modified to "/xyz/bar". - * - * - * Note that this matches the behavior of the PathPrefix match type. This - * matches full path elements. A path element refers to the list of labels - * in the path split by the `/` separator. When specified, a trailing `/` is - * ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all - * match the prefix `/abc`, but the path `/abcd` would not. - * - * - * ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. - * Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in - * the implementation setting the Accepted Condition for the Route to `status: False`. + * From describes the trusted namespaces and kinds that can reference the + * resources described in "To". Each entry in this list MUST be considered + * to be an additional place that references can be valid from, or to put + * this another way, entries MUST be combined using OR. * * - * Request Path | Prefix Match | Replace Prefix | Modified Path - * -------------|--------------|----------------|---------- - * /foo/bar | /foo | /xyz | /xyz/bar - * /foo/bar | /foo | /xyz/ | /xyz/bar - * /foo/bar | /foo/ | /xyz | /xyz/bar - * /foo/bar | /foo/ | /xyz/ | /xyz/bar - * /foo | /foo | /xyz | /xyz - * /foo/ | /foo | /xyz | /xyz/ - * /foo/bar | /foo | | /bar - * /foo/ | /foo | | / - * /foo | /foo | | / - * /foo/ | /foo | / | / - * /foo | /foo | / | / + * Support: Core * - * @schema HttpRouteV1Beta1SpecRulesFiltersUrlRewritePath#replacePrefixMatch + * @schema ReferenceGrantV1Beta1Spec#from */ - readonly replacePrefixMatch?: string; + readonly from: ReferenceGrantV1Beta1SpecFrom[]; /** - * Type defines the type of path modifier. Additional types may be - * added in a future release of the API. - * - * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. + * To describes the resources that may be referenced by the resources + * described in "From". Each entry in this list MUST be considered to be an + * additional place that references can be valid to, or to put this another + * way, entries MUST be combined using OR. * * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. + * Support: Core * - * @schema HttpRouteV1Beta1SpecRulesFiltersUrlRewritePath#type + * @schema ReferenceGrantV1Beta1Spec#to */ - readonly type: HttpRouteV1Beta1SpecRulesFiltersUrlRewritePathType; + readonly to: ReferenceGrantV1Beta1SpecTo[]; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesFiltersUrlRewritePath' to JSON representation. + * Converts an object of type 'ReferenceGrantV1Beta1Spec' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesFiltersUrlRewritePath(obj: HttpRouteV1Beta1SpecRulesFiltersUrlRewritePath | undefined): Record | undefined { +export function toJson_ReferenceGrantV1Beta1Spec(obj: ReferenceGrantV1Beta1Spec | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'replaceFullPath': obj.replaceFullPath, - 'replacePrefixMatch': obj.replacePrefixMatch, - 'type': obj.type, + 'from': obj.from?.map(y => toJson_ReferenceGrantV1Beta1SpecFrom(y)), + 'to': obj.to?.map(y => toJson_ReferenceGrantV1Beta1SpecTo(y)), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -14662,112 +18405,69 @@ export function toJson_HttpRouteV1Beta1SpecRulesFiltersUrlRewritePath(obj: HttpR /* eslint-enable max-len, quote-props */ /** - * Type specifies how to match against the value of the header. - * - * - * Support: Core (Exact) - * - * - * Support: Implementation-specific (RegularExpression) - * - * - * Since RegularExpression HeaderMatchType has implementation-specific - * conformance, implementations can support POSIX, PCRE or any other dialects - * of regular expressions. Please read the implementation's documentation to - * determine the supported dialect. - * - * @schema HttpRouteV1Beta1SpecRulesMatchesHeadersType - */ -export enum HttpRouteV1Beta1SpecRulesMatchesHeadersType { - /** Exact */ - EXACT = "Exact", - /** RegularExpression */ - REGULAR_EXPRESSION = "RegularExpression", -} - -/** - * Type specifies how to match against the path Value. - * - * - * Support: Core (Exact, PathPrefix) - * - * - * Support: Implementation-specific (RegularExpression) - * - * @schema HttpRouteV1Beta1SpecRulesMatchesPathType - */ -export enum HttpRouteV1Beta1SpecRulesMatchesPathType { - /** Exact */ - EXACT = "Exact", - /** PathPrefix */ - PATH_PREFIX = "PathPrefix", - /** RegularExpression */ - REGULAR_EXPRESSION = "RegularExpression", -} - -/** - * Type specifies how to match against the value of the query parameter. - * - * - * Support: Extended (Exact) - * - * - * Support: Implementation-specific (RegularExpression) - * - * - * Since RegularExpression QueryParamMatchType has Implementation-specific - * conformance, implementations can support POSIX, PCRE or any other - * dialects of regular expressions. Please read the implementation's - * documentation to determine the supported dialect. + * ReferenceGrantFrom describes trusted namespaces and kinds. * - * @schema HttpRouteV1Beta1SpecRulesMatchesQueryParamsType + * @schema ReferenceGrantV1Beta1SpecFrom */ -export enum HttpRouteV1Beta1SpecRulesMatchesQueryParamsType { - /** Exact */ - EXACT = "Exact", - /** RegularExpression */ - REGULAR_EXPRESSION = "RegularExpression", -} +export interface ReferenceGrantV1Beta1SpecFrom { + /** + * Group is the group of the referent. + * When empty, the Kubernetes core API group is inferred. + * + * + * Support: Core + * + * @schema ReferenceGrantV1Beta1SpecFrom#group + */ + readonly group: string; -/** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. - * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierAdd - */ -export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierAdd { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + * Kind is the kind of the referent. Although implementations may support + * additional resources, the following types are part of the "Core" + * support level for this field. * * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * When used to permit a SecretObjectReference: * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierAdd#name + * + * * Gateway + * + * + * When used to permit a BackendObjectReference: + * + * + * * GRPCRoute + * * HTTPRoute + * * TCPRoute + * * TLSRoute + * * UDPRoute + * + * @schema ReferenceGrantV1Beta1SpecFrom#kind */ - readonly name: string; + readonly kind: string; /** - * Value is the value of HTTP Header to be matched. + * Namespace is the namespace of the referent. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierAdd#value + * + * Support: Core + * + * @schema ReferenceGrantV1Beta1SpecFrom#namespace */ - readonly value: string; + readonly namespace: string; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierAdd' to JSON representation. + * Converts an object of type 'ReferenceGrantV1Beta1SpecFrom' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierAdd(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierAdd | undefined): Record | undefined { +export function toJson_ReferenceGrantV1Beta1SpecFrom(obj: ReferenceGrantV1Beta1SpecFrom | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'name': obj.name, - 'value': obj.value, + 'group': obj.group, + 'kind': obj.kind, + 'namespace': obj.namespace, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -14775,166 +18475,151 @@ export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderM /* eslint-enable max-len, quote-props */ /** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. + * ReferenceGrantTo describes what Kinds are allowed as targets of the + * references. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierSet + * @schema ReferenceGrantV1Beta1SpecTo */ -export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierSet { +export interface ReferenceGrantV1Beta1SpecTo { + /** + * Group is the group of the referent. + * When empty, the Kubernetes core API group is inferred. + * + * + * Support: Core + * + * @schema ReferenceGrantV1Beta1SpecTo#group + */ + readonly group: string; + /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + * Kind is the kind of the referent. Although implementations may support + * additional resources, the following types are part of the "Core" + * support level for this field: * * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * * Secret when used to permit a SecretObjectReference + * * Service when used to permit a BackendObjectReference * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierSet#name + * @schema ReferenceGrantV1Beta1SpecTo#kind */ - readonly name: string; + readonly kind: string; /** - * Value is the value of HTTP Header to be matched. + * Name is the name of the referent. When unspecified, this policy + * refers to all resources of the specified Group and Kind in the local + * namespace. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierSet#value + * @schema ReferenceGrantV1Beta1SpecTo#name */ - readonly value: string; + readonly name?: string; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierSet' to JSON representation. + * Converts an object of type 'ReferenceGrantV1Beta1SpecTo' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierSet(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestHeaderModifierSet | undefined): Record | undefined { +export function toJson_ReferenceGrantV1Beta1SpecTo(obj: ReferenceGrantV1Beta1SpecTo | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { + 'group': obj.group, + 'kind': obj.kind, 'name': obj.name, - 'value': obj.value, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ + /** - * BackendRef references a resource where mirrored requests are sent. - * - * - * Mirrored requests must be sent only to a single destination endpoint - * within this BackendRef, irrespective of how many endpoints are present - * within this BackendRef. - * - * - * If the referent cannot be found, this BackendRef is invalid and must be - * dropped from the Gateway. The controller must ensure the "ResolvedRefs" - * condition on the Route status is set to `status: False` and not configure - * this backend in the underlying implementation. - * - * - * If there is a cross-namespace reference to an *existing* object - * that is not allowed by a ReferenceGrant, the controller must ensure the - * "ResolvedRefs" condition on the Route is set to `status: False`, - * with the "RefNotPermitted" reason and not configure this backend in the - * underlying implementation. - * - * - * In either error case, the Message of the `ResolvedRefs` Condition - * should be used to provide more detail about the problem. - * - * - * Support: Extended for Kubernetes Service - * + * TCPRoute provides a way to route TCP requests. When combined with a Gateway +listener, it can be used to forward connections on the port specified by the +listener to a set of backends specified by the TCPRoute. * - * Support: Implementation-specific for any other resource - * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirrorBackendRef + * @schema TCPRoute */ -export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirrorBackendRef { +export class TcpRoute extends ApiObject { /** - * Group is the group of the referent. For example, "gateway.networking.k8s.io". - * When unspecified or empty string, core API group is inferred. - * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirrorBackendRef#group + * Returns the apiVersion and kind for "TCPRoute" */ - readonly group?: string; + public static readonly GVK: GroupVersionKind = { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'TCPRoute', + } /** - * Kind is the Kubernetes resource kind of the referent. For example - * "Service". - * - * - * Defaults to "Service" when not specified. - * - * - * ExternalName services can refer to CNAME DNS records that may live - * outside of the cluster and as such are difficult to reason about in - * terms of conformance. They also may not be safe to forward to (see - * CVE-2021-25740 for more information). Implementations SHOULD NOT - * support ExternalName Services. + * Renders a Kubernetes manifest for "TCPRoute". * + * This can be used to inline resource manifests inside other objects (e.g. as templates). * - * Support: Core (Services with a type other than ExternalName) - * - * - * Support: Implementation-specific (Services with type ExternalName) - * - * @default Service" when not specified. - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirrorBackendRef#kind + * @param props initialization props */ - readonly kind?: string; + public static manifest(props: TcpRouteProps): any { + return { + ...TcpRoute.GVK, + ...toJson_TcpRouteProps(props), + }; + } /** - * Name is the name of the referent. - * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirrorBackendRef#name + * Defines a "TCPRoute" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props */ - readonly name: string; + public constructor(scope: Construct, id: string, props: TcpRouteProps) { + super(scope, id, { + ...TcpRoute.GVK, + ...props, + }); + } /** - * Namespace is the namespace of the backend. When unspecified, the local - * namespace is inferred. - * - * - * Note that when a namespace different than the local namespace is specified, - * a ReferenceGrant object is required in the referent namespace to allow that - * namespace's owner to accept the reference. See the ReferenceGrant - * documentation for details. - * - * - * Support: Core - * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirrorBackendRef#namespace + * Renders the object to Kubernetes JSON. */ - readonly namespace?: string; + public toJson(): any { + const resolved = super.toJson(); + + return { + ...TcpRoute.GVK, + ...toJson_TcpRouteProps(resolved), + }; + } +} +/** + * TCPRoute provides a way to route TCP requests. When combined with a Gateway + * listener, it can be used to forward connections on the port specified by the + * listener to a set of backends specified by the TCPRoute. + * + * @schema TCPRoute + */ +export interface TcpRouteProps { /** - * Port specifies the destination port number to use for this resource. - * Port is required when the referent is a Kubernetes Service. In this - * case, the port number is the service port number, not the target port. - * For other resources, destination port might be derived from the referent - * resource or this field. + * @schema TCPRoute#metadata + */ + readonly metadata?: ApiObjectMetadata; + + /** + * Spec defines the desired state of TCPRoute. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirrorBackendRef#port + * @schema TCPRoute#spec */ - readonly port?: number; + readonly spec: TcpRouteSpec; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirrorBackendRef' to JSON representation. + * Converts an object of type 'TcpRouteProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirrorBackendRef(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirrorBackendRef | undefined): Record | undefined { +export function toJson_TcpRouteProps(obj: TcpRouteProps | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'group': obj.group, - 'kind': obj.kind, - 'name': obj.name, - 'namespace': obj.namespace, - 'port': obj.port, + 'metadata': obj.metadata, + 'spec': toJson_TcpRouteSpec(obj.spec), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -14942,90 +18627,114 @@ export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestMirrorB /* eslint-enable max-len, quote-props */ /** - * Path defines parameters used to modify the path of the incoming request. - * The modified path is then used to construct the `Location` header. When - * empty, the request path is used as-is. - * + * Spec defines the desired state of TCPRoute. * - * Support: Extended - * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPath + * @schema TcpRouteSpec */ -export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPath { +export interface TcpRouteSpec { /** - * ReplaceFullPath specifies the value with which to replace the full path - * of a request during a rewrite or redirect. + * ParentRefs references the resources (usually Gateways) that a Route wants + * to be attached to. Note that the referenced parent resource needs to + * allow this for the attachment to be complete. For Gateways, that means + * the Gateway needs to allow attachment from Routes of this kind and + * namespace. For Services, that means the Service must either be in the same + * namespace for a "producer" route, or the mesh implementation must support + * and allow "consumer" routes for the referenced Service. ReferenceGrant is + * not applicable for governing ParentRefs to Services - it is not possible to + * create a "producer" route for a Service in a different namespace from the + * Route. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPath#replaceFullPath - */ - readonly replaceFullPath?: string; - - /** - * ReplacePrefixMatch specifies the value with which to replace the prefix - * match of a request during a rewrite or redirect. For example, a request - * to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch - * of "/xyz" would be modified to "/xyz/bar". * + * There are two kinds of parent resources with "Core" support: * - * Note that this matches the behavior of the PathPrefix match type. This - * matches full path elements. A path element refers to the list of labels - * in the path split by the `/` separator. When specified, a trailing `/` is - * ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all - * match the prefix `/abc`, but the path `/abcd` would not. + * + * * Gateway (Gateway conformance profile) + * * Service (Mesh conformance profile, ClusterIP Services only) * * - * ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. - * Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in - * the implementation setting the Accepted Condition for the Route to `status: False`. + * This API may be extended in the future to support additional kinds of parent + * resources. + * + * + * ParentRefs must be _distinct_. This means either that: + * + * + * * They select different objects. If this is the case, then parentRef + * entries are distinct. In terms of fields, this means that the + * multi-part key defined by `group`, `kind`, `namespace`, and `name` must + * be unique across all parentRef entries in the Route. + * * They do not select different objects, but for each optional field used, + * each ParentRef that selects the same object must set the same set of + * optional fields to different values. If one ParentRef sets a + * combination of optional fields, all must set the same combination. + * + * + * Some examples: + * + * + * * If one ParentRef sets `sectionName`, all ParentRefs referencing the + * same object must also set `sectionName`. + * * If one ParentRef sets `port`, all ParentRefs referencing the same + * object must also set `port`. + * * If one ParentRef sets `sectionName` and `port`, all ParentRefs + * referencing the same object must also set `sectionName` and `port`. + * + * + * It is possible to separately reference multiple distinct objects that may + * be collapsed by an implementation. For example, some implementations may + * choose to merge compatible Gateway Listeners together. If that is the + * case, the list of routes attached to those resources should also be + * merged. + * + * + * Note that for ParentRefs that cross namespace boundaries, there are specific + * rules. Cross-namespace references are only valid if they are explicitly + * allowed by something in the namespace they are referring to. For example, + * Gateway has the AllowedRoutes field, and ReferenceGrant provides a + * generic way to enable other kinds of cross-namespace reference. + * + * + * + * ParentRefs from a Route to a Service in the same namespace are "producer" + * routes, which apply default routing rules to inbound connections from + * any namespace to the Service. + * + * + * ParentRefs from a Route to a Service in a different namespace are + * "consumer" routes, and these routing rules are only applied to outbound + * connections originating from the same namespace as the Route, for which + * the intended destination of the connections are a Service targeted as a + * ParentRef of the Route. + * * * - * Request Path | Prefix Match | Replace Prefix | Modified Path - * -------------|--------------|----------------|---------- - * /foo/bar | /foo | /xyz | /xyz/bar - * /foo/bar | /foo | /xyz/ | /xyz/bar - * /foo/bar | /foo/ | /xyz | /xyz/bar - * /foo/bar | /foo/ | /xyz/ | /xyz/bar - * /foo | /foo | /xyz | /xyz - * /foo/ | /foo | /xyz | /xyz/ - * /foo/bar | /foo | | /bar - * /foo/ | /foo | | / - * /foo | /foo | | / - * /foo/ | /foo | / | / - * /foo | /foo | / | / * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPath#replacePrefixMatch - */ - readonly replacePrefixMatch?: string; - - /** - * Type defines the type of path modifier. Additional types may be - * added in a future release of the API. * * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. * * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. + * @schema TcpRouteSpec#parentRefs + */ + readonly parentRefs?: TcpRouteSpecParentRefs[]; + + /** + * Rules are a list of TCP matchers and actions. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPath#type + * @schema TcpRouteSpec#rules */ - readonly type: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPathType; + readonly rules: TcpRouteSpecRules[]; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPath' to JSON representation. + * Converts an object of type 'TcpRouteSpec' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPath(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPath | undefined): Record | undefined { +export function toJson_TcpRouteSpec(obj: TcpRouteSpec | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'replaceFullPath': obj.replaceFullPath, - 'replacePrefixMatch': obj.replacePrefixMatch, - 'type': obj.type, + 'parentRefs': obj.parentRefs?.map(y => toJson_TcpRouteSpecParentRefs(y)), + 'rules': obj.rules?.map(y => toJson_TcpRouteSpecRules(y)), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -15033,142 +18742,187 @@ export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirec /* eslint-enable max-len, quote-props */ /** - * Scheme is the scheme to be used in the value of the `Location` header in - * the response. When empty, the scheme of the request is used. - * - * - * Scheme redirects can affect the port of the redirect, for more information, - * refer to the documentation for the port field of this filter. + * ParentReference identifies an API object (usually a Gateway) that can be considered + * a parent of this resource (usually a route). There are two kinds of parent resources + * with "Core" support: * * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. + * * Gateway (Gateway conformance profile) + * * Service (Mesh conformance profile, ClusterIP Services only) * * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. + * This API may be extended in the future to support additional kinds of parent + * resources. * * - * Support: Extended + * The API object must be valid in the cluster; the Group and Kind must + * be registered in the cluster for this reference to be valid. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectScheme + * @schema TcpRouteSpecParentRefs */ -export enum HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectScheme { - /** http */ - HTTP = "http", - /** https */ - HTTPS = "https", -} +export interface TcpRouteSpecParentRefs { + /** + * Group is the group of the referent. + * When unspecified, "gateway.networking.k8s.io" is inferred. + * To set the core API group (such as for a "Service" kind referent), + * Group must be explicitly set to "" (empty string). + * + * + * Support: Core + * + * @schema TcpRouteSpecParentRefs#group + */ + readonly group?: string; -/** - * StatusCode is the HTTP status code to be used in response. - * - * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. - * - * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. - * - * - * Support: Core - * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectStatusCode - */ -export enum HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectStatusCode { - /** 301 */ - VALUE_301 = 301, - /** 302 */ - VALUE_302 = 302, -} + /** + * Kind is kind of the referent. + * + * + * There are two kinds of parent resources with "Core" support: + * + * + * * Gateway (Gateway conformance profile) + * * Service (Mesh conformance profile, ClusterIP Services only) + * + * + * Support for other resources is Implementation-Specific. + * + * @schema TcpRouteSpecParentRefs#kind + */ + readonly kind?: string; -/** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. - * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierAdd - */ -export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierAdd { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + * Name is the name of the referent. * * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * Support: Core * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierAdd#name + * @schema TcpRouteSpecParentRefs#name */ readonly name: string; /** - * Value is the value of HTTP Header to be matched. + * Namespace is the namespace of the referent. When unspecified, this refers + * to the local namespace of the Route. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierAdd#value + * + * Note that there are specific rules for ParentRefs which cross namespace + * boundaries. Cross-namespace references are only valid if they are explicitly + * allowed by something in the namespace they are referring to. For example: + * Gateway has the AllowedRoutes field, and ReferenceGrant provides a + * generic way to enable any other kind of cross-namespace reference. + * + * + * + * ParentRefs from a Route to a Service in the same namespace are "producer" + * routes, which apply default routing rules to inbound connections from + * any namespace to the Service. + * + * + * ParentRefs from a Route to a Service in a different namespace are + * "consumer" routes, and these routing rules are only applied to outbound + * connections originating from the same namespace as the Route, for which + * the intended destination of the connections are a Service targeted as a + * ParentRef of the Route. + * + * + * + * Support: Core + * + * @schema TcpRouteSpecParentRefs#namespace */ - readonly value: string; - -} - -/** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierAdd' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierAdd(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierAdd | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'name': obj.name, - 'value': obj.value, - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ + readonly namespace?: string; -/** - * HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. - * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierSet - */ -export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierSet { /** - * Name is the name of the HTTP Header to be matched. Name matching MUST be - * case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + * Port is the network port this Route targets. It can be interpreted + * differently based on the type of parent resource. * * - * If multiple entries specify equivalent header names, the first entry with - * an equivalent name MUST be considered for a match. Subsequent entries - * with an equivalent header name MUST be ignored. Due to the - * case-insensitivity of header names, "foo" and "Foo" are considered - * equivalent. + * When the parent resource is a Gateway, this targets all listeners + * listening on the specified port that also support this kind of Route(and + * select this Route). It's not recommended to set `Port` unless the + * networking behaviors specified in a Route must apply to a specific port + * as opposed to a listener(s) whose port(s) may be changed. When both Port + * and SectionName are specified, the name and port of the selected listener + * must match both specified values. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierSet#name + * + * + * When the parent resource is a Service, this targets a specific port in the + * Service spec. When both Port (experimental) and SectionName are specified, + * the name and port of the selected port must match both specified values. + * + * + * + * Implementations MAY choose to support other parent resources. + * Implementations supporting other types of parent resources MUST clearly + * document how/if Port is interpreted. + * + * + * For the purpose of status, an attachment is considered successful as + * long as the parent resource accepts it partially. For example, Gateway + * listeners can restrict which Routes can attach to them by Route kind, + * namespace, or hostname. If 1 of 2 Gateway listeners accept attachment + * from the referencing Route, the Route MUST be considered successfully + * attached. If no Gateway listeners accept attachment from this Route, + * the Route MUST be considered detached from the Gateway. + * + * + * Support: Extended + * + * @schema TcpRouteSpecParentRefs#port */ - readonly name: string; + readonly port?: number; /** - * Value is the value of HTTP Header to be matched. + * SectionName is the name of a section within the target resource. In the + * following resources, SectionName is interpreted as the following: * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierSet#value + * + * * Gateway: Listener name. When both Port (experimental) and SectionName + * are specified, the name and port of the selected listener must match + * both specified values. + * * Service: Port name. When both Port (experimental) and SectionName + * are specified, the name and port of the selected listener must match + * both specified values. + * + * + * Implementations MAY choose to support attaching Routes to other resources. + * If that is the case, they MUST clearly document how SectionName is + * interpreted. + * + * + * When unspecified (empty string), this will reference the entire resource. + * For the purpose of status, an attachment is considered successful if at + * least one section in the parent resource accepts it. For example, Gateway + * listeners can restrict which Routes can attach to them by Route kind, + * namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from + * the referencing Route, the Route MUST be considered successfully + * attached. If no Gateway listeners accept attachment from this Route, the + * Route MUST be considered detached from the Gateway. + * + * + * Support: Core + * + * @schema TcpRouteSpecParentRefs#sectionName */ - readonly value: string; + readonly sectionName?: string; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierSet' to JSON representation. + * Converts an object of type 'TcpRouteSpecParentRefs' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierSet(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeaderModifierSet | undefined): Record | undefined { +export function toJson_TcpRouteSpecParentRefs(obj: TcpRouteSpecParentRefs | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { + 'group': obj.group, + 'kind': obj.kind, 'name': obj.name, - 'value': obj.value, + 'namespace': obj.namespace, + 'port': obj.port, + 'sectionName': obj.sectionName, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -15176,88 +18930,45 @@ export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersResponseHeader /* eslint-enable max-len, quote-props */ /** - * Path defines a path rewrite. - * - * - * Support: Extended - * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePath - */ -export interface HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePath { - /** - * ReplaceFullPath specifies the value with which to replace the full path - * of a request during a rewrite or redirect. - * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePath#replaceFullPath - */ - readonly replaceFullPath?: string; - + * TCPRouteRule is the configuration for a given rule. + * + * @schema TcpRouteSpecRules + */ +export interface TcpRouteSpecRules { /** - * ReplacePrefixMatch specifies the value with which to replace the prefix - * match of a request during a rewrite or redirect. For example, a request - * to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch - * of "/xyz" would be modified to "/xyz/bar". - * - * - * Note that this matches the behavior of the PathPrefix match type. This - * matches full path elements. A path element refers to the list of labels - * in the path split by the `/` separator. When specified, a trailing `/` is - * ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all - * match the prefix `/abc`, but the path `/abcd` would not. - * + * BackendRefs defines the backend(s) where matching requests should be + * sent. If unspecified or invalid (refers to a non-existent resource or a + * Service with no endpoints), the underlying implementation MUST actively + * reject connection attempts to this backend. Connection rejections must + * respect weight; if an invalid backend is requested to have 80% of + * connections, then 80% of connections must be rejected instead. * - * ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. - * Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in - * the implementation setting the Accepted Condition for the Route to `status: False`. * + * Support: Core for Kubernetes Service * - * Request Path | Prefix Match | Replace Prefix | Modified Path - * -------------|--------------|----------------|---------- - * /foo/bar | /foo | /xyz | /xyz/bar - * /foo/bar | /foo | /xyz/ | /xyz/bar - * /foo/bar | /foo/ | /xyz | /xyz/bar - * /foo/bar | /foo/ | /xyz/ | /xyz/bar - * /foo | /foo | /xyz | /xyz - * /foo/ | /foo | /xyz | /xyz/ - * /foo/bar | /foo | | /bar - * /foo/ | /foo | | / - * /foo | /foo | | / - * /foo/ | /foo | / | / - * /foo | /foo | / | / * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePath#replacePrefixMatch - */ - readonly replacePrefixMatch?: string; - - /** - * Type defines the type of path modifier. Additional types may be - * added in a future release of the API. + * Support: Extended for Kubernetes ServiceImport * * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. + * Support: Implementation-specific for any other resource * * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. + * Support for weight: Extended * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePath#type + * @schema TcpRouteSpecRules#backendRefs */ - readonly type: HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePathType; + readonly backendRefs?: TcpRouteSpecRulesBackendRefs[]; } /** - * Converts an object of type 'HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePath' to JSON representation. + * Converts an object of type 'TcpRouteSpecRules' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePath(obj: HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePath | undefined): Record | undefined { +export function toJson_TcpRouteSpecRules(obj: TcpRouteSpecRules | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'replaceFullPath': obj.replaceFullPath, - 'replacePrefixMatch': obj.replacePrefixMatch, - 'type': obj.type, + 'backendRefs': obj.backendRefs?.map(y => toJson_TcpRouteSpecRulesBackendRefs(y)), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -15265,153 +18976,201 @@ export function toJson_HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePath /* eslint-enable max-len, quote-props */ /** - * Type defines the type of path modifier. Additional types may be - * added in a future release of the API. - * + * BackendRef defines how a Route should forward a request to a Kubernetes + * resource. * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. - * - * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. * - * @schema HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPathType - */ -export enum HttpRouteV1Beta1SpecRulesFiltersRequestRedirectPathType { - /** ReplaceFullPath */ - REPLACE_FULL_PATH = "ReplaceFullPath", - /** ReplacePrefixMatch */ - REPLACE_PREFIX_MATCH = "ReplacePrefixMatch", -} - -/** - * Type defines the type of path modifier. Additional types may be - * added in a future release of the API. + * Note that when a namespace different than the local namespace is specified, a + * ReferenceGrant object is required in the referent namespace to allow that + * namespace's owner to accept the reference. See the ReferenceGrant + * documentation for details. * * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. + * * * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. + * When the BackendRef points to a Kubernetes Service, implementations SHOULD + * honor the appProtocol field if it is set for the target Service Port. * - * @schema HttpRouteV1Beta1SpecRulesFiltersUrlRewritePathType - */ -export enum HttpRouteV1Beta1SpecRulesFiltersUrlRewritePathType { - /** ReplaceFullPath */ - REPLACE_FULL_PATH = "ReplaceFullPath", - /** ReplacePrefixMatch */ - REPLACE_PREFIX_MATCH = "ReplacePrefixMatch", -} - -/** - * Type defines the type of path modifier. Additional types may be - * added in a future release of the API. * + * Implementations supporting appProtocol SHOULD recognize the Kubernetes + * Standard Application Protocols defined in KEP-3726. * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. * + * If a Service appProtocol isn't specified, an implementation MAY infer the + * backend protocol through its own means. Implementations MAY infer the + * protocol from the Route type referring to the backend Service. * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPathType - */ -export enum HttpRouteV1Beta1SpecRulesBackendRefsFiltersRequestRedirectPathType { - /** ReplaceFullPath */ - REPLACE_FULL_PATH = "ReplaceFullPath", - /** ReplacePrefixMatch */ - REPLACE_PREFIX_MATCH = "ReplacePrefixMatch", -} - -/** - * Type defines the type of path modifier. Additional types may be - * added in a future release of the API. + * If a Route is not able to send traffic to the backend using the specified + * protocol then the backend is considered invalid. Implementations MUST set the + * "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason. * * - * Note that values may be added to this enum, implementations - * must ensure that unknown values will not cause a crash. + * * * - * Unknown values here must result in the implementation setting the - * Accepted Condition for the Route to `status: False`, with a - * Reason of `UnsupportedValue`. + * Note that when the BackendTLSPolicy object is enabled by the implementation, + * there are some extra rules about validity to consider here. See the fields + * where this struct is used for more information about the exact behavior. * - * @schema HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePathType + * @schema TcpRouteSpecRulesBackendRefs */ -export enum HttpRouteV1Beta1SpecRulesBackendRefsFiltersUrlRewritePathType { - /** ReplaceFullPath */ - REPLACE_FULL_PATH = "ReplaceFullPath", - /** ReplacePrefixMatch */ - REPLACE_PREFIX_MATCH = "ReplacePrefixMatch", -} +export interface TcpRouteSpecRulesBackendRefs { + /** + * Group is the group of the referent. For example, "gateway.networking.k8s.io". + * When unspecified or empty string, core API group is inferred. + * + * @schema TcpRouteSpecRulesBackendRefs#group + */ + readonly group?: string; + /** + * Kind is the Kubernetes resource kind of the referent. For example + * "Service". + * + * + * Defaults to "Service" when not specified. + * + * + * ExternalName services can refer to CNAME DNS records that may live + * outside of the cluster and as such are difficult to reason about in + * terms of conformance. They also may not be safe to forward to (see + * CVE-2021-25740 for more information). Implementations SHOULD NOT + * support ExternalName Services. + * + * + * Support: Core (Services with a type other than ExternalName) + * + * + * Support: Implementation-specific (Services with type ExternalName) + * + * @default Service" when not specified. + * @schema TcpRouteSpecRulesBackendRefs#kind + */ + readonly kind?: string; -/** - * ReferenceGrant identifies kinds of resources in other namespaces that are -trusted to reference the specified kinds of resources in the same namespace -as the policy. + /** + * Name is the name of the referent. + * + * @schema TcpRouteSpecRulesBackendRefs#name + */ + readonly name: string; + /** + * Namespace is the namespace of the backend. When unspecified, the local + * namespace is inferred. + * + * + * Note that when a namespace different than the local namespace is specified, + * a ReferenceGrant object is required in the referent namespace to allow that + * namespace's owner to accept the reference. See the ReferenceGrant + * documentation for details. + * + * + * Support: Core + * + * @schema TcpRouteSpecRulesBackendRefs#namespace + */ + readonly namespace?: string; -Each ReferenceGrant can be used to represent a unique trust relationship. -Additional Reference Grants can be used to add to the set of trusted -sources of inbound references for the namespace they are defined within. + /** + * Port specifies the destination port number to use for this resource. + * Port is required when the referent is a Kubernetes Service. In this + * case, the port number is the service port number, not the target port. + * For other resources, destination port might be derived from the referent + * resource or this field. + * + * @schema TcpRouteSpecRulesBackendRefs#port + */ + readonly port?: number; + /** + * Weight specifies the proportion of requests forwarded to the referenced + * backend. This is computed as weight/(sum of all weights in this + * BackendRefs list). For non-zero values, there may be some epsilon from + * the exact proportion defined here depending on the precision an + * implementation supports. Weight is not a percentage and the sum of + * weights does not need to equal 100. + * + * + * If only one backend is specified and it has a weight greater than 0, 100% + * of the traffic is forwarded to that backend. If weight is set to 0, no + * traffic should be forwarded for this entry. If unspecified, weight + * defaults to 1. + * + * + * Support for this field varies based on the context where used. + * + * @schema TcpRouteSpecRulesBackendRefs#weight + */ + readonly weight?: number; -A ReferenceGrant is required for all cross-namespace references in Gateway API -(with the exception of cross-namespace Route-Gateway attachment, which is -governed by the AllowedRoutes configuration on the Gateway, and cross-namespace -Service ParentRefs on a "consumer" mesh Route, which defines routing rules -applicable only to workloads in the Route namespace). ReferenceGrants allowing -a reference from a Route to a Service are only applicable to BackendRefs. +} + +/** + * Converts an object of type 'TcpRouteSpecRulesBackendRefs' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_TcpRouteSpecRulesBackendRefs(obj: TcpRouteSpecRulesBackendRefs | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + 'namespace': obj.namespace, + 'port': obj.port, + 'weight': obj.weight, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ -ReferenceGrant is a form of runtime verification allowing users to assert -which cross-namespace object references are permitted. Implementations that -support ReferenceGrant MUST NOT permit cross-namespace references which have -no grant, and MUST respond to the removal of a grant by revoking the access -that the grant allowed. +/** + * The TLSRoute resource is similar to TCPRoute, but can be configured +to match against TLS-specific metadata. This allows more flexibility +in matching streams for a given TLS listener. + + +If you need to forward traffic to a single target for a TLS listener, you +could choose to use a TCPRoute with a TLS listener. * - * @schema ReferenceGrant + * @schema TLSRoute */ -export class ReferenceGrant extends ApiObject { +export class TlsRoute extends ApiObject { /** - * Returns the apiVersion and kind for "ReferenceGrant" + * Returns the apiVersion and kind for "TLSRoute" */ public static readonly GVK: GroupVersionKind = { apiVersion: 'gateway.networking.k8s.io/v1alpha2', - kind: 'ReferenceGrant', + kind: 'TLSRoute', } /** - * Renders a Kubernetes manifest for "ReferenceGrant". + * Renders a Kubernetes manifest for "TLSRoute". * * This can be used to inline resource manifests inside other objects (e.g. as templates). * * @param props initialization props */ - public static manifest(props: ReferenceGrantProps = {}): any { + public static manifest(props: TlsRouteProps): any { return { - ...ReferenceGrant.GVK, - ...toJson_ReferenceGrantProps(props), + ...TlsRoute.GVK, + ...toJson_TlsRouteProps(props), }; } /** - * Defines a "ReferenceGrant" API object + * Defines a "TLSRoute" API object * @param scope the scope in which to define this object * @param id a scope-local name for the object * @param props initialization props */ - public constructor(scope: Construct, id: string, props: ReferenceGrantProps = {}) { + public constructor(scope: Construct, id: string, props: TlsRouteProps) { super(scope, id, { - ...ReferenceGrant.GVK, + ...TlsRoute.GVK, ...props, }); } @@ -15423,63 +19182,396 @@ export class ReferenceGrant extends ApiObject { const resolved = super.toJson(); return { - ...ReferenceGrant.GVK, - ...toJson_ReferenceGrantProps(resolved), + ...TlsRoute.GVK, + ...toJson_TlsRouteProps(resolved), }; } } /** - * ReferenceGrant identifies kinds of resources in other namespaces that are - * trusted to reference the specified kinds of resources in the same namespace - * as the policy. + * The TLSRoute resource is similar to TCPRoute, but can be configured + * to match against TLS-specific metadata. This allows more flexibility + * in matching streams for a given TLS listener. * * - * Each ReferenceGrant can be used to represent a unique trust relationship. - * Additional Reference Grants can be used to add to the set of trusted - * sources of inbound references for the namespace they are defined within. + * If you need to forward traffic to a single target for a TLS listener, you + * could choose to use a TCPRoute with a TLS listener. * + * @schema TLSRoute + */ +export interface TlsRouteProps { + /** + * @schema TLSRoute#metadata + */ + readonly metadata?: ApiObjectMetadata; + + /** + * Spec defines the desired state of TLSRoute. + * + * @schema TLSRoute#spec + */ + readonly spec: TlsRouteSpec; + +} + +/** + * Converts an object of type 'TlsRouteProps' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_TlsRouteProps(obj: TlsRouteProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': obj.metadata, + 'spec': toJson_TlsRouteSpec(obj.spec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Spec defines the desired state of TLSRoute. * - * A ReferenceGrant is required for all cross-namespace references in Gateway API - * (with the exception of cross-namespace Route-Gateway attachment, which is - * governed by the AllowedRoutes configuration on the Gateway, and cross-namespace - * Service ParentRefs on a "consumer" mesh Route, which defines routing rules - * applicable only to workloads in the Route namespace). ReferenceGrants allowing - * a reference from a Route to a Service are only applicable to BackendRefs. + * @schema TlsRouteSpec + */ +export interface TlsRouteSpec { + /** + * Hostnames defines a set of SNI names that should match against the + * SNI attribute of TLS ClientHello message in TLS handshake. This matches + * the RFC 1123 definition of a hostname with 2 notable exceptions: + * + * + * 1. IPs are not allowed in SNI names per RFC 6066. + * 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard + * label must appear by itself as the first label. + * + * + * If a hostname is specified by both the Listener and TLSRoute, there + * must be at least one intersecting hostname for the TLSRoute to be + * attached to the Listener. For example: + * + * + * * A Listener with `test.example.com` as the hostname matches TLSRoutes + * that have either not specified any hostnames, or have specified at + * least one of `test.example.com` or `*.example.com`. + * * A Listener with `*.example.com` as the hostname matches TLSRoutes + * that have either not specified any hostnames or have specified at least + * one hostname that matches the Listener hostname. For example, + * `test.example.com` and `*.example.com` would both match. On the other + * hand, `example.com` and `test.example.net` would not match. + * + * + * If both the Listener and TLSRoute have specified hostnames, any + * TLSRoute hostnames that do not match the Listener hostname MUST be + * ignored. For example, if a Listener specified `*.example.com`, and the + * TLSRoute specified `test.example.com` and `test.example.net`, + * `test.example.net` must not be considered for a match. + * + * + * If both the Listener and TLSRoute have specified hostnames, and none + * match with the criteria above, then the TLSRoute is not accepted. The + * implementation must raise an 'Accepted' Condition with a status of + * `False` in the corresponding RouteParentStatus. + * + * + * Support: Core + * + * @schema TlsRouteSpec#hostnames + */ + readonly hostnames?: string[]; + + /** + * ParentRefs references the resources (usually Gateways) that a Route wants + * to be attached to. Note that the referenced parent resource needs to + * allow this for the attachment to be complete. For Gateways, that means + * the Gateway needs to allow attachment from Routes of this kind and + * namespace. For Services, that means the Service must either be in the same + * namespace for a "producer" route, or the mesh implementation must support + * and allow "consumer" routes for the referenced Service. ReferenceGrant is + * not applicable for governing ParentRefs to Services - it is not possible to + * create a "producer" route for a Service in a different namespace from the + * Route. + * + * + * There are two kinds of parent resources with "Core" support: + * + * + * * Gateway (Gateway conformance profile) + * * Service (Mesh conformance profile, ClusterIP Services only) + * + * + * This API may be extended in the future to support additional kinds of parent + * resources. + * + * + * ParentRefs must be _distinct_. This means either that: + * + * + * * They select different objects. If this is the case, then parentRef + * entries are distinct. In terms of fields, this means that the + * multi-part key defined by `group`, `kind`, `namespace`, and `name` must + * be unique across all parentRef entries in the Route. + * * They do not select different objects, but for each optional field used, + * each ParentRef that selects the same object must set the same set of + * optional fields to different values. If one ParentRef sets a + * combination of optional fields, all must set the same combination. + * + * + * Some examples: + * + * + * * If one ParentRef sets `sectionName`, all ParentRefs referencing the + * same object must also set `sectionName`. + * * If one ParentRef sets `port`, all ParentRefs referencing the same + * object must also set `port`. + * * If one ParentRef sets `sectionName` and `port`, all ParentRefs + * referencing the same object must also set `sectionName` and `port`. + * + * + * It is possible to separately reference multiple distinct objects that may + * be collapsed by an implementation. For example, some implementations may + * choose to merge compatible Gateway Listeners together. If that is the + * case, the list of routes attached to those resources should also be + * merged. + * + * + * Note that for ParentRefs that cross namespace boundaries, there are specific + * rules. Cross-namespace references are only valid if they are explicitly + * allowed by something in the namespace they are referring to. For example, + * Gateway has the AllowedRoutes field, and ReferenceGrant provides a + * generic way to enable other kinds of cross-namespace reference. + * + * + * + * ParentRefs from a Route to a Service in the same namespace are "producer" + * routes, which apply default routing rules to inbound connections from + * any namespace to the Service. + * + * + * ParentRefs from a Route to a Service in a different namespace are + * "consumer" routes, and these routing rules are only applied to outbound + * connections originating from the same namespace as the Route, for which + * the intended destination of the connections are a Service targeted as a + * ParentRef of the Route. + * + * + * + * + * + * + * + * + * @schema TlsRouteSpec#parentRefs + */ + readonly parentRefs?: TlsRouteSpecParentRefs[]; + + /** + * Rules are a list of TLS matchers and actions. + * + * @schema TlsRouteSpec#rules + */ + readonly rules: TlsRouteSpecRules[]; + +} + +/** + * Converts an object of type 'TlsRouteSpec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_TlsRouteSpec(obj: TlsRouteSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'hostnames': obj.hostnames?.map(y => y), + 'parentRefs': obj.parentRefs?.map(y => toJson_TlsRouteSpecParentRefs(y)), + 'rules': obj.rules?.map(y => toJson_TlsRouteSpecRules(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ParentReference identifies an API object (usually a Gateway) that can be considered + * a parent of this resource (usually a route). There are two kinds of parent resources + * with "Core" support: * * - * ReferenceGrant is a form of runtime verification allowing users to assert - * which cross-namespace object references are permitted. Implementations that - * support ReferenceGrant MUST NOT permit cross-namespace references which have - * no grant, and MUST respond to the removal of a grant by revoking the access - * that the grant allowed. + * * Gateway (Gateway conformance profile) + * * Service (Mesh conformance profile, ClusterIP Services only) * - * @schema ReferenceGrant + * + * This API may be extended in the future to support additional kinds of parent + * resources. + * + * + * The API object must be valid in the cluster; the Group and Kind must + * be registered in the cluster for this reference to be valid. + * + * @schema TlsRouteSpecParentRefs */ -export interface ReferenceGrantProps { +export interface TlsRouteSpecParentRefs { /** - * @schema ReferenceGrant#metadata + * Group is the group of the referent. + * When unspecified, "gateway.networking.k8s.io" is inferred. + * To set the core API group (such as for a "Service" kind referent), + * Group must be explicitly set to "" (empty string). + * + * + * Support: Core + * + * @schema TlsRouteSpecParentRefs#group + */ + readonly group?: string; + + /** + * Kind is kind of the referent. + * + * + * There are two kinds of parent resources with "Core" support: + * + * + * * Gateway (Gateway conformance profile) + * * Service (Mesh conformance profile, ClusterIP Services only) + * + * + * Support for other resources is Implementation-Specific. + * + * @schema TlsRouteSpecParentRefs#kind + */ + readonly kind?: string; + + /** + * Name is the name of the referent. + * + * + * Support: Core + * + * @schema TlsRouteSpecParentRefs#name + */ + readonly name: string; + + /** + * Namespace is the namespace of the referent. When unspecified, this refers + * to the local namespace of the Route. + * + * + * Note that there are specific rules for ParentRefs which cross namespace + * boundaries. Cross-namespace references are only valid if they are explicitly + * allowed by something in the namespace they are referring to. For example: + * Gateway has the AllowedRoutes field, and ReferenceGrant provides a + * generic way to enable any other kind of cross-namespace reference. + * + * + * + * ParentRefs from a Route to a Service in the same namespace are "producer" + * routes, which apply default routing rules to inbound connections from + * any namespace to the Service. + * + * + * ParentRefs from a Route to a Service in a different namespace are + * "consumer" routes, and these routing rules are only applied to outbound + * connections originating from the same namespace as the Route, for which + * the intended destination of the connections are a Service targeted as a + * ParentRef of the Route. + * + * + * + * Support: Core + * + * @schema TlsRouteSpecParentRefs#namespace + */ + readonly namespace?: string; + + /** + * Port is the network port this Route targets. It can be interpreted + * differently based on the type of parent resource. + * + * + * When the parent resource is a Gateway, this targets all listeners + * listening on the specified port that also support this kind of Route(and + * select this Route). It's not recommended to set `Port` unless the + * networking behaviors specified in a Route must apply to a specific port + * as opposed to a listener(s) whose port(s) may be changed. When both Port + * and SectionName are specified, the name and port of the selected listener + * must match both specified values. + * + * + * + * When the parent resource is a Service, this targets a specific port in the + * Service spec. When both Port (experimental) and SectionName are specified, + * the name and port of the selected port must match both specified values. + * + * + * + * Implementations MAY choose to support other parent resources. + * Implementations supporting other types of parent resources MUST clearly + * document how/if Port is interpreted. + * + * + * For the purpose of status, an attachment is considered successful as + * long as the parent resource accepts it partially. For example, Gateway + * listeners can restrict which Routes can attach to them by Route kind, + * namespace, or hostname. If 1 of 2 Gateway listeners accept attachment + * from the referencing Route, the Route MUST be considered successfully + * attached. If no Gateway listeners accept attachment from this Route, + * the Route MUST be considered detached from the Gateway. + * + * + * Support: Extended + * + * @schema TlsRouteSpecParentRefs#port */ - readonly metadata?: ApiObjectMetadata; + readonly port?: number; /** - * Spec defines the desired state of ReferenceGrant. + * SectionName is the name of a section within the target resource. In the + * following resources, SectionName is interpreted as the following: * - * @schema ReferenceGrant#spec + * + * * Gateway: Listener name. When both Port (experimental) and SectionName + * are specified, the name and port of the selected listener must match + * both specified values. + * * Service: Port name. When both Port (experimental) and SectionName + * are specified, the name and port of the selected listener must match + * both specified values. + * + * + * Implementations MAY choose to support attaching Routes to other resources. + * If that is the case, they MUST clearly document how SectionName is + * interpreted. + * + * + * When unspecified (empty string), this will reference the entire resource. + * For the purpose of status, an attachment is considered successful if at + * least one section in the parent resource accepts it. For example, Gateway + * listeners can restrict which Routes can attach to them by Route kind, + * namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from + * the referencing Route, the Route MUST be considered successfully + * attached. If no Gateway listeners accept attachment from this Route, the + * Route MUST be considered detached from the Gateway. + * + * + * Support: Core + * + * @schema TlsRouteSpecParentRefs#sectionName */ - readonly spec?: ReferenceGrantSpec; + readonly sectionName?: string; } /** - * Converts an object of type 'ReferenceGrantProps' to JSON representation. + * Converts an object of type 'TlsRouteSpecParentRefs' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_ReferenceGrantProps(obj: ReferenceGrantProps | undefined): Record | undefined { +export function toJson_TlsRouteSpecParentRefs(obj: TlsRouteSpecParentRefs | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'metadata': obj.metadata, - 'spec': toJson_ReferenceGrantSpec(obj.spec), + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + 'namespace': obj.namespace, + 'port': obj.port, + 'sectionName': obj.sectionName, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -15487,48 +19579,48 @@ export function toJson_ReferenceGrantProps(obj: ReferenceGrantProps | undefined) /* eslint-enable max-len, quote-props */ /** - * Spec defines the desired state of ReferenceGrant. + * TLSRouteRule is the configuration for a given rule. * - * @schema ReferenceGrantSpec + * @schema TlsRouteSpecRules */ -export interface ReferenceGrantSpec { +export interface TlsRouteSpecRules { /** - * From describes the trusted namespaces and kinds that can reference the - * resources described in "To". Each entry in this list MUST be considered - * to be an additional place that references can be valid from, or to put - * this another way, entries MUST be combined using OR. + * BackendRefs defines the backend(s) where matching requests should be + * sent. If unspecified or invalid (refers to a non-existent resource or + * a Service with no endpoints), the rule performs no forwarding; if no + * filters are specified that would result in a response being sent, the + * underlying implementation must actively reject request attempts to this + * backend, by rejecting the connection or returning a 500 status code. + * Request rejections must respect weight; if an invalid backend is + * requested to have 80% of requests, then 80% of requests must be rejected + * instead. * * - * Support: Core + * Support: Core for Kubernetes Service * - * @schema ReferenceGrantSpec#from - */ - readonly from: ReferenceGrantSpecFrom[]; - - /** - * To describes the resources that may be referenced by the resources - * described in "From". Each entry in this list MUST be considered to be an - * additional place that references can be valid to, or to put this another - * way, entries MUST be combined using OR. * + * Support: Extended for Kubernetes ServiceImport * - * Support: Core * - * @schema ReferenceGrantSpec#to + * Support: Implementation-specific for any other resource + * + * + * Support for weight: Extended + * + * @schema TlsRouteSpecRules#backendRefs */ - readonly to: ReferenceGrantSpecTo[]; + readonly backendRefs?: TlsRouteSpecRulesBackendRefs[]; } /** - * Converts an object of type 'ReferenceGrantSpec' to JSON representation. + * Converts an object of type 'TlsRouteSpecRules' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_ReferenceGrantSpec(obj: ReferenceGrantSpec | undefined): Record | undefined { +export function toJson_TlsRouteSpecRules(obj: TlsRouteSpecRules | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'from': obj.from?.map(y => toJson_ReferenceGrantSpecFrom(y)), - 'to': obj.to?.map(y => toJson_ReferenceGrantSpecTo(y)), + 'backendRefs': obj.backendRefs?.map(y => toJson_TlsRouteSpecRulesBackendRefs(y)), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -15536,127 +19628,151 @@ export function toJson_ReferenceGrantSpec(obj: ReferenceGrantSpec | undefined): /* eslint-enable max-len, quote-props */ /** - * ReferenceGrantFrom describes trusted namespaces and kinds. + * BackendRef defines how a Route should forward a request to a Kubernetes + * resource. * - * @schema ReferenceGrantSpecFrom + * + * Note that when a namespace different than the local namespace is specified, a + * ReferenceGrant object is required in the referent namespace to allow that + * namespace's owner to accept the reference. See the ReferenceGrant + * documentation for details. + * + * + * + * + * + * When the BackendRef points to a Kubernetes Service, implementations SHOULD + * honor the appProtocol field if it is set for the target Service Port. + * + * + * Implementations supporting appProtocol SHOULD recognize the Kubernetes + * Standard Application Protocols defined in KEP-3726. + * + * + * If a Service appProtocol isn't specified, an implementation MAY infer the + * backend protocol through its own means. Implementations MAY infer the + * protocol from the Route type referring to the backend Service. + * + * + * If a Route is not able to send traffic to the backend using the specified + * protocol then the backend is considered invalid. Implementations MUST set the + * "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason. + * + * + * + * + * + * Note that when the BackendTLSPolicy object is enabled by the implementation, + * there are some extra rules about validity to consider here. See the fields + * where this struct is used for more information about the exact behavior. + * + * @schema TlsRouteSpecRulesBackendRefs */ -export interface ReferenceGrantSpecFrom { +export interface TlsRouteSpecRulesBackendRefs { /** - * Group is the group of the referent. - * When empty, the Kubernetes core API group is inferred. - * - * - * Support: Core + * Group is the group of the referent. For example, "gateway.networking.k8s.io". + * When unspecified or empty string, core API group is inferred. * - * @schema ReferenceGrantSpecFrom#group + * @schema TlsRouteSpecRulesBackendRefs#group */ - readonly group: string; + readonly group?: string; /** - * Kind is the kind of the referent. Although implementations may support - * additional resources, the following types are part of the "Core" - * support level for this field. + * Kind is the Kubernetes resource kind of the referent. For example + * "Service". * * - * When used to permit a SecretObjectReference: + * Defaults to "Service" when not specified. * * - * * Gateway + * ExternalName services can refer to CNAME DNS records that may live + * outside of the cluster and as such are difficult to reason about in + * terms of conformance. They also may not be safe to forward to (see + * CVE-2021-25740 for more information). Implementations SHOULD NOT + * support ExternalName Services. * * - * When used to permit a BackendObjectReference: + * Support: Core (Services with a type other than ExternalName) * * - * * GRPCRoute - * * HTTPRoute - * * TCPRoute - * * TLSRoute - * * UDPRoute + * Support: Implementation-specific (Services with type ExternalName) * - * @schema ReferenceGrantSpecFrom#kind + * @default Service" when not specified. + * @schema TlsRouteSpecRulesBackendRefs#kind */ - readonly kind: string; + readonly kind?: string; /** - * Namespace is the namespace of the referent. - * - * - * Support: Core + * Name is the name of the referent. * - * @schema ReferenceGrantSpecFrom#namespace + * @schema TlsRouteSpecRulesBackendRefs#name */ - readonly namespace: string; - -} - -/** - * Converts an object of type 'ReferenceGrantSpecFrom' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_ReferenceGrantSpecFrom(obj: ReferenceGrantSpecFrom | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'group': obj.group, - 'kind': obj.kind, - 'namespace': obj.namespace, - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ + readonly name: string; -/** - * ReferenceGrantTo describes what Kinds are allowed as targets of the - * references. - * - * @schema ReferenceGrantSpecTo - */ -export interface ReferenceGrantSpecTo { /** - * Group is the group of the referent. - * When empty, the Kubernetes core API group is inferred. + * Namespace is the namespace of the backend. When unspecified, the local + * namespace is inferred. + * + * + * Note that when a namespace different than the local namespace is specified, + * a ReferenceGrant object is required in the referent namespace to allow that + * namespace's owner to accept the reference. See the ReferenceGrant + * documentation for details. * * * Support: Core * - * @schema ReferenceGrantSpecTo#group + * @schema TlsRouteSpecRulesBackendRefs#namespace */ - readonly group: string; + readonly namespace?: string; /** - * Kind is the kind of the referent. Although implementations may support - * additional resources, the following types are part of the "Core" - * support level for this field: - * - * - * * Secret when used to permit a SecretObjectReference - * * Service when used to permit a BackendObjectReference + * Port specifies the destination port number to use for this resource. + * Port is required when the referent is a Kubernetes Service. In this + * case, the port number is the service port number, not the target port. + * For other resources, destination port might be derived from the referent + * resource or this field. * - * @schema ReferenceGrantSpecTo#kind + * @schema TlsRouteSpecRulesBackendRefs#port */ - readonly kind: string; + readonly port?: number; /** - * Name is the name of the referent. When unspecified, this policy - * refers to all resources of the specified Group and Kind in the local - * namespace. + * Weight specifies the proportion of requests forwarded to the referenced + * backend. This is computed as weight/(sum of all weights in this + * BackendRefs list). For non-zero values, there may be some epsilon from + * the exact proportion defined here depending on the precision an + * implementation supports. Weight is not a percentage and the sum of + * weights does not need to equal 100. * - * @schema ReferenceGrantSpecTo#name + * + * If only one backend is specified and it has a weight greater than 0, 100% + * of the traffic is forwarded to that backend. If weight is set to 0, no + * traffic should be forwarded for this entry. If unspecified, weight + * defaults to 1. + * + * + * Support for this field varies based on the context where used. + * + * @schema TlsRouteSpecRulesBackendRefs#weight */ - readonly name?: string; + readonly weight?: number; } /** - * Converts an object of type 'ReferenceGrantSpecTo' to JSON representation. + * Converts an object of type 'TlsRouteSpecRulesBackendRefs' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_ReferenceGrantSpecTo(obj: ReferenceGrantSpecTo | undefined): Record | undefined { +export function toJson_TlsRouteSpecRulesBackendRefs(obj: TlsRouteSpecRulesBackendRefs | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { 'group': obj.group, 'kind': obj.kind, 'name': obj.name, + 'namespace': obj.namespace, + 'port': obj.port, + 'weight': obj.weight, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -15665,60 +19781,44 @@ export function toJson_ReferenceGrantSpecTo(obj: ReferenceGrantSpecTo | undefine /** - * ReferenceGrant identifies kinds of resources in other namespaces that are -trusted to reference the specified kinds of resources in the same namespace -as the policy. - - -Each ReferenceGrant can be used to represent a unique trust relationship. -Additional Reference Grants can be used to add to the set of trusted -sources of inbound references for the namespace they are defined within. - - -All cross-namespace references in Gateway API (with the exception of cross-namespace -Gateway-route attachment) require a ReferenceGrant. - - -ReferenceGrant is a form of runtime verification allowing users to assert -which cross-namespace object references are permitted. Implementations that -support ReferenceGrant MUST NOT permit cross-namespace references which have -no grant, and MUST respond to the removal of a grant by revoking the access -that the grant allowed. + * UDPRoute provides a way to route UDP traffic. When combined with a Gateway +listener, it can be used to forward traffic on the port specified by the +listener to a set of backends specified by the UDPRoute. * - * @schema ReferenceGrantV1Beta1 + * @schema UDPRoute */ -export class ReferenceGrantV1Beta1 extends ApiObject { +export class UdpRoute extends ApiObject { /** - * Returns the apiVersion and kind for "ReferenceGrantV1Beta1" + * Returns the apiVersion and kind for "UDPRoute" */ public static readonly GVK: GroupVersionKind = { - apiVersion: 'gateway.networking.k8s.io/v1beta1', - kind: 'ReferenceGrant', + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'UDPRoute', } /** - * Renders a Kubernetes manifest for "ReferenceGrantV1Beta1". + * Renders a Kubernetes manifest for "UDPRoute". * * This can be used to inline resource manifests inside other objects (e.g. as templates). * * @param props initialization props */ - public static manifest(props: ReferenceGrantV1Beta1Props = {}): any { + public static manifest(props: UdpRouteProps): any { return { - ...ReferenceGrantV1Beta1.GVK, - ...toJson_ReferenceGrantV1Beta1Props(props), + ...UdpRoute.GVK, + ...toJson_UdpRouteProps(props), }; } /** - * Defines a "ReferenceGrantV1Beta1" API object + * Defines a "UDPRoute" API object * @param scope the scope in which to define this object * @param id a scope-local name for the object * @param props initialization props */ - public constructor(scope: Construct, id: string, props: ReferenceGrantV1Beta1Props = {}) { + public constructor(scope: Construct, id: string, props: UdpRouteProps) { super(scope, id, { - ...ReferenceGrantV1Beta1.GVK, + ...UdpRoute.GVK, ...props, }); } @@ -15730,59 +19830,346 @@ export class ReferenceGrantV1Beta1 extends ApiObject { const resolved = super.toJson(); return { - ...ReferenceGrantV1Beta1.GVK, - ...toJson_ReferenceGrantV1Beta1Props(resolved), + ...UdpRoute.GVK, + ...toJson_UdpRouteProps(resolved), }; } } /** - * ReferenceGrant identifies kinds of resources in other namespaces that are - * trusted to reference the specified kinds of resources in the same namespace - * as the policy. + * UDPRoute provides a way to route UDP traffic. When combined with a Gateway + * listener, it can be used to forward traffic on the port specified by the + * listener to a set of backends specified by the UDPRoute. * + * @schema UDPRoute + */ +export interface UdpRouteProps { + /** + * @schema UDPRoute#metadata + */ + readonly metadata?: ApiObjectMetadata; + + /** + * Spec defines the desired state of UDPRoute. + * + * @schema UDPRoute#spec + */ + readonly spec: UdpRouteSpec; + +} + +/** + * Converts an object of type 'UdpRouteProps' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_UdpRouteProps(obj: UdpRouteProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': obj.metadata, + 'spec': toJson_UdpRouteSpec(obj.spec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Spec defines the desired state of UDPRoute. * - * Each ReferenceGrant can be used to represent a unique trust relationship. - * Additional Reference Grants can be used to add to the set of trusted - * sources of inbound references for the namespace they are defined within. + * @schema UdpRouteSpec + */ +export interface UdpRouteSpec { + /** + * ParentRefs references the resources (usually Gateways) that a Route wants + * to be attached to. Note that the referenced parent resource needs to + * allow this for the attachment to be complete. For Gateways, that means + * the Gateway needs to allow attachment from Routes of this kind and + * namespace. For Services, that means the Service must either be in the same + * namespace for a "producer" route, or the mesh implementation must support + * and allow "consumer" routes for the referenced Service. ReferenceGrant is + * not applicable for governing ParentRefs to Services - it is not possible to + * create a "producer" route for a Service in a different namespace from the + * Route. + * + * + * There are two kinds of parent resources with "Core" support: + * + * + * * Gateway (Gateway conformance profile) + * * Service (Mesh conformance profile, ClusterIP Services only) + * + * + * This API may be extended in the future to support additional kinds of parent + * resources. + * + * + * ParentRefs must be _distinct_. This means either that: + * + * + * * They select different objects. If this is the case, then parentRef + * entries are distinct. In terms of fields, this means that the + * multi-part key defined by `group`, `kind`, `namespace`, and `name` must + * be unique across all parentRef entries in the Route. + * * They do not select different objects, but for each optional field used, + * each ParentRef that selects the same object must set the same set of + * optional fields to different values. If one ParentRef sets a + * combination of optional fields, all must set the same combination. + * + * + * Some examples: + * + * + * * If one ParentRef sets `sectionName`, all ParentRefs referencing the + * same object must also set `sectionName`. + * * If one ParentRef sets `port`, all ParentRefs referencing the same + * object must also set `port`. + * * If one ParentRef sets `sectionName` and `port`, all ParentRefs + * referencing the same object must also set `sectionName` and `port`. + * + * + * It is possible to separately reference multiple distinct objects that may + * be collapsed by an implementation. For example, some implementations may + * choose to merge compatible Gateway Listeners together. If that is the + * case, the list of routes attached to those resources should also be + * merged. + * + * + * Note that for ParentRefs that cross namespace boundaries, there are specific + * rules. Cross-namespace references are only valid if they are explicitly + * allowed by something in the namespace they are referring to. For example, + * Gateway has the AllowedRoutes field, and ReferenceGrant provides a + * generic way to enable other kinds of cross-namespace reference. + * + * + * + * ParentRefs from a Route to a Service in the same namespace are "producer" + * routes, which apply default routing rules to inbound connections from + * any namespace to the Service. + * + * + * ParentRefs from a Route to a Service in a different namespace are + * "consumer" routes, and these routing rules are only applied to outbound + * connections originating from the same namespace as the Route, for which + * the intended destination of the connections are a Service targeted as a + * ParentRef of the Route. + * + * + * + * + * + * + * + * + * @schema UdpRouteSpec#parentRefs + */ + readonly parentRefs?: UdpRouteSpecParentRefs[]; + + /** + * Rules are a list of UDP matchers and actions. + * + * @schema UdpRouteSpec#rules + */ + readonly rules: UdpRouteSpecRules[]; + +} + +/** + * Converts an object of type 'UdpRouteSpec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_UdpRouteSpec(obj: UdpRouteSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'parentRefs': obj.parentRefs?.map(y => toJson_UdpRouteSpecParentRefs(y)), + 'rules': obj.rules?.map(y => toJson_UdpRouteSpecRules(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ParentReference identifies an API object (usually a Gateway) that can be considered + * a parent of this resource (usually a route). There are two kinds of parent resources + * with "Core" support: * * - * All cross-namespace references in Gateway API (with the exception of cross-namespace - * Gateway-route attachment) require a ReferenceGrant. + * * Gateway (Gateway conformance profile) + * * Service (Mesh conformance profile, ClusterIP Services only) * * - * ReferenceGrant is a form of runtime verification allowing users to assert - * which cross-namespace object references are permitted. Implementations that - * support ReferenceGrant MUST NOT permit cross-namespace references which have - * no grant, and MUST respond to the removal of a grant by revoking the access - * that the grant allowed. + * This API may be extended in the future to support additional kinds of parent + * resources. * - * @schema ReferenceGrantV1Beta1 + * + * The API object must be valid in the cluster; the Group and Kind must + * be registered in the cluster for this reference to be valid. + * + * @schema UdpRouteSpecParentRefs */ -export interface ReferenceGrantV1Beta1Props { +export interface UdpRouteSpecParentRefs { /** - * @schema ReferenceGrantV1Beta1#metadata + * Group is the group of the referent. + * When unspecified, "gateway.networking.k8s.io" is inferred. + * To set the core API group (such as for a "Service" kind referent), + * Group must be explicitly set to "" (empty string). + * + * + * Support: Core + * + * @schema UdpRouteSpecParentRefs#group + */ + readonly group?: string; + + /** + * Kind is kind of the referent. + * + * + * There are two kinds of parent resources with "Core" support: + * + * + * * Gateway (Gateway conformance profile) + * * Service (Mesh conformance profile, ClusterIP Services only) + * + * + * Support for other resources is Implementation-Specific. + * + * @schema UdpRouteSpecParentRefs#kind + */ + readonly kind?: string; + + /** + * Name is the name of the referent. + * + * + * Support: Core + * + * @schema UdpRouteSpecParentRefs#name + */ + readonly name: string; + + /** + * Namespace is the namespace of the referent. When unspecified, this refers + * to the local namespace of the Route. + * + * + * Note that there are specific rules for ParentRefs which cross namespace + * boundaries. Cross-namespace references are only valid if they are explicitly + * allowed by something in the namespace they are referring to. For example: + * Gateway has the AllowedRoutes field, and ReferenceGrant provides a + * generic way to enable any other kind of cross-namespace reference. + * + * + * + * ParentRefs from a Route to a Service in the same namespace are "producer" + * routes, which apply default routing rules to inbound connections from + * any namespace to the Service. + * + * + * ParentRefs from a Route to a Service in a different namespace are + * "consumer" routes, and these routing rules are only applied to outbound + * connections originating from the same namespace as the Route, for which + * the intended destination of the connections are a Service targeted as a + * ParentRef of the Route. + * + * + * + * Support: Core + * + * @schema UdpRouteSpecParentRefs#namespace + */ + readonly namespace?: string; + + /** + * Port is the network port this Route targets. It can be interpreted + * differently based on the type of parent resource. + * + * + * When the parent resource is a Gateway, this targets all listeners + * listening on the specified port that also support this kind of Route(and + * select this Route). It's not recommended to set `Port` unless the + * networking behaviors specified in a Route must apply to a specific port + * as opposed to a listener(s) whose port(s) may be changed. When both Port + * and SectionName are specified, the name and port of the selected listener + * must match both specified values. + * + * + * + * When the parent resource is a Service, this targets a specific port in the + * Service spec. When both Port (experimental) and SectionName are specified, + * the name and port of the selected port must match both specified values. + * + * + * + * Implementations MAY choose to support other parent resources. + * Implementations supporting other types of parent resources MUST clearly + * document how/if Port is interpreted. + * + * + * For the purpose of status, an attachment is considered successful as + * long as the parent resource accepts it partially. For example, Gateway + * listeners can restrict which Routes can attach to them by Route kind, + * namespace, or hostname. If 1 of 2 Gateway listeners accept attachment + * from the referencing Route, the Route MUST be considered successfully + * attached. If no Gateway listeners accept attachment from this Route, + * the Route MUST be considered detached from the Gateway. + * + * + * Support: Extended + * + * @schema UdpRouteSpecParentRefs#port */ - readonly metadata?: ApiObjectMetadata; + readonly port?: number; /** - * Spec defines the desired state of ReferenceGrant. + * SectionName is the name of a section within the target resource. In the + * following resources, SectionName is interpreted as the following: * - * @schema ReferenceGrantV1Beta1#spec + * + * * Gateway: Listener name. When both Port (experimental) and SectionName + * are specified, the name and port of the selected listener must match + * both specified values. + * * Service: Port name. When both Port (experimental) and SectionName + * are specified, the name and port of the selected listener must match + * both specified values. + * + * + * Implementations MAY choose to support attaching Routes to other resources. + * If that is the case, they MUST clearly document how SectionName is + * interpreted. + * + * + * When unspecified (empty string), this will reference the entire resource. + * For the purpose of status, an attachment is considered successful if at + * least one section in the parent resource accepts it. For example, Gateway + * listeners can restrict which Routes can attach to them by Route kind, + * namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from + * the referencing Route, the Route MUST be considered successfully + * attached. If no Gateway listeners accept attachment from this Route, the + * Route MUST be considered detached from the Gateway. + * + * + * Support: Core + * + * @schema UdpRouteSpecParentRefs#sectionName */ - readonly spec?: ReferenceGrantV1Beta1Spec; + readonly sectionName?: string; } /** - * Converts an object of type 'ReferenceGrantV1Beta1Props' to JSON representation. + * Converts an object of type 'UdpRouteSpecParentRefs' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_ReferenceGrantV1Beta1Props(obj: ReferenceGrantV1Beta1Props | undefined): Record | undefined { +export function toJson_UdpRouteSpecParentRefs(obj: UdpRouteSpecParentRefs | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'metadata': obj.metadata, - 'spec': toJson_ReferenceGrantV1Beta1Spec(obj.spec), + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + 'namespace': obj.namespace, + 'port': obj.port, + 'sectionName': obj.sectionName, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -15790,48 +20177,45 @@ export function toJson_ReferenceGrantV1Beta1Props(obj: ReferenceGrantV1Beta1Prop /* eslint-enable max-len, quote-props */ /** - * Spec defines the desired state of ReferenceGrant. + * UDPRouteRule is the configuration for a given rule. * - * @schema ReferenceGrantV1Beta1Spec + * @schema UdpRouteSpecRules */ -export interface ReferenceGrantV1Beta1Spec { +export interface UdpRouteSpecRules { /** - * From describes the trusted namespaces and kinds that can reference the - * resources described in "To". Each entry in this list MUST be considered - * to be an additional place that references can be valid from, or to put - * this another way, entries MUST be combined using OR. + * BackendRefs defines the backend(s) where matching requests should be + * sent. If unspecified or invalid (refers to a non-existent resource or a + * Service with no endpoints), the underlying implementation MUST actively + * reject connection attempts to this backend. Packet drops must + * respect weight; if an invalid backend is requested to have 80% of + * the packets, then 80% of packets must be dropped instead. * * - * Support: Core + * Support: Core for Kubernetes Service * - * @schema ReferenceGrantV1Beta1Spec#from - */ - readonly from: ReferenceGrantV1Beta1SpecFrom[]; - - /** - * To describes the resources that may be referenced by the resources - * described in "From". Each entry in this list MUST be considered to be an - * additional place that references can be valid to, or to put this another - * way, entries MUST be combined using OR. * + * Support: Extended for Kubernetes ServiceImport * - * Support: Core * - * @schema ReferenceGrantV1Beta1Spec#to + * Support: Implementation-specific for any other resource + * + * + * Support for weight: Extended + * + * @schema UdpRouteSpecRules#backendRefs */ - readonly to: ReferenceGrantV1Beta1SpecTo[]; + readonly backendRefs?: UdpRouteSpecRulesBackendRefs[]; } /** - * Converts an object of type 'ReferenceGrantV1Beta1Spec' to JSON representation. + * Converts an object of type 'UdpRouteSpecRules' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_ReferenceGrantV1Beta1Spec(obj: ReferenceGrantV1Beta1Spec | undefined): Record | undefined { +export function toJson_UdpRouteSpecRules(obj: UdpRouteSpecRules | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { - 'from': obj.from?.map(y => toJson_ReferenceGrantV1Beta1SpecFrom(y)), - 'to': obj.to?.map(y => toJson_ReferenceGrantV1Beta1SpecTo(y)), + 'backendRefs': obj.backendRefs?.map(y => toJson_UdpRouteSpecRulesBackendRefs(y)), }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); @@ -15839,130 +20223,153 @@ export function toJson_ReferenceGrantV1Beta1Spec(obj: ReferenceGrantV1Beta1Spec /* eslint-enable max-len, quote-props */ /** - * ReferenceGrantFrom describes trusted namespaces and kinds. + * BackendRef defines how a Route should forward a request to a Kubernetes + * resource. * - * @schema ReferenceGrantV1Beta1SpecFrom + * + * Note that when a namespace different than the local namespace is specified, a + * ReferenceGrant object is required in the referent namespace to allow that + * namespace's owner to accept the reference. See the ReferenceGrant + * documentation for details. + * + * + * + * + * + * When the BackendRef points to a Kubernetes Service, implementations SHOULD + * honor the appProtocol field if it is set for the target Service Port. + * + * + * Implementations supporting appProtocol SHOULD recognize the Kubernetes + * Standard Application Protocols defined in KEP-3726. + * + * + * If a Service appProtocol isn't specified, an implementation MAY infer the + * backend protocol through its own means. Implementations MAY infer the + * protocol from the Route type referring to the backend Service. + * + * + * If a Route is not able to send traffic to the backend using the specified + * protocol then the backend is considered invalid. Implementations MUST set the + * "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason. + * + * + * + * + * + * Note that when the BackendTLSPolicy object is enabled by the implementation, + * there are some extra rules about validity to consider here. See the fields + * where this struct is used for more information about the exact behavior. + * + * @schema UdpRouteSpecRulesBackendRefs */ -export interface ReferenceGrantV1Beta1SpecFrom { +export interface UdpRouteSpecRulesBackendRefs { /** - * Group is the group of the referent. - * When empty, the Kubernetes core API group is inferred. - * - * - * Support: Core + * Group is the group of the referent. For example, "gateway.networking.k8s.io". + * When unspecified or empty string, core API group is inferred. * - * @schema ReferenceGrantV1Beta1SpecFrom#group + * @schema UdpRouteSpecRulesBackendRefs#group */ - readonly group: string; + readonly group?: string; /** - * Kind is the kind of the referent. Although implementations may support - * additional resources, the following types are part of the "Core" - * support level for this field. + * Kind is the Kubernetes resource kind of the referent. For example + * "Service". * * - * When used to permit a SecretObjectReference: + * Defaults to "Service" when not specified. * * - * * Gateway + * ExternalName services can refer to CNAME DNS records that may live + * outside of the cluster and as such are difficult to reason about in + * terms of conformance. They also may not be safe to forward to (see + * CVE-2021-25740 for more information). Implementations SHOULD NOT + * support ExternalName Services. * * - * When used to permit a BackendObjectReference: + * Support: Core (Services with a type other than ExternalName) * * - * * GRPCRoute - * * HTTPRoute - * * TCPRoute - * * TLSRoute - * * UDPRoute + * Support: Implementation-specific (Services with type ExternalName) * - * @schema ReferenceGrantV1Beta1SpecFrom#kind + * @default Service" when not specified. + * @schema UdpRouteSpecRulesBackendRefs#kind */ - readonly kind: string; + readonly kind?: string; /** - * Namespace is the namespace of the referent. - * - * - * Support: Core + * Name is the name of the referent. * - * @schema ReferenceGrantV1Beta1SpecFrom#namespace + * @schema UdpRouteSpecRulesBackendRefs#name */ - readonly namespace: string; - -} - -/** - * Converts an object of type 'ReferenceGrantV1Beta1SpecFrom' to JSON representation. - */ -/* eslint-disable max-len, quote-props */ -export function toJson_ReferenceGrantV1Beta1SpecFrom(obj: ReferenceGrantV1Beta1SpecFrom | undefined): Record | undefined { - if (obj === undefined) { return undefined; } - const result = { - 'group': obj.group, - 'kind': obj.kind, - 'namespace': obj.namespace, - }; - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); -} -/* eslint-enable max-len, quote-props */ + readonly name: string; -/** - * ReferenceGrantTo describes what Kinds are allowed as targets of the - * references. - * - * @schema ReferenceGrantV1Beta1SpecTo - */ -export interface ReferenceGrantV1Beta1SpecTo { /** - * Group is the group of the referent. - * When empty, the Kubernetes core API group is inferred. + * Namespace is the namespace of the backend. When unspecified, the local + * namespace is inferred. + * + * + * Note that when a namespace different than the local namespace is specified, + * a ReferenceGrant object is required in the referent namespace to allow that + * namespace's owner to accept the reference. See the ReferenceGrant + * documentation for details. * * * Support: Core * - * @schema ReferenceGrantV1Beta1SpecTo#group + * @schema UdpRouteSpecRulesBackendRefs#namespace */ - readonly group: string; + readonly namespace?: string; /** - * Kind is the kind of the referent. Although implementations may support - * additional resources, the following types are part of the "Core" - * support level for this field: - * - * - * * Secret when used to permit a SecretObjectReference - * * Service when used to permit a BackendObjectReference + * Port specifies the destination port number to use for this resource. + * Port is required when the referent is a Kubernetes Service. In this + * case, the port number is the service port number, not the target port. + * For other resources, destination port might be derived from the referent + * resource or this field. * - * @schema ReferenceGrantV1Beta1SpecTo#kind + * @schema UdpRouteSpecRulesBackendRefs#port */ - readonly kind: string; + readonly port?: number; /** - * Name is the name of the referent. When unspecified, this policy - * refers to all resources of the specified Group and Kind in the local - * namespace. + * Weight specifies the proportion of requests forwarded to the referenced + * backend. This is computed as weight/(sum of all weights in this + * BackendRefs list). For non-zero values, there may be some epsilon from + * the exact proportion defined here depending on the precision an + * implementation supports. Weight is not a percentage and the sum of + * weights does not need to equal 100. * - * @schema ReferenceGrantV1Beta1SpecTo#name + * + * If only one backend is specified and it has a weight greater than 0, 100% + * of the traffic is forwarded to that backend. If weight is set to 0, no + * traffic should be forwarded for this entry. If unspecified, weight + * defaults to 1. + * + * + * Support for this field varies based on the context where used. + * + * @schema UdpRouteSpecRulesBackendRefs#weight */ - readonly name?: string; + readonly weight?: number; } /** - * Converts an object of type 'ReferenceGrantV1Beta1SpecTo' to JSON representation. + * Converts an object of type 'UdpRouteSpecRulesBackendRefs' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_ReferenceGrantV1Beta1SpecTo(obj: ReferenceGrantV1Beta1SpecTo | undefined): Record | undefined { +export function toJson_UdpRouteSpecRulesBackendRefs(obj: UdpRouteSpecRulesBackendRefs | undefined): Record | undefined { if (obj === undefined) { return undefined; } const result = { 'group': obj.group, 'kind': obj.kind, 'name': obj.name, + 'namespace': obj.namespace, + 'port': obj.port, + 'weight': obj.weight, }; // filter undefined values return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ - diff --git a/lib/web-service/web-service-props.ts b/lib/web-service/web-service-props.ts index 954c87c..b4e32c4 100644 --- a/lib/web-service/web-service-props.ts +++ b/lib/web-service/web-service-props.ts @@ -148,6 +148,21 @@ export interface WebServiceProps */ readonly includeIngress?: boolean; + /** + * Whether to include a HttpRoute pointing to this service. + * @default false + */ + readonly includeHttpRoute?: boolean; + + /** + * Name of the Gateway to use for the HttpRoute. + */ + readonly httpGateway?: { + readonly name: string; + readonly namespace: string; + readonly sectionName?: string; + }; + /** * Overrides for Ingress annotations. * @see https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.3/guide/ingress/annotations/ diff --git a/lib/web-service/web-service.ts b/lib/web-service/web-service.ts index d90d6eb..9379988 100644 --- a/lib/web-service/web-service.ts +++ b/lib/web-service/web-service.ts @@ -14,6 +14,11 @@ import { Quantity, Volume, } from "../../imports/k8s"; +import { + HttpRoute, + HttpRouteSpecRules, + HttpRouteSpecRulesMatchesPathType, +} from "../../imports/gateway.networking.k8s.io"; import { HorizontalPodAutoscalerProps, NginxContainerProps, @@ -43,6 +48,7 @@ export class WebService extends Construct { readonly deployment!: KubeDeployment; readonly canaryDeployment?: KubeDeployment; readonly hpa?: KubeHorizontalPodAutoscalerV2; + readonly httpRoute?: HttpRoute; constructor(scope: Construct, id: string, props: WebServiceProps) { super(scope, id); @@ -76,6 +82,13 @@ export class WebService extends Construct { const { applicationPort, servicePort, nginxPort } = this.findPorts(props); + const includeHttpRoute = props.includeHttpRoute ?? false; + const httpGateway = props.httpGateway ?? { + name: "default-http-gateway", + namespace: "app-ingress", + sectionName: "http", + }; + const containers: Container[] = [ { name: props.containerName ?? app ?? "app", @@ -314,6 +327,65 @@ export class WebService extends Construct { } } + if (includeHttpRoute) { + let hostnames: Array = []; + + if (props.externalHostname) { + hostnames.push(props.externalHostname); + } + + if (props.additionalExternalHostnames) { + hostnames = hostnames.concat(props.additionalExternalHostnames); + } + + const defaultServiceBackend = { + group: "", // Empty string means the core kubernetes API group + kind: "Service", // Service is only supported backend kind + name: service.name, + namespace: namespace, + port: servicePort, + // weight is a percentage of traffic to send to the backend service + // this is calculated by adding up all the weights and dividing by the individual weight + weight: 1, + }; + + const defaultTrafficRule: HttpRouteSpecRules = { + backendRefs: [defaultServiceBackend], + matches: [ + { + // Match all paths and redirect to the backend services + path: { + type: HttpRouteSpecRulesMatchesPathType.PATH_PREFIX, + value: "/", + }, + }, + ], + timeouts: { + request: "30s", + }, + }; + + const rules: HttpRouteSpecRules[] = [defaultTrafficRule]; + + this.httpRoute = new HttpRoute(this, `http-route-${id}-http`, { + metadata: { + name: `http-route-${id}-http`, + labels: instanceLabels, + }, + spec: { + parentRefs: [ + { + name: httpGateway.name, + namespace: httpGateway.namespace, + sectionName: httpGateway.sectionName ?? "http", + }, + ], + hostnames: hostnames, + rules: rules, + }, + }); + } + const deployment = new KubeDeployment(this, `${id}${instanceSuffix}`, { metadata: { labels: instanceLabels, @@ -425,6 +497,12 @@ export class WebService extends Construct { "Either cpuTargetUtilization or memoryTargetUtilization must be specified to use a horizontalPodAutoscaler", ); } + + if (props.includeHttpRoute && !props.httpGateway) { + throw new Error( + "Http Gateway must be specified when includeHttpRoute is enabled", + ); + } } private validatePodDisruptionBudget( diff --git a/test/web-service/__snapshots__/web-service.test.ts.snap b/test/web-service/__snapshots__/web-service.test.ts.snap index e782708..8d21b68 100644 --- a/test/web-service/__snapshots__/web-service.test.ts.snap +++ b/test/web-service/__snapshots__/web-service.test.ts.snap @@ -983,6 +983,59 @@ exports[`WebService > Props > Allows specifying custom logic to make affinity 1` } `; +exports[`WebService > Props > Allows specifying the httpRoute and httpGateway 1`] = ` +{ + "apiVersion": "gateway.networking.k8s.io/v1", + "kind": "HTTPRoute", + "metadata": { + "labels": { + "instance": "web", + "release": "test-123", + "role": "server", + }, + "name": "http-route-web-http", + "namespace": "test", + }, + "spec": { + "hostnames": [ + "api.example.com", + ], + "parentRefs": [ + { + "name": "gateway", + "namespace": "envoy-gateway", + "sectionName": "custom-section", + }, + ], + "rules": [ + { + "backendRefs": [ + { + "group": "", + "kind": "Service", + "name": "web-service", + "namespace": "test", + "port": 3000, + "weight": 1, + }, + ], + "matches": [ + { + "path": { + "type": "PathPrefix", + "value": "/", + }, + }, + ], + "timeouts": { + "request": "30s", + }, + }, + ], + }, +} +`; + exports[`WebService > Props > Either horizontalPodAutoscaler or replicas can be specified, not both 1`] = `[Error: Either horizontalPodAutoscaler or replicas can be specified, not both]`; exports[`WebService > Props > Either horizontalPodAutoscaler or replicas must be specified 1`] = `[Error: Either horizontalPodAutoscaler or replicas must be specified]`; @@ -1842,6 +1895,63 @@ exports[`WebService > Props > Minimal required props 1`] = ` exports[`WebService > Props > Release stage must be specified when canary deployments are enabled 1`] = `[Error: Release stage must be specified when canary deployments are enabled]`; +exports[`WebService > Props > Specifies the correct httpRoute when multiple domains are specified 1`] = ` +{ + "apiVersion": "gateway.networking.k8s.io/v1", + "kind": "HTTPRoute", + "metadata": { + "labels": { + "instance": "web", + "release": "test-123", + "role": "server", + }, + "name": "http-route-web-http", + "namespace": "test", + }, + "spec": { + "hostnames": [ + "api.example.com", + "api2.example.com", + "api3.example.com", + ], + "parentRefs": [ + { + "name": "gateway", + "namespace": "envoy-gateway", + "sectionName": "custom-section", + }, + ], + "rules": [ + { + "backendRefs": [ + { + "group": "", + "kind": "Service", + "name": "web-service", + "namespace": "test", + "port": 3000, + "weight": 1, + }, + ], + "matches": [ + { + "path": { + "type": "PathPrefix", + "value": "/", + }, + }, + ], + "timeouts": { + "request": "30s", + }, + }, + ], + }, +} +`; + +exports[`WebService > Props > Throws error if includeHttpRoute is specified and no httpGateway is defined 1`] = `[Error: Http Gateway must be specified when includeHttpRoute is enabled]`; + exports[`WebService > Props > Validates load balancer name even if overridden 1`] = `[Error: Load balancer name must not exceed 32 characters. Given: a-load-balancer-name-exceeding-32]`; exports[`WebService > Props > horizontalPodAutoscaler requires at least one of cpuTargetUtilization or memoryTargetUtilization 1`] = `[Error: Either cpuTargetUtilization or memoryTargetUtilization must be specified to use a horizontalPodAutoscaler]`; diff --git a/test/web-service/web-service.test.ts b/test/web-service/web-service.test.ts index 710d3a8..2cd39ff 100644 --- a/test/web-service/web-service.test.ts +++ b/test/web-service/web-service.test.ts @@ -102,6 +102,8 @@ describe("WebService", () => { | "makeAffinity" | "makeLoadBalancerName" | "replicas" + | "includeHttpRoute" + | "httpGateway" > > = { ...requiredProps, @@ -771,6 +773,61 @@ describe("WebService", () => { }).toThrowError(); }, ); + + test("Throws error if includeHttpRoute is specified and no httpGateway is defined", () => { + expect(() => { + new WebService(Testing.chart(), "web", { + ...defaultProps, + includeHttpRoute: true, + }); + }).toThrowErrorMatchingSnapshot(); + }); + + test("Allows to skip HttpRoute", () => { + const results = synthWebService({ + ...defaultProps, + includeHttpRoute: false, + includeIngress: false, + }); + expect(results).toHaveLength(2); + const httpRoute = results.find((obj) => obj.kind === "HTTPRoute"); + expect(httpRoute).toBeUndefined(); + }); + + test("Allows specifying the httpRoute and httpGateway", () => { + const results = synthWebService({ + ...defaultProps, + externalHostname: "api.example.com", + includeHttpRoute: true, + httpGateway: { + name: "gateway", + namespace: "envoy-gateway", + sectionName: "custom-section", + }, + }); + expect(results).toHaveLength(4); + const httpRoute = results.find((obj) => obj.kind === "HTTPRoute"); + expect(httpRoute).toBeDefined(); + expect(httpRoute).toMatchSnapshot(); + }); + + test("Specifies the correct httpRoute when multiple domains are specified", () => { + const results = synthWebService({ + ...defaultProps, + externalHostname: "api.example.com", + additionalExternalHostnames: ["api2.example.com", "api3.example.com"], + includeHttpRoute: true, + httpGateway: { + name: "gateway", + namespace: "envoy-gateway", + sectionName: "custom-section", + }, + }); + expect(results).toHaveLength(4); + const httpRoute = results.find((obj) => obj.kind === "HTTPRoute"); + expect(httpRoute).toBeDefined(); + expect(httpRoute).toMatchSnapshot(); + }); }); describe("Containers", () => {