From 20d1fb8c78443324463d8f7919b1d69f311eaada Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Fri, 13 Oct 2023 15:32:06 -0500 Subject: [PATCH 01/10] server: run the api checks against the path without params (#19205) --- agent/agent_endpoint_test.go | 12 ++++++++++++ agent/http.go | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/agent/agent_endpoint_test.go b/agent/agent_endpoint_test.go index 1a021d7b8e4c..ab9a44ff9877 100644 --- a/agent/agent_endpoint_test.go +++ b/agent/agent_endpoint_test.go @@ -90,6 +90,18 @@ func TestAgentEndpointsFailInV2(t *testing.T) { }) } + t.Run("agent-self-with-params", func(t *testing.T) { + req, err := http.NewRequest("GET", "/v1/agent/self?dc=dc1", nil) + require.NoError(t, err) + + resp := httptest.NewRecorder() + a.srv.h.ServeHTTP(resp, req) + require.Equal(t, http.StatusOK, resp.Code) + + _, err = io.ReadAll(resp.Body) + require.NoError(t, err) + }) + checkRequest("PUT", "/v1/agent/maintenance") checkRequest("GET", "/v1/agent/services") checkRequest("GET", "/v1/agent/service/web") diff --git a/agent/http.go b/agent/http.go index e95d36c914f8..aed7c920cdf9 100644 --- a/agent/http.go +++ b/agent/http.go @@ -396,7 +396,7 @@ func (s *HTTPHandlers) wrap(handler endpoint, methods []string) http.HandlerFunc rejectCatalogV1Endpoint := false if s.agent.baseDeps.UseV2Resources() { - rejectCatalogV1Endpoint = isV1CatalogRequest(logURL) + rejectCatalogV1Endpoint = isV1CatalogRequest(req.URL.Path) } if s.denylist.Block(req.URL.Path) { From 3d1a606c3b58add3884f8819257cf96fbcc842dc Mon Sep 17 00:00:00 2001 From: Ashwin Venkatesh Date: Fri, 13 Oct 2023 16:41:22 -0400 Subject: [PATCH 02/10] Clone proto into deepcopy correctly (#19204) --- .../internal/generate/generate.go | 4 +- .../ratelimit/ratelimit_deepcopy.gen.go | 4 +- proto-public/pbacl/acl_deepcopy.gen.go | 20 ++-- ...mputed_traffic_permissions_deepcopy.gen.go | 4 +- .../traffic_permissions_deepcopy.gen.go | 40 +++---- .../v2beta1/workload_identity_deepcopy.gen.go | 4 +- .../pbcatalog/v2beta1/dns_deepcopy.gen.go | 8 +- .../v2beta1/failover_policy_deepcopy.gen.go | 12 +- .../pbcatalog/v2beta1/health_deepcopy.gen.go | 36 +++--- .../pbcatalog/v2beta1/node_deepcopy.gen.go | 8 +- .../v2beta1/selector_deepcopy.gen.go | 4 +- .../pbcatalog/v2beta1/service_deepcopy.gen.go | 8 +- .../v2beta1/service_endpoints_deepcopy.gen.go | 8 +- .../pbcatalog/v2beta1/vip_deepcopy.gen.go | 8 +- .../v2beta1/workload_deepcopy.gen.go | 16 +-- proto-public/pbconnectca/ca_deepcopy.gen.go | 20 ++-- .../pbdataplane/dataplane_deepcopy.gen.go | 20 ++-- proto-public/pbdns/dns_deepcopy.gen.go | 8 +- .../pbmesh/v2beta1/common_deepcopy.gen.go | 8 +- ...uted_explicit_destinations_deepcopy.gen.go | 4 +- ...mputed_proxy_configuration_deepcopy.gen.go | 4 +- .../v2beta1/computed_routes_deepcopy.gen.go | 56 +++++----- .../pbmesh/v2beta1/connection_deepcopy.gen.go | 8 +- .../destination_policy_deepcopy.gen.go | 32 +++--- ...destinations_configuration_deepcopy.gen.go | 20 ++-- .../v2beta1/destinations_deepcopy.gen.go | 20 ++-- .../pbmesh/v2beta1/expose_deepcopy.gen.go | 8 +- .../pbmesh/v2beta1/grpc_route_deepcopy.gen.go | 28 ++--- .../pbmesh/v2beta1/http_route_deepcopy.gen.go | 44 ++++---- .../http_route_retries_deepcopy.gen.go | 4 +- .../http_route_timeouts_deepcopy.gen.go | 4 +- .../pbproxystate/access_logs_deepcopy.gen.go | 4 +- .../pbproxystate/address_deepcopy.gen.go | 8 +- .../pbproxystate/cluster_deepcopy.gen.go | 104 +++++++++--------- .../pbproxystate/endpoints_deepcopy.gen.go | 8 +- .../escape_hatches_deepcopy.gen.go | 4 +- .../header_mutations_deepcopy.gen.go | 24 ++-- .../pbproxystate/listener_deepcopy.gen.go | 32 +++--- .../pbproxystate/references_deepcopy.gen.go | 12 +- .../pbproxystate/route_deepcopy.gen.go | 64 +++++------ .../traffic_permissions_deepcopy.gen.go | 16 +-- .../transport_socket_deepcopy.gen.go | 52 ++++----- .../proxy_configuration_deepcopy.gen.go | 24 ++-- .../v2beta1/proxy_state_deepcopy.gen.go | 8 +- .../pbmesh/v2beta1/tcp_route_deepcopy.gen.go | 12 +- .../pbresource/annotations_deepcopy.gen.go | 4 +- .../pbresource/resource_deepcopy.gen.go | 88 +++++++-------- .../serverdiscovery_deepcopy.gen.go | 12 +- .../v1alpha1/namespace_deepcopy.gen.go | 4 +- 49 files changed, 476 insertions(+), 476 deletions(-) diff --git a/internal/resource/protoc-gen-deepcopy/internal/generate/generate.go b/internal/resource/protoc-gen-deepcopy/internal/generate/generate.go index f9af3fa62a44..afa8dda7f621 100644 --- a/internal/resource/protoc-gen-deepcopy/internal/generate/generate.go +++ b/internal/resource/protoc-gen-deepcopy/internal/generate/generate.go @@ -37,8 +37,8 @@ func Generate(gen *protogen.Plugin) error { // Generate DeepCopyInto() method for this type p.P(`// DeepCopyInto supports using `, typeName, ` within kubernetes types, where deepcopy-gen is used.`) p.P(`func (in *`, typeName, `) DeepCopyInto(out *`, typeName, `) {`) - p.P(`p := `, protoIdent, `(in).(*`, typeName, `)`) - p.P(`*out = *p`) + p.P(`proto.Reset(out)`) + p.P(`proto.Merge(out,`, protoIdent, `(in))`) p.P(`}`) // Generate DeepCopy() method for this type diff --git a/proto-public/annotations/ratelimit/ratelimit_deepcopy.gen.go b/proto-public/annotations/ratelimit/ratelimit_deepcopy.gen.go index 72ef4d990c62..6c1c69633734 100644 --- a/proto-public/annotations/ratelimit/ratelimit_deepcopy.gen.go +++ b/proto-public/annotations/ratelimit/ratelimit_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using Spec within kubernetes types, where deepcopy-gen is used. func (in *Spec) DeepCopyInto(out *Spec) { - p := proto.Clone(in).(*Spec) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Spec. Required by controller-gen. diff --git a/proto-public/pbacl/acl_deepcopy.gen.go b/proto-public/pbacl/acl_deepcopy.gen.go index 9bf1dcb45766..b3b069fe1fc8 100644 --- a/proto-public/pbacl/acl_deepcopy.gen.go +++ b/proto-public/pbacl/acl_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using LogoutResponse within kubernetes types, where deepcopy-gen is used. func (in *LogoutResponse) DeepCopyInto(out *LogoutResponse) { - p := proto.Clone(in).(*LogoutResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LogoutResponse. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *LogoutResponse) DeepCopyInterface() interface{} { // DeepCopyInto supports using LoginRequest within kubernetes types, where deepcopy-gen is used. func (in *LoginRequest) DeepCopyInto(out *LoginRequest) { - p := proto.Clone(in).(*LoginRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoginRequest. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *LoginRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using LoginResponse within kubernetes types, where deepcopy-gen is used. func (in *LoginResponse) DeepCopyInto(out *LoginResponse) { - p := proto.Clone(in).(*LoginResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoginResponse. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *LoginResponse) DeepCopyInterface() interface{} { // DeepCopyInto supports using LoginToken within kubernetes types, where deepcopy-gen is used. func (in *LoginToken) DeepCopyInto(out *LoginToken) { - p := proto.Clone(in).(*LoginToken) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoginToken. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *LoginToken) DeepCopyInterface() interface{} { // DeepCopyInto supports using LogoutRequest within kubernetes types, where deepcopy-gen is used. func (in *LogoutRequest) DeepCopyInto(out *LogoutRequest) { - p := proto.Clone(in).(*LogoutRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LogoutRequest. Required by controller-gen. diff --git a/proto-public/pbauth/v2beta1/computed_traffic_permissions_deepcopy.gen.go b/proto-public/pbauth/v2beta1/computed_traffic_permissions_deepcopy.gen.go index b0b3baa08721..7c22d2285c2d 100644 --- a/proto-public/pbauth/v2beta1/computed_traffic_permissions_deepcopy.gen.go +++ b/proto-public/pbauth/v2beta1/computed_traffic_permissions_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using ComputedTrafficPermissions within kubernetes types, where deepcopy-gen is used. func (in *ComputedTrafficPermissions) DeepCopyInto(out *ComputedTrafficPermissions) { - p := proto.Clone(in).(*ComputedTrafficPermissions) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedTrafficPermissions. Required by controller-gen. diff --git a/proto-public/pbauth/v2beta1/traffic_permissions_deepcopy.gen.go b/proto-public/pbauth/v2beta1/traffic_permissions_deepcopy.gen.go index 177c60c14a89..b954d00b407f 100644 --- a/proto-public/pbauth/v2beta1/traffic_permissions_deepcopy.gen.go +++ b/proto-public/pbauth/v2beta1/traffic_permissions_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using TrafficPermissions within kubernetes types, where deepcopy-gen is used. func (in *TrafficPermissions) DeepCopyInto(out *TrafficPermissions) { - p := proto.Clone(in).(*TrafficPermissions) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPermissions. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *TrafficPermissions) DeepCopyInterface() interface{} { // DeepCopyInto supports using NamespaceTrafficPermissions within kubernetes types, where deepcopy-gen is used. func (in *NamespaceTrafficPermissions) DeepCopyInto(out *NamespaceTrafficPermissions) { - p := proto.Clone(in).(*NamespaceTrafficPermissions) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceTrafficPermissions. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *NamespaceTrafficPermissions) DeepCopyInterface() interface{} { // DeepCopyInto supports using PartitionTrafficPermissions within kubernetes types, where deepcopy-gen is used. func (in *PartitionTrafficPermissions) DeepCopyInto(out *PartitionTrafficPermissions) { - p := proto.Clone(in).(*PartitionTrafficPermissions) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PartitionTrafficPermissions. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *PartitionTrafficPermissions) DeepCopyInterface() interface{} { // DeepCopyInto supports using Destination within kubernetes types, where deepcopy-gen is used. func (in *Destination) DeepCopyInto(out *Destination) { - p := proto.Clone(in).(*Destination) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Destination. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *Destination) DeepCopyInterface() interface{} { // DeepCopyInto supports using Permission within kubernetes types, where deepcopy-gen is used. func (in *Permission) DeepCopyInto(out *Permission) { - p := proto.Clone(in).(*Permission) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Permission. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *Permission) DeepCopyInterface() interface{} { // DeepCopyInto supports using Source within kubernetes types, where deepcopy-gen is used. func (in *Source) DeepCopyInto(out *Source) { - p := proto.Clone(in).(*Source) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Source. Required by controller-gen. @@ -133,8 +133,8 @@ func (in *Source) DeepCopyInterface() interface{} { // DeepCopyInto supports using ExcludeSource within kubernetes types, where deepcopy-gen is used. func (in *ExcludeSource) DeepCopyInto(out *ExcludeSource) { - p := proto.Clone(in).(*ExcludeSource) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExcludeSource. Required by controller-gen. @@ -154,8 +154,8 @@ func (in *ExcludeSource) DeepCopyInterface() interface{} { // DeepCopyInto supports using DestinationRule within kubernetes types, where deepcopy-gen is used. func (in *DestinationRule) DeepCopyInto(out *DestinationRule) { - p := proto.Clone(in).(*DestinationRule) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationRule. Required by controller-gen. @@ -175,8 +175,8 @@ func (in *DestinationRule) DeepCopyInterface() interface{} { // DeepCopyInto supports using ExcludePermissionRule within kubernetes types, where deepcopy-gen is used. func (in *ExcludePermissionRule) DeepCopyInto(out *ExcludePermissionRule) { - p := proto.Clone(in).(*ExcludePermissionRule) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExcludePermissionRule. Required by controller-gen. @@ -196,8 +196,8 @@ func (in *ExcludePermissionRule) DeepCopyInterface() interface{} { // DeepCopyInto supports using DestinationRuleHeader within kubernetes types, where deepcopy-gen is used. func (in *DestinationRuleHeader) DeepCopyInto(out *DestinationRuleHeader) { - p := proto.Clone(in).(*DestinationRuleHeader) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationRuleHeader. Required by controller-gen. diff --git a/proto-public/pbauth/v2beta1/workload_identity_deepcopy.gen.go b/proto-public/pbauth/v2beta1/workload_identity_deepcopy.gen.go index 7684b5ef837f..7a25aba74a48 100644 --- a/proto-public/pbauth/v2beta1/workload_identity_deepcopy.gen.go +++ b/proto-public/pbauth/v2beta1/workload_identity_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using WorkloadIdentity within kubernetes types, where deepcopy-gen is used. func (in *WorkloadIdentity) DeepCopyInto(out *WorkloadIdentity) { - p := proto.Clone(in).(*WorkloadIdentity) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadIdentity. Required by controller-gen. diff --git a/proto-public/pbcatalog/v2beta1/dns_deepcopy.gen.go b/proto-public/pbcatalog/v2beta1/dns_deepcopy.gen.go index f2a7b3564fc9..9a3d883b8cec 100644 --- a/proto-public/pbcatalog/v2beta1/dns_deepcopy.gen.go +++ b/proto-public/pbcatalog/v2beta1/dns_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using DNSPolicy within kubernetes types, where deepcopy-gen is used. func (in *DNSPolicy) DeepCopyInto(out *DNSPolicy) { - p := proto.Clone(in).(*DNSPolicy) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSPolicy. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *DNSPolicy) DeepCopyInterface() interface{} { // DeepCopyInto supports using Weights within kubernetes types, where deepcopy-gen is used. func (in *Weights) DeepCopyInto(out *Weights) { - p := proto.Clone(in).(*Weights) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Weights. Required by controller-gen. diff --git a/proto-public/pbcatalog/v2beta1/failover_policy_deepcopy.gen.go b/proto-public/pbcatalog/v2beta1/failover_policy_deepcopy.gen.go index b0fc57e9723d..fabe3f9e30a6 100644 --- a/proto-public/pbcatalog/v2beta1/failover_policy_deepcopy.gen.go +++ b/proto-public/pbcatalog/v2beta1/failover_policy_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using FailoverPolicy within kubernetes types, where deepcopy-gen is used. func (in *FailoverPolicy) DeepCopyInto(out *FailoverPolicy) { - p := proto.Clone(in).(*FailoverPolicy) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FailoverPolicy. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *FailoverPolicy) DeepCopyInterface() interface{} { // DeepCopyInto supports using FailoverConfig within kubernetes types, where deepcopy-gen is used. func (in *FailoverConfig) DeepCopyInto(out *FailoverConfig) { - p := proto.Clone(in).(*FailoverConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FailoverConfig. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *FailoverConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using FailoverDestination within kubernetes types, where deepcopy-gen is used. func (in *FailoverDestination) DeepCopyInto(out *FailoverDestination) { - p := proto.Clone(in).(*FailoverDestination) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FailoverDestination. Required by controller-gen. diff --git a/proto-public/pbcatalog/v2beta1/health_deepcopy.gen.go b/proto-public/pbcatalog/v2beta1/health_deepcopy.gen.go index bb24cbe052fd..677a1af1056d 100644 --- a/proto-public/pbcatalog/v2beta1/health_deepcopy.gen.go +++ b/proto-public/pbcatalog/v2beta1/health_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using HealthStatus within kubernetes types, where deepcopy-gen is used. func (in *HealthStatus) DeepCopyInto(out *HealthStatus) { - p := proto.Clone(in).(*HealthStatus) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HealthStatus. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *HealthStatus) DeepCopyInterface() interface{} { // DeepCopyInto supports using HealthChecks within kubernetes types, where deepcopy-gen is used. func (in *HealthChecks) DeepCopyInto(out *HealthChecks) { - p := proto.Clone(in).(*HealthChecks) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HealthChecks. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *HealthChecks) DeepCopyInterface() interface{} { // DeepCopyInto supports using HealthCheck within kubernetes types, where deepcopy-gen is used. func (in *HealthCheck) DeepCopyInto(out *HealthCheck) { - p := proto.Clone(in).(*HealthCheck) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HealthCheck. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *HealthCheck) DeepCopyInterface() interface{} { // DeepCopyInto supports using HTTPCheck within kubernetes types, where deepcopy-gen is used. func (in *HTTPCheck) DeepCopyInto(out *HTTPCheck) { - p := proto.Clone(in).(*HTTPCheck) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPCheck. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *HTTPCheck) DeepCopyInterface() interface{} { // DeepCopyInto supports using TCPCheck within kubernetes types, where deepcopy-gen is used. func (in *TCPCheck) DeepCopyInto(out *TCPCheck) { - p := proto.Clone(in).(*TCPCheck) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPCheck. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *TCPCheck) DeepCopyInterface() interface{} { // DeepCopyInto supports using UDPCheck within kubernetes types, where deepcopy-gen is used. func (in *UDPCheck) DeepCopyInto(out *UDPCheck) { - p := proto.Clone(in).(*UDPCheck) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UDPCheck. Required by controller-gen. @@ -133,8 +133,8 @@ func (in *UDPCheck) DeepCopyInterface() interface{} { // DeepCopyInto supports using GRPCCheck within kubernetes types, where deepcopy-gen is used. func (in *GRPCCheck) DeepCopyInto(out *GRPCCheck) { - p := proto.Clone(in).(*GRPCCheck) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCCheck. Required by controller-gen. @@ -154,8 +154,8 @@ func (in *GRPCCheck) DeepCopyInterface() interface{} { // DeepCopyInto supports using OSServiceCheck within kubernetes types, where deepcopy-gen is used. func (in *OSServiceCheck) DeepCopyInto(out *OSServiceCheck) { - p := proto.Clone(in).(*OSServiceCheck) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OSServiceCheck. Required by controller-gen. @@ -175,8 +175,8 @@ func (in *OSServiceCheck) DeepCopyInterface() interface{} { // DeepCopyInto supports using CheckTLSConfig within kubernetes types, where deepcopy-gen is used. func (in *CheckTLSConfig) DeepCopyInto(out *CheckTLSConfig) { - p := proto.Clone(in).(*CheckTLSConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CheckTLSConfig. Required by controller-gen. diff --git a/proto-public/pbcatalog/v2beta1/node_deepcopy.gen.go b/proto-public/pbcatalog/v2beta1/node_deepcopy.gen.go index 775faa3d535f..d864f7858fe6 100644 --- a/proto-public/pbcatalog/v2beta1/node_deepcopy.gen.go +++ b/proto-public/pbcatalog/v2beta1/node_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using Node within kubernetes types, where deepcopy-gen is used. func (in *Node) DeepCopyInto(out *Node) { - p := proto.Clone(in).(*Node) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Node. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *Node) DeepCopyInterface() interface{} { // DeepCopyInto supports using NodeAddress within kubernetes types, where deepcopy-gen is used. func (in *NodeAddress) DeepCopyInto(out *NodeAddress) { - p := proto.Clone(in).(*NodeAddress) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeAddress. Required by controller-gen. diff --git a/proto-public/pbcatalog/v2beta1/selector_deepcopy.gen.go b/proto-public/pbcatalog/v2beta1/selector_deepcopy.gen.go index 1f4ae1c7ff52..7e59d5588081 100644 --- a/proto-public/pbcatalog/v2beta1/selector_deepcopy.gen.go +++ b/proto-public/pbcatalog/v2beta1/selector_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using WorkloadSelector within kubernetes types, where deepcopy-gen is used. func (in *WorkloadSelector) DeepCopyInto(out *WorkloadSelector) { - p := proto.Clone(in).(*WorkloadSelector) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadSelector. Required by controller-gen. diff --git a/proto-public/pbcatalog/v2beta1/service_deepcopy.gen.go b/proto-public/pbcatalog/v2beta1/service_deepcopy.gen.go index 92e77ecb9d44..fa578cc34464 100644 --- a/proto-public/pbcatalog/v2beta1/service_deepcopy.gen.go +++ b/proto-public/pbcatalog/v2beta1/service_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using Service within kubernetes types, where deepcopy-gen is used. func (in *Service) DeepCopyInto(out *Service) { - p := proto.Clone(in).(*Service) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Service. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *Service) DeepCopyInterface() interface{} { // DeepCopyInto supports using ServicePort within kubernetes types, where deepcopy-gen is used. func (in *ServicePort) DeepCopyInto(out *ServicePort) { - p := proto.Clone(in).(*ServicePort) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServicePort. Required by controller-gen. diff --git a/proto-public/pbcatalog/v2beta1/service_endpoints_deepcopy.gen.go b/proto-public/pbcatalog/v2beta1/service_endpoints_deepcopy.gen.go index 6c1e3833bf41..f3634c091be7 100644 --- a/proto-public/pbcatalog/v2beta1/service_endpoints_deepcopy.gen.go +++ b/proto-public/pbcatalog/v2beta1/service_endpoints_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using ServiceEndpoints within kubernetes types, where deepcopy-gen is used. func (in *ServiceEndpoints) DeepCopyInto(out *ServiceEndpoints) { - p := proto.Clone(in).(*ServiceEndpoints) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEndpoints. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *ServiceEndpoints) DeepCopyInterface() interface{} { // DeepCopyInto supports using Endpoint within kubernetes types, where deepcopy-gen is used. func (in *Endpoint) DeepCopyInto(out *Endpoint) { - p := proto.Clone(in).(*Endpoint) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Endpoint. Required by controller-gen. diff --git a/proto-public/pbcatalog/v2beta1/vip_deepcopy.gen.go b/proto-public/pbcatalog/v2beta1/vip_deepcopy.gen.go index d49da5045ba2..8308240c52b0 100644 --- a/proto-public/pbcatalog/v2beta1/vip_deepcopy.gen.go +++ b/proto-public/pbcatalog/v2beta1/vip_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using VirtualIPs within kubernetes types, where deepcopy-gen is used. func (in *VirtualIPs) DeepCopyInto(out *VirtualIPs) { - p := proto.Clone(in).(*VirtualIPs) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualIPs. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *VirtualIPs) DeepCopyInterface() interface{} { // DeepCopyInto supports using IP within kubernetes types, where deepcopy-gen is used. func (in *IP) DeepCopyInto(out *IP) { - p := proto.Clone(in).(*IP) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IP. Required by controller-gen. diff --git a/proto-public/pbcatalog/v2beta1/workload_deepcopy.gen.go b/proto-public/pbcatalog/v2beta1/workload_deepcopy.gen.go index fbb4b50af325..10d71872bf6d 100644 --- a/proto-public/pbcatalog/v2beta1/workload_deepcopy.gen.go +++ b/proto-public/pbcatalog/v2beta1/workload_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using Workload within kubernetes types, where deepcopy-gen is used. func (in *Workload) DeepCopyInto(out *Workload) { - p := proto.Clone(in).(*Workload) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Workload. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *Workload) DeepCopyInterface() interface{} { // DeepCopyInto supports using WorkloadAddress within kubernetes types, where deepcopy-gen is used. func (in *WorkloadAddress) DeepCopyInto(out *WorkloadAddress) { - p := proto.Clone(in).(*WorkloadAddress) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadAddress. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *WorkloadAddress) DeepCopyInterface() interface{} { // DeepCopyInto supports using WorkloadPort within kubernetes types, where deepcopy-gen is used. func (in *WorkloadPort) DeepCopyInto(out *WorkloadPort) { - p := proto.Clone(in).(*WorkloadPort) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadPort. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *WorkloadPort) DeepCopyInterface() interface{} { // DeepCopyInto supports using Locality within kubernetes types, where deepcopy-gen is used. func (in *Locality) DeepCopyInto(out *Locality) { - p := proto.Clone(in).(*Locality) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Locality. Required by controller-gen. diff --git a/proto-public/pbconnectca/ca_deepcopy.gen.go b/proto-public/pbconnectca/ca_deepcopy.gen.go index 5200e4d9cac7..8ac221b224c5 100644 --- a/proto-public/pbconnectca/ca_deepcopy.gen.go +++ b/proto-public/pbconnectca/ca_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using WatchRootsRequest within kubernetes types, where deepcopy-gen is used. func (in *WatchRootsRequest) DeepCopyInto(out *WatchRootsRequest) { - p := proto.Clone(in).(*WatchRootsRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WatchRootsRequest. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *WatchRootsRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using WatchRootsResponse within kubernetes types, where deepcopy-gen is used. func (in *WatchRootsResponse) DeepCopyInto(out *WatchRootsResponse) { - p := proto.Clone(in).(*WatchRootsResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WatchRootsResponse. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *WatchRootsResponse) DeepCopyInterface() interface{} { // DeepCopyInto supports using CARoot within kubernetes types, where deepcopy-gen is used. func (in *CARoot) DeepCopyInto(out *CARoot) { - p := proto.Clone(in).(*CARoot) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CARoot. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *CARoot) DeepCopyInterface() interface{} { // DeepCopyInto supports using SignRequest within kubernetes types, where deepcopy-gen is used. func (in *SignRequest) DeepCopyInto(out *SignRequest) { - p := proto.Clone(in).(*SignRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SignRequest. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *SignRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using SignResponse within kubernetes types, where deepcopy-gen is used. func (in *SignResponse) DeepCopyInto(out *SignResponse) { - p := proto.Clone(in).(*SignResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SignResponse. Required by controller-gen. diff --git a/proto-public/pbdataplane/dataplane_deepcopy.gen.go b/proto-public/pbdataplane/dataplane_deepcopy.gen.go index 1d787b70721d..e1daf2b699fb 100644 --- a/proto-public/pbdataplane/dataplane_deepcopy.gen.go +++ b/proto-public/pbdataplane/dataplane_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using GetSupportedDataplaneFeaturesRequest within kubernetes types, where deepcopy-gen is used. func (in *GetSupportedDataplaneFeaturesRequest) DeepCopyInto(out *GetSupportedDataplaneFeaturesRequest) { - p := proto.Clone(in).(*GetSupportedDataplaneFeaturesRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GetSupportedDataplaneFeaturesRequest. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *GetSupportedDataplaneFeaturesRequest) DeepCopyInterface() interface{} // DeepCopyInto supports using DataplaneFeatureSupport within kubernetes types, where deepcopy-gen is used. func (in *DataplaneFeatureSupport) DeepCopyInto(out *DataplaneFeatureSupport) { - p := proto.Clone(in).(*DataplaneFeatureSupport) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DataplaneFeatureSupport. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *DataplaneFeatureSupport) DeepCopyInterface() interface{} { // DeepCopyInto supports using GetSupportedDataplaneFeaturesResponse within kubernetes types, where deepcopy-gen is used. func (in *GetSupportedDataplaneFeaturesResponse) DeepCopyInto(out *GetSupportedDataplaneFeaturesResponse) { - p := proto.Clone(in).(*GetSupportedDataplaneFeaturesResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GetSupportedDataplaneFeaturesResponse. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *GetSupportedDataplaneFeaturesResponse) DeepCopyInterface() interface{} // DeepCopyInto supports using GetEnvoyBootstrapParamsRequest within kubernetes types, where deepcopy-gen is used. func (in *GetEnvoyBootstrapParamsRequest) DeepCopyInto(out *GetEnvoyBootstrapParamsRequest) { - p := proto.Clone(in).(*GetEnvoyBootstrapParamsRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GetEnvoyBootstrapParamsRequest. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *GetEnvoyBootstrapParamsRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using GetEnvoyBootstrapParamsResponse within kubernetes types, where deepcopy-gen is used. func (in *GetEnvoyBootstrapParamsResponse) DeepCopyInto(out *GetEnvoyBootstrapParamsResponse) { - p := proto.Clone(in).(*GetEnvoyBootstrapParamsResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GetEnvoyBootstrapParamsResponse. Required by controller-gen. diff --git a/proto-public/pbdns/dns_deepcopy.gen.go b/proto-public/pbdns/dns_deepcopy.gen.go index c2975e2d7f9a..339ab448e1d1 100644 --- a/proto-public/pbdns/dns_deepcopy.gen.go +++ b/proto-public/pbdns/dns_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using QueryRequest within kubernetes types, where deepcopy-gen is used. func (in *QueryRequest) DeepCopyInto(out *QueryRequest) { - p := proto.Clone(in).(*QueryRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueryRequest. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *QueryRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using QueryResponse within kubernetes types, where deepcopy-gen is used. func (in *QueryResponse) DeepCopyInto(out *QueryResponse) { - p := proto.Clone(in).(*QueryResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueryResponse. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/common_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/common_deepcopy.gen.go index dae015adf7ce..f9aa662c4182 100644 --- a/proto-public/pbmesh/v2beta1/common_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/common_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using ParentReference within kubernetes types, where deepcopy-gen is used. func (in *ParentReference) DeepCopyInto(out *ParentReference) { - p := proto.Clone(in).(*ParentReference) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParentReference. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *ParentReference) DeepCopyInterface() interface{} { // DeepCopyInto supports using BackendReference within kubernetes types, where deepcopy-gen is used. func (in *BackendReference) DeepCopyInto(out *BackendReference) { - p := proto.Clone(in).(*BackendReference) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendReference. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/computed_explicit_destinations_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/computed_explicit_destinations_deepcopy.gen.go index 3e237e2ac009..7a14e57454f2 100644 --- a/proto-public/pbmesh/v2beta1/computed_explicit_destinations_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/computed_explicit_destinations_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using ComputedExplicitDestinations within kubernetes types, where deepcopy-gen is used. func (in *ComputedExplicitDestinations) DeepCopyInto(out *ComputedExplicitDestinations) { - p := proto.Clone(in).(*ComputedExplicitDestinations) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedExplicitDestinations. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/computed_proxy_configuration_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/computed_proxy_configuration_deepcopy.gen.go index c8d608122268..d6eb5723030b 100644 --- a/proto-public/pbmesh/v2beta1/computed_proxy_configuration_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/computed_proxy_configuration_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using ComputedProxyConfiguration within kubernetes types, where deepcopy-gen is used. func (in *ComputedProxyConfiguration) DeepCopyInto(out *ComputedProxyConfiguration) { - p := proto.Clone(in).(*ComputedProxyConfiguration) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedProxyConfiguration. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/computed_routes_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/computed_routes_deepcopy.gen.go index 01e077aacf00..d63358455892 100644 --- a/proto-public/pbmesh/v2beta1/computed_routes_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/computed_routes_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using ComputedRoutes within kubernetes types, where deepcopy-gen is used. func (in *ComputedRoutes) DeepCopyInto(out *ComputedRoutes) { - p := proto.Clone(in).(*ComputedRoutes) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedRoutes. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *ComputedRoutes) DeepCopyInterface() interface{} { // DeepCopyInto supports using ComputedPortRoutes within kubernetes types, where deepcopy-gen is used. func (in *ComputedPortRoutes) DeepCopyInto(out *ComputedPortRoutes) { - p := proto.Clone(in).(*ComputedPortRoutes) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedPortRoutes. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *ComputedPortRoutes) DeepCopyInterface() interface{} { // DeepCopyInto supports using ComputedHTTPRoute within kubernetes types, where deepcopy-gen is used. func (in *ComputedHTTPRoute) DeepCopyInto(out *ComputedHTTPRoute) { - p := proto.Clone(in).(*ComputedHTTPRoute) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedHTTPRoute. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *ComputedHTTPRoute) DeepCopyInterface() interface{} { // DeepCopyInto supports using ComputedHTTPRouteRule within kubernetes types, where deepcopy-gen is used. func (in *ComputedHTTPRouteRule) DeepCopyInto(out *ComputedHTTPRouteRule) { - p := proto.Clone(in).(*ComputedHTTPRouteRule) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedHTTPRouteRule. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *ComputedHTTPRouteRule) DeepCopyInterface() interface{} { // DeepCopyInto supports using ComputedHTTPBackendRef within kubernetes types, where deepcopy-gen is used. func (in *ComputedHTTPBackendRef) DeepCopyInto(out *ComputedHTTPBackendRef) { - p := proto.Clone(in).(*ComputedHTTPBackendRef) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedHTTPBackendRef. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *ComputedHTTPBackendRef) DeepCopyInterface() interface{} { // DeepCopyInto supports using ComputedGRPCRoute within kubernetes types, where deepcopy-gen is used. func (in *ComputedGRPCRoute) DeepCopyInto(out *ComputedGRPCRoute) { - p := proto.Clone(in).(*ComputedGRPCRoute) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedGRPCRoute. Required by controller-gen. @@ -133,8 +133,8 @@ func (in *ComputedGRPCRoute) DeepCopyInterface() interface{} { // DeepCopyInto supports using ComputedGRPCRouteRule within kubernetes types, where deepcopy-gen is used. func (in *ComputedGRPCRouteRule) DeepCopyInto(out *ComputedGRPCRouteRule) { - p := proto.Clone(in).(*ComputedGRPCRouteRule) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedGRPCRouteRule. Required by controller-gen. @@ -154,8 +154,8 @@ func (in *ComputedGRPCRouteRule) DeepCopyInterface() interface{} { // DeepCopyInto supports using ComputedGRPCBackendRef within kubernetes types, where deepcopy-gen is used. func (in *ComputedGRPCBackendRef) DeepCopyInto(out *ComputedGRPCBackendRef) { - p := proto.Clone(in).(*ComputedGRPCBackendRef) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedGRPCBackendRef. Required by controller-gen. @@ -175,8 +175,8 @@ func (in *ComputedGRPCBackendRef) DeepCopyInterface() interface{} { // DeepCopyInto supports using ComputedTCPRoute within kubernetes types, where deepcopy-gen is used. func (in *ComputedTCPRoute) DeepCopyInto(out *ComputedTCPRoute) { - p := proto.Clone(in).(*ComputedTCPRoute) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedTCPRoute. Required by controller-gen. @@ -196,8 +196,8 @@ func (in *ComputedTCPRoute) DeepCopyInterface() interface{} { // DeepCopyInto supports using ComputedTCPRouteRule within kubernetes types, where deepcopy-gen is used. func (in *ComputedTCPRouteRule) DeepCopyInto(out *ComputedTCPRouteRule) { - p := proto.Clone(in).(*ComputedTCPRouteRule) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedTCPRouteRule. Required by controller-gen. @@ -217,8 +217,8 @@ func (in *ComputedTCPRouteRule) DeepCopyInterface() interface{} { // DeepCopyInto supports using ComputedTCPBackendRef within kubernetes types, where deepcopy-gen is used. func (in *ComputedTCPBackendRef) DeepCopyInto(out *ComputedTCPBackendRef) { - p := proto.Clone(in).(*ComputedTCPBackendRef) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedTCPBackendRef. Required by controller-gen. @@ -238,8 +238,8 @@ func (in *ComputedTCPBackendRef) DeepCopyInterface() interface{} { // DeepCopyInto supports using BackendTargetDetails within kubernetes types, where deepcopy-gen is used. func (in *BackendTargetDetails) DeepCopyInto(out *BackendTargetDetails) { - p := proto.Clone(in).(*BackendTargetDetails) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendTargetDetails. Required by controller-gen. @@ -259,8 +259,8 @@ func (in *BackendTargetDetails) DeepCopyInterface() interface{} { // DeepCopyInto supports using ComputedFailoverConfig within kubernetes types, where deepcopy-gen is used. func (in *ComputedFailoverConfig) DeepCopyInto(out *ComputedFailoverConfig) { - p := proto.Clone(in).(*ComputedFailoverConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedFailoverConfig. Required by controller-gen. @@ -280,8 +280,8 @@ func (in *ComputedFailoverConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using ComputedFailoverDestination within kubernetes types, where deepcopy-gen is used. func (in *ComputedFailoverDestination) DeepCopyInto(out *ComputedFailoverDestination) { - p := proto.Clone(in).(*ComputedFailoverDestination) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedFailoverDestination. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/connection_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/connection_deepcopy.gen.go index 97666ed9eb4c..a0cfa7775756 100644 --- a/proto-public/pbmesh/v2beta1/connection_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/connection_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using ConnectionConfig within kubernetes types, where deepcopy-gen is used. func (in *ConnectionConfig) DeepCopyInto(out *ConnectionConfig) { - p := proto.Clone(in).(*ConnectionConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionConfig. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *ConnectionConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using InboundConnectionsConfig within kubernetes types, where deepcopy-gen is used. func (in *InboundConnectionsConfig) DeepCopyInto(out *InboundConnectionsConfig) { - p := proto.Clone(in).(*InboundConnectionsConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InboundConnectionsConfig. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/destination_policy_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/destination_policy_deepcopy.gen.go index 5ac5542a54bf..1935359729e5 100644 --- a/proto-public/pbmesh/v2beta1/destination_policy_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/destination_policy_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using DestinationPolicy within kubernetes types, where deepcopy-gen is used. func (in *DestinationPolicy) DeepCopyInto(out *DestinationPolicy) { - p := proto.Clone(in).(*DestinationPolicy) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationPolicy. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *DestinationPolicy) DeepCopyInterface() interface{} { // DeepCopyInto supports using DestinationConfig within kubernetes types, where deepcopy-gen is used. func (in *DestinationConfig) DeepCopyInto(out *DestinationConfig) { - p := proto.Clone(in).(*DestinationConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationConfig. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *DestinationConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using LocalityPrioritization within kubernetes types, where deepcopy-gen is used. func (in *LocalityPrioritization) DeepCopyInto(out *LocalityPrioritization) { - p := proto.Clone(in).(*LocalityPrioritization) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalityPrioritization. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *LocalityPrioritization) DeepCopyInterface() interface{} { // DeepCopyInto supports using LoadBalancer within kubernetes types, where deepcopy-gen is used. func (in *LoadBalancer) DeepCopyInto(out *LoadBalancer) { - p := proto.Clone(in).(*LoadBalancer) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancer. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *LoadBalancer) DeepCopyInterface() interface{} { // DeepCopyInto supports using RingHashConfig within kubernetes types, where deepcopy-gen is used. func (in *RingHashConfig) DeepCopyInto(out *RingHashConfig) { - p := proto.Clone(in).(*RingHashConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RingHashConfig. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *RingHashConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using LeastRequestConfig within kubernetes types, where deepcopy-gen is used. func (in *LeastRequestConfig) DeepCopyInto(out *LeastRequestConfig) { - p := proto.Clone(in).(*LeastRequestConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeastRequestConfig. Required by controller-gen. @@ -133,8 +133,8 @@ func (in *LeastRequestConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using HashPolicy within kubernetes types, where deepcopy-gen is used. func (in *HashPolicy) DeepCopyInto(out *HashPolicy) { - p := proto.Clone(in).(*HashPolicy) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HashPolicy. Required by controller-gen. @@ -154,8 +154,8 @@ func (in *HashPolicy) DeepCopyInterface() interface{} { // DeepCopyInto supports using CookieConfig within kubernetes types, where deepcopy-gen is used. func (in *CookieConfig) DeepCopyInto(out *CookieConfig) { - p := proto.Clone(in).(*CookieConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CookieConfig. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/destinations_configuration_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/destinations_configuration_deepcopy.gen.go index d1413cc89df1..1c7f04e7f23a 100644 --- a/proto-public/pbmesh/v2beta1/destinations_configuration_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/destinations_configuration_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using DestinationsConfiguration within kubernetes types, where deepcopy-gen is used. func (in *DestinationsConfiguration) DeepCopyInto(out *DestinationsConfiguration) { - p := proto.Clone(in).(*DestinationsConfiguration) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationsConfiguration. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *DestinationsConfiguration) DeepCopyInterface() interface{} { // DeepCopyInto supports using DestinationConfigOverrides within kubernetes types, where deepcopy-gen is used. func (in *DestinationConfigOverrides) DeepCopyInto(out *DestinationConfigOverrides) { - p := proto.Clone(in).(*DestinationConfigOverrides) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationConfigOverrides. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *DestinationConfigOverrides) DeepCopyInterface() interface{} { // DeepCopyInto supports using DestinationConfiguration within kubernetes types, where deepcopy-gen is used. func (in *DestinationConfiguration) DeepCopyInto(out *DestinationConfiguration) { - p := proto.Clone(in).(*DestinationConfiguration) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationConfiguration. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *DestinationConfiguration) DeepCopyInterface() interface{} { // DeepCopyInto supports using DestinationLimits within kubernetes types, where deepcopy-gen is used. func (in *DestinationLimits) DeepCopyInto(out *DestinationLimits) { - p := proto.Clone(in).(*DestinationLimits) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationLimits. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *DestinationLimits) DeepCopyInterface() interface{} { // DeepCopyInto supports using PassiveHealthCheck within kubernetes types, where deepcopy-gen is used. func (in *PassiveHealthCheck) DeepCopyInto(out *PassiveHealthCheck) { - p := proto.Clone(in).(*PassiveHealthCheck) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PassiveHealthCheck. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/destinations_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/destinations_deepcopy.gen.go index ff04bf3fcf8b..3f513b7d861d 100644 --- a/proto-public/pbmesh/v2beta1/destinations_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/destinations_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using Destinations within kubernetes types, where deepcopy-gen is used. func (in *Destinations) DeepCopyInto(out *Destinations) { - p := proto.Clone(in).(*Destinations) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Destinations. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *Destinations) DeepCopyInterface() interface{} { // DeepCopyInto supports using Destination within kubernetes types, where deepcopy-gen is used. func (in *Destination) DeepCopyInto(out *Destination) { - p := proto.Clone(in).(*Destination) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Destination. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *Destination) DeepCopyInterface() interface{} { // DeepCopyInto supports using IPPortAddress within kubernetes types, where deepcopy-gen is used. func (in *IPPortAddress) DeepCopyInto(out *IPPortAddress) { - p := proto.Clone(in).(*IPPortAddress) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPPortAddress. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *IPPortAddress) DeepCopyInterface() interface{} { // DeepCopyInto supports using UnixSocketAddress within kubernetes types, where deepcopy-gen is used. func (in *UnixSocketAddress) DeepCopyInto(out *UnixSocketAddress) { - p := proto.Clone(in).(*UnixSocketAddress) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UnixSocketAddress. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *UnixSocketAddress) DeepCopyInterface() interface{} { // DeepCopyInto supports using PreparedQueryDestination within kubernetes types, where deepcopy-gen is used. func (in *PreparedQueryDestination) DeepCopyInto(out *PreparedQueryDestination) { - p := proto.Clone(in).(*PreparedQueryDestination) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PreparedQueryDestination. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/expose_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/expose_deepcopy.gen.go index e191d353bdcb..2b75adbbcd34 100644 --- a/proto-public/pbmesh/v2beta1/expose_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/expose_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using ExposeConfig within kubernetes types, where deepcopy-gen is used. func (in *ExposeConfig) DeepCopyInto(out *ExposeConfig) { - p := proto.Clone(in).(*ExposeConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExposeConfig. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *ExposeConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using ExposePath within kubernetes types, where deepcopy-gen is used. func (in *ExposePath) DeepCopyInto(out *ExposePath) { - p := proto.Clone(in).(*ExposePath) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExposePath. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/grpc_route_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/grpc_route_deepcopy.gen.go index 18574bb8cc20..ea7e1dc8ed26 100644 --- a/proto-public/pbmesh/v2beta1/grpc_route_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/grpc_route_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using GRPCRoute within kubernetes types, where deepcopy-gen is used. func (in *GRPCRoute) DeepCopyInto(out *GRPCRoute) { - p := proto.Clone(in).(*GRPCRoute) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCRoute. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *GRPCRoute) DeepCopyInterface() interface{} { // DeepCopyInto supports using GRPCRouteRule within kubernetes types, where deepcopy-gen is used. func (in *GRPCRouteRule) DeepCopyInto(out *GRPCRouteRule) { - p := proto.Clone(in).(*GRPCRouteRule) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCRouteRule. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *GRPCRouteRule) DeepCopyInterface() interface{} { // DeepCopyInto supports using GRPCRouteMatch within kubernetes types, where deepcopy-gen is used. func (in *GRPCRouteMatch) DeepCopyInto(out *GRPCRouteMatch) { - p := proto.Clone(in).(*GRPCRouteMatch) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCRouteMatch. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *GRPCRouteMatch) DeepCopyInterface() interface{} { // DeepCopyInto supports using GRPCMethodMatch within kubernetes types, where deepcopy-gen is used. func (in *GRPCMethodMatch) DeepCopyInto(out *GRPCMethodMatch) { - p := proto.Clone(in).(*GRPCMethodMatch) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCMethodMatch. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *GRPCMethodMatch) DeepCopyInterface() interface{} { // DeepCopyInto supports using GRPCHeaderMatch within kubernetes types, where deepcopy-gen is used. func (in *GRPCHeaderMatch) DeepCopyInto(out *GRPCHeaderMatch) { - p := proto.Clone(in).(*GRPCHeaderMatch) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCHeaderMatch. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *GRPCHeaderMatch) DeepCopyInterface() interface{} { // DeepCopyInto supports using GRPCRouteFilter within kubernetes types, where deepcopy-gen is used. func (in *GRPCRouteFilter) DeepCopyInto(out *GRPCRouteFilter) { - p := proto.Clone(in).(*GRPCRouteFilter) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCRouteFilter. Required by controller-gen. @@ -133,8 +133,8 @@ func (in *GRPCRouteFilter) DeepCopyInterface() interface{} { // DeepCopyInto supports using GRPCBackendRef within kubernetes types, where deepcopy-gen is used. func (in *GRPCBackendRef) DeepCopyInto(out *GRPCBackendRef) { - p := proto.Clone(in).(*GRPCBackendRef) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCBackendRef. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/http_route_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/http_route_deepcopy.gen.go index 222cb8361e03..6d339e5afde2 100644 --- a/proto-public/pbmesh/v2beta1/http_route_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/http_route_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using HTTPRoute within kubernetes types, where deepcopy-gen is used. func (in *HTTPRoute) DeepCopyInto(out *HTTPRoute) { - p := proto.Clone(in).(*HTTPRoute) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRoute. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *HTTPRoute) DeepCopyInterface() interface{} { // DeepCopyInto supports using HTTPRouteRule within kubernetes types, where deepcopy-gen is used. func (in *HTTPRouteRule) DeepCopyInto(out *HTTPRouteRule) { - p := proto.Clone(in).(*HTTPRouteRule) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteRule. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *HTTPRouteRule) DeepCopyInterface() interface{} { // DeepCopyInto supports using HTTPRouteMatch within kubernetes types, where deepcopy-gen is used. func (in *HTTPRouteMatch) DeepCopyInto(out *HTTPRouteMatch) { - p := proto.Clone(in).(*HTTPRouteMatch) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteMatch. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *HTTPRouteMatch) DeepCopyInterface() interface{} { // DeepCopyInto supports using HTTPPathMatch within kubernetes types, where deepcopy-gen is used. func (in *HTTPPathMatch) DeepCopyInto(out *HTTPPathMatch) { - p := proto.Clone(in).(*HTTPPathMatch) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPPathMatch. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *HTTPPathMatch) DeepCopyInterface() interface{} { // DeepCopyInto supports using HTTPHeaderMatch within kubernetes types, where deepcopy-gen is used. func (in *HTTPHeaderMatch) DeepCopyInto(out *HTTPHeaderMatch) { - p := proto.Clone(in).(*HTTPHeaderMatch) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHeaderMatch. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *HTTPHeaderMatch) DeepCopyInterface() interface{} { // DeepCopyInto supports using HTTPQueryParamMatch within kubernetes types, where deepcopy-gen is used. func (in *HTTPQueryParamMatch) DeepCopyInto(out *HTTPQueryParamMatch) { - p := proto.Clone(in).(*HTTPQueryParamMatch) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPQueryParamMatch. Required by controller-gen. @@ -133,8 +133,8 @@ func (in *HTTPQueryParamMatch) DeepCopyInterface() interface{} { // DeepCopyInto supports using HTTPRouteFilter within kubernetes types, where deepcopy-gen is used. func (in *HTTPRouteFilter) DeepCopyInto(out *HTTPRouteFilter) { - p := proto.Clone(in).(*HTTPRouteFilter) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteFilter. Required by controller-gen. @@ -154,8 +154,8 @@ func (in *HTTPRouteFilter) DeepCopyInterface() interface{} { // DeepCopyInto supports using HTTPHeaderFilter within kubernetes types, where deepcopy-gen is used. func (in *HTTPHeaderFilter) DeepCopyInto(out *HTTPHeaderFilter) { - p := proto.Clone(in).(*HTTPHeaderFilter) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHeaderFilter. Required by controller-gen. @@ -175,8 +175,8 @@ func (in *HTTPHeaderFilter) DeepCopyInterface() interface{} { // DeepCopyInto supports using HTTPHeader within kubernetes types, where deepcopy-gen is used. func (in *HTTPHeader) DeepCopyInto(out *HTTPHeader) { - p := proto.Clone(in).(*HTTPHeader) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHeader. Required by controller-gen. @@ -196,8 +196,8 @@ func (in *HTTPHeader) DeepCopyInterface() interface{} { // DeepCopyInto supports using HTTPURLRewriteFilter within kubernetes types, where deepcopy-gen is used. func (in *HTTPURLRewriteFilter) DeepCopyInto(out *HTTPURLRewriteFilter) { - p := proto.Clone(in).(*HTTPURLRewriteFilter) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPURLRewriteFilter. Required by controller-gen. @@ -217,8 +217,8 @@ func (in *HTTPURLRewriteFilter) DeepCopyInterface() interface{} { // DeepCopyInto supports using HTTPBackendRef within kubernetes types, where deepcopy-gen is used. func (in *HTTPBackendRef) DeepCopyInto(out *HTTPBackendRef) { - p := proto.Clone(in).(*HTTPBackendRef) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPBackendRef. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/http_route_retries_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/http_route_retries_deepcopy.gen.go index b523a58b77c1..abd2a515332d 100644 --- a/proto-public/pbmesh/v2beta1/http_route_retries_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/http_route_retries_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using HTTPRouteRetries within kubernetes types, where deepcopy-gen is used. func (in *HTTPRouteRetries) DeepCopyInto(out *HTTPRouteRetries) { - p := proto.Clone(in).(*HTTPRouteRetries) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteRetries. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/http_route_timeouts_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/http_route_timeouts_deepcopy.gen.go index ea92d9038d48..c131310e5e26 100644 --- a/proto-public/pbmesh/v2beta1/http_route_timeouts_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/http_route_timeouts_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using HTTPRouteTimeouts within kubernetes types, where deepcopy-gen is used. func (in *HTTPRouteTimeouts) DeepCopyInto(out *HTTPRouteTimeouts) { - p := proto.Clone(in).(*HTTPRouteTimeouts) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteTimeouts. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/access_logs_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/pbproxystate/access_logs_deepcopy.gen.go index af2ac36c73ad..f4c5c96039d5 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/access_logs_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/access_logs_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using AccessLogs within kubernetes types, where deepcopy-gen is used. func (in *AccessLogs) DeepCopyInto(out *AccessLogs) { - p := proto.Clone(in).(*AccessLogs) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessLogs. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/address_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/pbproxystate/address_deepcopy.gen.go index 81cf39a4593a..b2700f704eff 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/address_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/address_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using HostPortAddress within kubernetes types, where deepcopy-gen is used. func (in *HostPortAddress) DeepCopyInto(out *HostPortAddress) { - p := proto.Clone(in).(*HostPortAddress) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostPortAddress. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *HostPortAddress) DeepCopyInterface() interface{} { // DeepCopyInto supports using UnixSocketAddress within kubernetes types, where deepcopy-gen is used. func (in *UnixSocketAddress) DeepCopyInto(out *UnixSocketAddress) { - p := proto.Clone(in).(*UnixSocketAddress) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UnixSocketAddress. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/cluster_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/pbproxystate/cluster_deepcopy.gen.go index f06ac976e13f..1818a349bd45 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/cluster_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/cluster_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using Cluster within kubernetes types, where deepcopy-gen is used. func (in *Cluster) DeepCopyInto(out *Cluster) { - p := proto.Clone(in).(*Cluster) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Cluster. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *Cluster) DeepCopyInterface() interface{} { // DeepCopyInto supports using FailoverGroup within kubernetes types, where deepcopy-gen is used. func (in *FailoverGroup) DeepCopyInto(out *FailoverGroup) { - p := proto.Clone(in).(*FailoverGroup) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FailoverGroup. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *FailoverGroup) DeepCopyInterface() interface{} { // DeepCopyInto supports using FailoverGroupConfig within kubernetes types, where deepcopy-gen is used. func (in *FailoverGroupConfig) DeepCopyInto(out *FailoverGroupConfig) { - p := proto.Clone(in).(*FailoverGroupConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FailoverGroupConfig. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *FailoverGroupConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using EndpointGroup within kubernetes types, where deepcopy-gen is used. func (in *EndpointGroup) DeepCopyInto(out *EndpointGroup) { - p := proto.Clone(in).(*EndpointGroup) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EndpointGroup. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *EndpointGroup) DeepCopyInterface() interface{} { // DeepCopyInto supports using DynamicEndpointGroup within kubernetes types, where deepcopy-gen is used. func (in *DynamicEndpointGroup) DeepCopyInto(out *DynamicEndpointGroup) { - p := proto.Clone(in).(*DynamicEndpointGroup) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicEndpointGroup. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *DynamicEndpointGroup) DeepCopyInterface() interface{} { // DeepCopyInto supports using PassthroughEndpointGroup within kubernetes types, where deepcopy-gen is used. func (in *PassthroughEndpointGroup) DeepCopyInto(out *PassthroughEndpointGroup) { - p := proto.Clone(in).(*PassthroughEndpointGroup) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PassthroughEndpointGroup. Required by controller-gen. @@ -133,8 +133,8 @@ func (in *PassthroughEndpointGroup) DeepCopyInterface() interface{} { // DeepCopyInto supports using DNSEndpointGroup within kubernetes types, where deepcopy-gen is used. func (in *DNSEndpointGroup) DeepCopyInto(out *DNSEndpointGroup) { - p := proto.Clone(in).(*DNSEndpointGroup) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSEndpointGroup. Required by controller-gen. @@ -154,8 +154,8 @@ func (in *DNSEndpointGroup) DeepCopyInterface() interface{} { // DeepCopyInto supports using StaticEndpointGroup within kubernetes types, where deepcopy-gen is used. func (in *StaticEndpointGroup) DeepCopyInto(out *StaticEndpointGroup) { - p := proto.Clone(in).(*StaticEndpointGroup) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StaticEndpointGroup. Required by controller-gen. @@ -175,8 +175,8 @@ func (in *StaticEndpointGroup) DeepCopyInterface() interface{} { // DeepCopyInto supports using DestinationCluster within kubernetes types, where deepcopy-gen is used. func (in *DestinationCluster) DeepCopyInto(out *DestinationCluster) { - p := proto.Clone(in).(*DestinationCluster) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationCluster. Required by controller-gen. @@ -196,8 +196,8 @@ func (in *DestinationCluster) DeepCopyInterface() interface{} { // DeepCopyInto supports using L4WeightedClusterGroup within kubernetes types, where deepcopy-gen is used. func (in *L4WeightedClusterGroup) DeepCopyInto(out *L4WeightedClusterGroup) { - p := proto.Clone(in).(*L4WeightedClusterGroup) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L4WeightedClusterGroup. Required by controller-gen. @@ -217,8 +217,8 @@ func (in *L4WeightedClusterGroup) DeepCopyInterface() interface{} { // DeepCopyInto supports using L7WeightedClusterGroup within kubernetes types, where deepcopy-gen is used. func (in *L7WeightedClusterGroup) DeepCopyInto(out *L7WeightedClusterGroup) { - p := proto.Clone(in).(*L7WeightedClusterGroup) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L7WeightedClusterGroup. Required by controller-gen. @@ -238,8 +238,8 @@ func (in *L7WeightedClusterGroup) DeepCopyInterface() interface{} { // DeepCopyInto supports using L4WeightedDestinationCluster within kubernetes types, where deepcopy-gen is used. func (in *L4WeightedDestinationCluster) DeepCopyInto(out *L4WeightedDestinationCluster) { - p := proto.Clone(in).(*L4WeightedDestinationCluster) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L4WeightedDestinationCluster. Required by controller-gen. @@ -259,8 +259,8 @@ func (in *L4WeightedDestinationCluster) DeepCopyInterface() interface{} { // DeepCopyInto supports using L7WeightedDestinationCluster within kubernetes types, where deepcopy-gen is used. func (in *L7WeightedDestinationCluster) DeepCopyInto(out *L7WeightedDestinationCluster) { - p := proto.Clone(in).(*L7WeightedDestinationCluster) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L7WeightedDestinationCluster. Required by controller-gen. @@ -280,8 +280,8 @@ func (in *L7WeightedDestinationCluster) DeepCopyInterface() interface{} { // DeepCopyInto supports using DynamicEndpointGroupConfig within kubernetes types, where deepcopy-gen is used. func (in *DynamicEndpointGroupConfig) DeepCopyInto(out *DynamicEndpointGroupConfig) { - p := proto.Clone(in).(*DynamicEndpointGroupConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicEndpointGroupConfig. Required by controller-gen. @@ -301,8 +301,8 @@ func (in *DynamicEndpointGroupConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using LBPolicyLeastRequest within kubernetes types, where deepcopy-gen is used. func (in *LBPolicyLeastRequest) DeepCopyInto(out *LBPolicyLeastRequest) { - p := proto.Clone(in).(*LBPolicyLeastRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LBPolicyLeastRequest. Required by controller-gen. @@ -322,8 +322,8 @@ func (in *LBPolicyLeastRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using LBPolicyRoundRobin within kubernetes types, where deepcopy-gen is used. func (in *LBPolicyRoundRobin) DeepCopyInto(out *LBPolicyRoundRobin) { - p := proto.Clone(in).(*LBPolicyRoundRobin) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LBPolicyRoundRobin. Required by controller-gen. @@ -343,8 +343,8 @@ func (in *LBPolicyRoundRobin) DeepCopyInterface() interface{} { // DeepCopyInto supports using LBPolicyRandom within kubernetes types, where deepcopy-gen is used. func (in *LBPolicyRandom) DeepCopyInto(out *LBPolicyRandom) { - p := proto.Clone(in).(*LBPolicyRandom) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LBPolicyRandom. Required by controller-gen. @@ -364,8 +364,8 @@ func (in *LBPolicyRandom) DeepCopyInterface() interface{} { // DeepCopyInto supports using LBPolicyRingHash within kubernetes types, where deepcopy-gen is used. func (in *LBPolicyRingHash) DeepCopyInto(out *LBPolicyRingHash) { - p := proto.Clone(in).(*LBPolicyRingHash) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LBPolicyRingHash. Required by controller-gen. @@ -385,8 +385,8 @@ func (in *LBPolicyRingHash) DeepCopyInterface() interface{} { // DeepCopyInto supports using LBPolicyMaglev within kubernetes types, where deepcopy-gen is used. func (in *LBPolicyMaglev) DeepCopyInto(out *LBPolicyMaglev) { - p := proto.Clone(in).(*LBPolicyMaglev) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LBPolicyMaglev. Required by controller-gen. @@ -406,8 +406,8 @@ func (in *LBPolicyMaglev) DeepCopyInterface() interface{} { // DeepCopyInto supports using CircuitBreakers within kubernetes types, where deepcopy-gen is used. func (in *CircuitBreakers) DeepCopyInto(out *CircuitBreakers) { - p := proto.Clone(in).(*CircuitBreakers) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CircuitBreakers. Required by controller-gen. @@ -427,8 +427,8 @@ func (in *CircuitBreakers) DeepCopyInterface() interface{} { // DeepCopyInto supports using UpstreamLimits within kubernetes types, where deepcopy-gen is used. func (in *UpstreamLimits) DeepCopyInto(out *UpstreamLimits) { - p := proto.Clone(in).(*UpstreamLimits) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpstreamLimits. Required by controller-gen. @@ -448,8 +448,8 @@ func (in *UpstreamLimits) DeepCopyInterface() interface{} { // DeepCopyInto supports using OutlierDetection within kubernetes types, where deepcopy-gen is used. func (in *OutlierDetection) DeepCopyInto(out *OutlierDetection) { - p := proto.Clone(in).(*OutlierDetection) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutlierDetection. Required by controller-gen. @@ -469,8 +469,8 @@ func (in *OutlierDetection) DeepCopyInterface() interface{} { // DeepCopyInto supports using UpstreamConnectionOptions within kubernetes types, where deepcopy-gen is used. func (in *UpstreamConnectionOptions) DeepCopyInto(out *UpstreamConnectionOptions) { - p := proto.Clone(in).(*UpstreamConnectionOptions) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpstreamConnectionOptions. Required by controller-gen. @@ -490,8 +490,8 @@ func (in *UpstreamConnectionOptions) DeepCopyInterface() interface{} { // DeepCopyInto supports using PassthroughEndpointGroupConfig within kubernetes types, where deepcopy-gen is used. func (in *PassthroughEndpointGroupConfig) DeepCopyInto(out *PassthroughEndpointGroupConfig) { - p := proto.Clone(in).(*PassthroughEndpointGroupConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PassthroughEndpointGroupConfig. Required by controller-gen. @@ -511,8 +511,8 @@ func (in *PassthroughEndpointGroupConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using DNSEndpointGroupConfig within kubernetes types, where deepcopy-gen is used. func (in *DNSEndpointGroupConfig) DeepCopyInto(out *DNSEndpointGroupConfig) { - p := proto.Clone(in).(*DNSEndpointGroupConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSEndpointGroupConfig. Required by controller-gen. @@ -532,8 +532,8 @@ func (in *DNSEndpointGroupConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using StaticEndpointGroupConfig within kubernetes types, where deepcopy-gen is used. func (in *StaticEndpointGroupConfig) DeepCopyInto(out *StaticEndpointGroupConfig) { - p := proto.Clone(in).(*StaticEndpointGroupConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StaticEndpointGroupConfig. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/endpoints_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/pbproxystate/endpoints_deepcopy.gen.go index 62efabc96394..eeb1daa5d23c 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/endpoints_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/endpoints_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using Endpoints within kubernetes types, where deepcopy-gen is used. func (in *Endpoints) DeepCopyInto(out *Endpoints) { - p := proto.Clone(in).(*Endpoints) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Endpoints. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *Endpoints) DeepCopyInterface() interface{} { // DeepCopyInto supports using Endpoint within kubernetes types, where deepcopy-gen is used. func (in *Endpoint) DeepCopyInto(out *Endpoint) { - p := proto.Clone(in).(*Endpoint) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Endpoint. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/escape_hatches_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/pbproxystate/escape_hatches_deepcopy.gen.go index fc5617f23494..41fcb73d4662 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/escape_hatches_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/escape_hatches_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using EscapeHatches within kubernetes types, where deepcopy-gen is used. func (in *EscapeHatches) DeepCopyInto(out *EscapeHatches) { - p := proto.Clone(in).(*EscapeHatches) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EscapeHatches. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/header_mutations_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/pbproxystate/header_mutations_deepcopy.gen.go index 2b09b2759738..97a77c7fc402 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/header_mutations_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/header_mutations_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using HeaderMutation within kubernetes types, where deepcopy-gen is used. func (in *HeaderMutation) DeepCopyInto(out *HeaderMutation) { - p := proto.Clone(in).(*HeaderMutation) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderMutation. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *HeaderMutation) DeepCopyInterface() interface{} { // DeepCopyInto supports using RequestHeaderAdd within kubernetes types, where deepcopy-gen is used. func (in *RequestHeaderAdd) DeepCopyInto(out *RequestHeaderAdd) { - p := proto.Clone(in).(*RequestHeaderAdd) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestHeaderAdd. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *RequestHeaderAdd) DeepCopyInterface() interface{} { // DeepCopyInto supports using RequestHeaderRemove within kubernetes types, where deepcopy-gen is used. func (in *RequestHeaderRemove) DeepCopyInto(out *RequestHeaderRemove) { - p := proto.Clone(in).(*RequestHeaderRemove) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestHeaderRemove. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *RequestHeaderRemove) DeepCopyInterface() interface{} { // DeepCopyInto supports using ResponseHeaderAdd within kubernetes types, where deepcopy-gen is used. func (in *ResponseHeaderAdd) DeepCopyInto(out *ResponseHeaderAdd) { - p := proto.Clone(in).(*ResponseHeaderAdd) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResponseHeaderAdd. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *ResponseHeaderAdd) DeepCopyInterface() interface{} { // DeepCopyInto supports using ResponseHeaderRemove within kubernetes types, where deepcopy-gen is used. func (in *ResponseHeaderRemove) DeepCopyInto(out *ResponseHeaderRemove) { - p := proto.Clone(in).(*ResponseHeaderRemove) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResponseHeaderRemove. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *ResponseHeaderRemove) DeepCopyInterface() interface{} { // DeepCopyInto supports using Header within kubernetes types, where deepcopy-gen is used. func (in *Header) DeepCopyInto(out *Header) { - p := proto.Clone(in).(*Header) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Header. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/listener_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/pbproxystate/listener_deepcopy.gen.go index 7208735dbd64..c721f40cbb91 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/listener_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/listener_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using Listener within kubernetes types, where deepcopy-gen is used. func (in *Listener) DeepCopyInto(out *Listener) { - p := proto.Clone(in).(*Listener) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Listener. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *Listener) DeepCopyInterface() interface{} { // DeepCopyInto supports using Router within kubernetes types, where deepcopy-gen is used. func (in *Router) DeepCopyInto(out *Router) { - p := proto.Clone(in).(*Router) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Router. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *Router) DeepCopyInterface() interface{} { // DeepCopyInto supports using Match within kubernetes types, where deepcopy-gen is used. func (in *Match) DeepCopyInto(out *Match) { - p := proto.Clone(in).(*Match) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Match. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *Match) DeepCopyInterface() interface{} { // DeepCopyInto supports using CidrRange within kubernetes types, where deepcopy-gen is used. func (in *CidrRange) DeepCopyInto(out *CidrRange) { - p := proto.Clone(in).(*CidrRange) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CidrRange. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *CidrRange) DeepCopyInterface() interface{} { // DeepCopyInto supports using L4Destination within kubernetes types, where deepcopy-gen is used. func (in *L4Destination) DeepCopyInto(out *L4Destination) { - p := proto.Clone(in).(*L4Destination) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L4Destination. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *L4Destination) DeepCopyInterface() interface{} { // DeepCopyInto supports using L7DestinationRoute within kubernetes types, where deepcopy-gen is used. func (in *L7DestinationRoute) DeepCopyInto(out *L7DestinationRoute) { - p := proto.Clone(in).(*L7DestinationRoute) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L7DestinationRoute. Required by controller-gen. @@ -133,8 +133,8 @@ func (in *L7DestinationRoute) DeepCopyInterface() interface{} { // DeepCopyInto supports using L7Destination within kubernetes types, where deepcopy-gen is used. func (in *L7Destination) DeepCopyInto(out *L7Destination) { - p := proto.Clone(in).(*L7Destination) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L7Destination. Required by controller-gen. @@ -154,8 +154,8 @@ func (in *L7Destination) DeepCopyInterface() interface{} { // DeepCopyInto supports using SNIDestination within kubernetes types, where deepcopy-gen is used. func (in *SNIDestination) DeepCopyInto(out *SNIDestination) { - p := proto.Clone(in).(*SNIDestination) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SNIDestination. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/references_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/pbproxystate/references_deepcopy.gen.go index c52d23730cf9..2cbe25a91750 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/references_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/references_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using LeafCertificateRef within kubernetes types, where deepcopy-gen is used. func (in *LeafCertificateRef) DeepCopyInto(out *LeafCertificateRef) { - p := proto.Clone(in).(*LeafCertificateRef) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeafCertificateRef. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *LeafCertificateRef) DeepCopyInterface() interface{} { // DeepCopyInto supports using TrustBundleRef within kubernetes types, where deepcopy-gen is used. func (in *TrustBundleRef) DeepCopyInto(out *TrustBundleRef) { - p := proto.Clone(in).(*TrustBundleRef) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustBundleRef. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *TrustBundleRef) DeepCopyInterface() interface{} { // DeepCopyInto supports using EndpointRef within kubernetes types, where deepcopy-gen is used. func (in *EndpointRef) DeepCopyInto(out *EndpointRef) { - p := proto.Clone(in).(*EndpointRef) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EndpointRef. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/route_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/pbproxystate/route_deepcopy.gen.go index 2d2e71009410..e2eea4e78b5e 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/route_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/route_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using Route within kubernetes types, where deepcopy-gen is used. func (in *Route) DeepCopyInto(out *Route) { - p := proto.Clone(in).(*Route) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Route. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *Route) DeepCopyInterface() interface{} { // DeepCopyInto supports using VirtualHost within kubernetes types, where deepcopy-gen is used. func (in *VirtualHost) DeepCopyInto(out *VirtualHost) { - p := proto.Clone(in).(*VirtualHost) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualHost. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *VirtualHost) DeepCopyInterface() interface{} { // DeepCopyInto supports using RouteRule within kubernetes types, where deepcopy-gen is used. func (in *RouteRule) DeepCopyInto(out *RouteRule) { - p := proto.Clone(in).(*RouteRule) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteRule. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *RouteRule) DeepCopyInterface() interface{} { // DeepCopyInto supports using RouteMatch within kubernetes types, where deepcopy-gen is used. func (in *RouteMatch) DeepCopyInto(out *RouteMatch) { - p := proto.Clone(in).(*RouteMatch) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteMatch. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *RouteMatch) DeepCopyInterface() interface{} { // DeepCopyInto supports using PathMatch within kubernetes types, where deepcopy-gen is used. func (in *PathMatch) DeepCopyInto(out *PathMatch) { - p := proto.Clone(in).(*PathMatch) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PathMatch. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *PathMatch) DeepCopyInterface() interface{} { // DeepCopyInto supports using QueryParameterMatch within kubernetes types, where deepcopy-gen is used. func (in *QueryParameterMatch) DeepCopyInto(out *QueryParameterMatch) { - p := proto.Clone(in).(*QueryParameterMatch) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueryParameterMatch. Required by controller-gen. @@ -133,8 +133,8 @@ func (in *QueryParameterMatch) DeepCopyInterface() interface{} { // DeepCopyInto supports using HeaderMatch within kubernetes types, where deepcopy-gen is used. func (in *HeaderMatch) DeepCopyInto(out *HeaderMatch) { - p := proto.Clone(in).(*HeaderMatch) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderMatch. Required by controller-gen. @@ -154,8 +154,8 @@ func (in *HeaderMatch) DeepCopyInterface() interface{} { // DeepCopyInto supports using RouteDestination within kubernetes types, where deepcopy-gen is used. func (in *RouteDestination) DeepCopyInto(out *RouteDestination) { - p := proto.Clone(in).(*RouteDestination) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteDestination. Required by controller-gen. @@ -175,8 +175,8 @@ func (in *RouteDestination) DeepCopyInterface() interface{} { // DeepCopyInto supports using DestinationConfiguration within kubernetes types, where deepcopy-gen is used. func (in *DestinationConfiguration) DeepCopyInto(out *DestinationConfiguration) { - p := proto.Clone(in).(*DestinationConfiguration) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationConfiguration. Required by controller-gen. @@ -196,8 +196,8 @@ func (in *DestinationConfiguration) DeepCopyInterface() interface{} { // DeepCopyInto supports using RetryPolicy within kubernetes types, where deepcopy-gen is used. func (in *RetryPolicy) DeepCopyInto(out *RetryPolicy) { - p := proto.Clone(in).(*RetryPolicy) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RetryPolicy. Required by controller-gen. @@ -217,8 +217,8 @@ func (in *RetryPolicy) DeepCopyInterface() interface{} { // DeepCopyInto supports using TimeoutConfig within kubernetes types, where deepcopy-gen is used. func (in *TimeoutConfig) DeepCopyInto(out *TimeoutConfig) { - p := proto.Clone(in).(*TimeoutConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TimeoutConfig. Required by controller-gen. @@ -238,8 +238,8 @@ func (in *TimeoutConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using LoadBalancerHashPolicy within kubernetes types, where deepcopy-gen is used. func (in *LoadBalancerHashPolicy) DeepCopyInto(out *LoadBalancerHashPolicy) { - p := proto.Clone(in).(*LoadBalancerHashPolicy) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerHashPolicy. Required by controller-gen. @@ -259,8 +259,8 @@ func (in *LoadBalancerHashPolicy) DeepCopyInterface() interface{} { // DeepCopyInto supports using CookiePolicy within kubernetes types, where deepcopy-gen is used. func (in *CookiePolicy) DeepCopyInto(out *CookiePolicy) { - p := proto.Clone(in).(*CookiePolicy) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CookiePolicy. Required by controller-gen. @@ -280,8 +280,8 @@ func (in *CookiePolicy) DeepCopyInterface() interface{} { // DeepCopyInto supports using HeaderPolicy within kubernetes types, where deepcopy-gen is used. func (in *HeaderPolicy) DeepCopyInto(out *HeaderPolicy) { - p := proto.Clone(in).(*HeaderPolicy) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderPolicy. Required by controller-gen. @@ -301,8 +301,8 @@ func (in *HeaderPolicy) DeepCopyInterface() interface{} { // DeepCopyInto supports using QueryParameterPolicy within kubernetes types, where deepcopy-gen is used. func (in *QueryParameterPolicy) DeepCopyInto(out *QueryParameterPolicy) { - p := proto.Clone(in).(*QueryParameterPolicy) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueryParameterPolicy. Required by controller-gen. @@ -322,8 +322,8 @@ func (in *QueryParameterPolicy) DeepCopyInterface() interface{} { // DeepCopyInto supports using ConnectionPropertiesPolicy within kubernetes types, where deepcopy-gen is used. func (in *ConnectionPropertiesPolicy) DeepCopyInto(out *ConnectionPropertiesPolicy) { - p := proto.Clone(in).(*ConnectionPropertiesPolicy) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPropertiesPolicy. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/traffic_permissions_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/pbproxystate/traffic_permissions_deepcopy.gen.go index 316c185dfa34..b45d2a79261a 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/traffic_permissions_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/traffic_permissions_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using TrafficPermissions within kubernetes types, where deepcopy-gen is used. func (in *TrafficPermissions) DeepCopyInto(out *TrafficPermissions) { - p := proto.Clone(in).(*TrafficPermissions) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPermissions. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *TrafficPermissions) DeepCopyInterface() interface{} { // DeepCopyInto supports using Permission within kubernetes types, where deepcopy-gen is used. func (in *Permission) DeepCopyInto(out *Permission) { - p := proto.Clone(in).(*Permission) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Permission. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *Permission) DeepCopyInterface() interface{} { // DeepCopyInto supports using Principal within kubernetes types, where deepcopy-gen is used. func (in *Principal) DeepCopyInto(out *Principal) { - p := proto.Clone(in).(*Principal) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Principal. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *Principal) DeepCopyInterface() interface{} { // DeepCopyInto supports using Spiffe within kubernetes types, where deepcopy-gen is used. func (in *Spiffe) DeepCopyInto(out *Spiffe) { - p := proto.Clone(in).(*Spiffe) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Spiffe. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/transport_socket_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/pbproxystate/transport_socket_deepcopy.gen.go index f2ba600e77e4..0d0520e328b5 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/transport_socket_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/transport_socket_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using TLS within kubernetes types, where deepcopy-gen is used. func (in *TLS) DeepCopyInto(out *TLS) { - p := proto.Clone(in).(*TLS) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLS. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *TLS) DeepCopyInterface() interface{} { // DeepCopyInto supports using TransportSocket within kubernetes types, where deepcopy-gen is used. func (in *TransportSocket) DeepCopyInto(out *TransportSocket) { - p := proto.Clone(in).(*TransportSocket) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransportSocket. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *TransportSocket) DeepCopyInterface() interface{} { // DeepCopyInto supports using InboundMeshMTLS within kubernetes types, where deepcopy-gen is used. func (in *InboundMeshMTLS) DeepCopyInto(out *InboundMeshMTLS) { - p := proto.Clone(in).(*InboundMeshMTLS) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InboundMeshMTLS. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *InboundMeshMTLS) DeepCopyInterface() interface{} { // DeepCopyInto supports using OutboundMeshMTLS within kubernetes types, where deepcopy-gen is used. func (in *OutboundMeshMTLS) DeepCopyInto(out *OutboundMeshMTLS) { - p := proto.Clone(in).(*OutboundMeshMTLS) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutboundMeshMTLS. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *OutboundMeshMTLS) DeepCopyInterface() interface{} { // DeepCopyInto supports using InboundNonMeshTLS within kubernetes types, where deepcopy-gen is used. func (in *InboundNonMeshTLS) DeepCopyInto(out *InboundNonMeshTLS) { - p := proto.Clone(in).(*InboundNonMeshTLS) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InboundNonMeshTLS. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *InboundNonMeshTLS) DeepCopyInterface() interface{} { // DeepCopyInto supports using OutboundNonMeshTLS within kubernetes types, where deepcopy-gen is used. func (in *OutboundNonMeshTLS) DeepCopyInto(out *OutboundNonMeshTLS) { - p := proto.Clone(in).(*OutboundNonMeshTLS) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutboundNonMeshTLS. Required by controller-gen. @@ -133,8 +133,8 @@ func (in *OutboundNonMeshTLS) DeepCopyInterface() interface{} { // DeepCopyInto supports using MeshInboundValidationContext within kubernetes types, where deepcopy-gen is used. func (in *MeshInboundValidationContext) DeepCopyInto(out *MeshInboundValidationContext) { - p := proto.Clone(in).(*MeshInboundValidationContext) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshInboundValidationContext. Required by controller-gen. @@ -154,8 +154,8 @@ func (in *MeshInboundValidationContext) DeepCopyInterface() interface{} { // DeepCopyInto supports using MeshOutboundValidationContext within kubernetes types, where deepcopy-gen is used. func (in *MeshOutboundValidationContext) DeepCopyInto(out *MeshOutboundValidationContext) { - p := proto.Clone(in).(*MeshOutboundValidationContext) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshOutboundValidationContext. Required by controller-gen. @@ -175,8 +175,8 @@ func (in *MeshOutboundValidationContext) DeepCopyInterface() interface{} { // DeepCopyInto supports using NonMeshOutboundValidationContext within kubernetes types, where deepcopy-gen is used. func (in *NonMeshOutboundValidationContext) DeepCopyInto(out *NonMeshOutboundValidationContext) { - p := proto.Clone(in).(*NonMeshOutboundValidationContext) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NonMeshOutboundValidationContext. Required by controller-gen. @@ -196,8 +196,8 @@ func (in *NonMeshOutboundValidationContext) DeepCopyInterface() interface{} { // DeepCopyInto supports using SDSCertificate within kubernetes types, where deepcopy-gen is used. func (in *SDSCertificate) DeepCopyInto(out *SDSCertificate) { - p := proto.Clone(in).(*SDSCertificate) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SDSCertificate. Required by controller-gen. @@ -217,8 +217,8 @@ func (in *SDSCertificate) DeepCopyInterface() interface{} { // DeepCopyInto supports using TLSParameters within kubernetes types, where deepcopy-gen is used. func (in *TLSParameters) DeepCopyInto(out *TLSParameters) { - p := proto.Clone(in).(*TLSParameters) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSParameters. Required by controller-gen. @@ -238,8 +238,8 @@ func (in *TLSParameters) DeepCopyInterface() interface{} { // DeepCopyInto supports using LeafCertificate within kubernetes types, where deepcopy-gen is used. func (in *LeafCertificate) DeepCopyInto(out *LeafCertificate) { - p := proto.Clone(in).(*LeafCertificate) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeafCertificate. Required by controller-gen. @@ -259,8 +259,8 @@ func (in *LeafCertificate) DeepCopyInterface() interface{} { // DeepCopyInto supports using TrustBundle within kubernetes types, where deepcopy-gen is used. func (in *TrustBundle) DeepCopyInto(out *TrustBundle) { - p := proto.Clone(in).(*TrustBundle) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustBundle. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/proxy_configuration_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/proxy_configuration_deepcopy.gen.go index 8c185f882017..bc5b81a9a6fb 100644 --- a/proto-public/pbmesh/v2beta1/proxy_configuration_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/proxy_configuration_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using ProxyConfiguration within kubernetes types, where deepcopy-gen is used. func (in *ProxyConfiguration) DeepCopyInto(out *ProxyConfiguration) { - p := proto.Clone(in).(*ProxyConfiguration) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyConfiguration. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *ProxyConfiguration) DeepCopyInterface() interface{} { // DeepCopyInto supports using DynamicConfig within kubernetes types, where deepcopy-gen is used. func (in *DynamicConfig) DeepCopyInto(out *DynamicConfig) { - p := proto.Clone(in).(*DynamicConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicConfig. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *DynamicConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using TransparentProxy within kubernetes types, where deepcopy-gen is used. func (in *TransparentProxy) DeepCopyInto(out *TransparentProxy) { - p := proto.Clone(in).(*TransparentProxy) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransparentProxy. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *TransparentProxy) DeepCopyInterface() interface{} { // DeepCopyInto supports using BootstrapConfig within kubernetes types, where deepcopy-gen is used. func (in *BootstrapConfig) DeepCopyInto(out *BootstrapConfig) { - p := proto.Clone(in).(*BootstrapConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BootstrapConfig. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *BootstrapConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using AccessLogsConfig within kubernetes types, where deepcopy-gen is used. func (in *AccessLogsConfig) DeepCopyInto(out *AccessLogsConfig) { - p := proto.Clone(in).(*AccessLogsConfig) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessLogsConfig. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *AccessLogsConfig) DeepCopyInterface() interface{} { // DeepCopyInto supports using EnvoyExtension within kubernetes types, where deepcopy-gen is used. func (in *EnvoyExtension) DeepCopyInto(out *EnvoyExtension) { - p := proto.Clone(in).(*EnvoyExtension) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyExtension. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/proxy_state_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/proxy_state_deepcopy.gen.go index c6d34360e0f9..fbc6ed842098 100644 --- a/proto-public/pbmesh/v2beta1/proxy_state_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/proxy_state_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using ProxyStateTemplate within kubernetes types, where deepcopy-gen is used. func (in *ProxyStateTemplate) DeepCopyInto(out *ProxyStateTemplate) { - p := proto.Clone(in).(*ProxyStateTemplate) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyStateTemplate. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *ProxyStateTemplate) DeepCopyInterface() interface{} { // DeepCopyInto supports using ProxyState within kubernetes types, where deepcopy-gen is used. func (in *ProxyState) DeepCopyInto(out *ProxyState) { - p := proto.Clone(in).(*ProxyState) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyState. Required by controller-gen. diff --git a/proto-public/pbmesh/v2beta1/tcp_route_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/tcp_route_deepcopy.gen.go index c2bd4afc57f8..487209766f96 100644 --- a/proto-public/pbmesh/v2beta1/tcp_route_deepcopy.gen.go +++ b/proto-public/pbmesh/v2beta1/tcp_route_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using TCPRoute within kubernetes types, where deepcopy-gen is used. func (in *TCPRoute) DeepCopyInto(out *TCPRoute) { - p := proto.Clone(in).(*TCPRoute) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPRoute. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *TCPRoute) DeepCopyInterface() interface{} { // DeepCopyInto supports using TCPRouteRule within kubernetes types, where deepcopy-gen is used. func (in *TCPRouteRule) DeepCopyInto(out *TCPRouteRule) { - p := proto.Clone(in).(*TCPRouteRule) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPRouteRule. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *TCPRouteRule) DeepCopyInterface() interface{} { // DeepCopyInto supports using TCPBackendRef within kubernetes types, where deepcopy-gen is used. func (in *TCPBackendRef) DeepCopyInto(out *TCPBackendRef) { - p := proto.Clone(in).(*TCPBackendRef) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPBackendRef. Required by controller-gen. diff --git a/proto-public/pbresource/annotations_deepcopy.gen.go b/proto-public/pbresource/annotations_deepcopy.gen.go index a4265c38505c..0693ee89e2e5 100644 --- a/proto-public/pbresource/annotations_deepcopy.gen.go +++ b/proto-public/pbresource/annotations_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using ResourceTypeSpec within kubernetes types, where deepcopy-gen is used. func (in *ResourceTypeSpec) DeepCopyInto(out *ResourceTypeSpec) { - p := proto.Clone(in).(*ResourceTypeSpec) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceTypeSpec. Required by controller-gen. diff --git a/proto-public/pbresource/resource_deepcopy.gen.go b/proto-public/pbresource/resource_deepcopy.gen.go index 92fdb8da2f46..5b81e6f9dfed 100644 --- a/proto-public/pbresource/resource_deepcopy.gen.go +++ b/proto-public/pbresource/resource_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using Type within kubernetes types, where deepcopy-gen is used. func (in *Type) DeepCopyInto(out *Type) { - p := proto.Clone(in).(*Type) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Type. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *Type) DeepCopyInterface() interface{} { // DeepCopyInto supports using Tenancy within kubernetes types, where deepcopy-gen is used. func (in *Tenancy) DeepCopyInto(out *Tenancy) { - p := proto.Clone(in).(*Tenancy) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tenancy. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *Tenancy) DeepCopyInterface() interface{} { // DeepCopyInto supports using ID within kubernetes types, where deepcopy-gen is used. func (in *ID) DeepCopyInto(out *ID) { - p := proto.Clone(in).(*ID) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ID. Required by controller-gen. @@ -70,8 +70,8 @@ func (in *ID) DeepCopyInterface() interface{} { // DeepCopyInto supports using Resource within kubernetes types, where deepcopy-gen is used. func (in *Resource) DeepCopyInto(out *Resource) { - p := proto.Clone(in).(*Resource) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Resource. Required by controller-gen. @@ -91,8 +91,8 @@ func (in *Resource) DeepCopyInterface() interface{} { // DeepCopyInto supports using Status within kubernetes types, where deepcopy-gen is used. func (in *Status) DeepCopyInto(out *Status) { - p := proto.Clone(in).(*Status) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Status. Required by controller-gen. @@ -112,8 +112,8 @@ func (in *Status) DeepCopyInterface() interface{} { // DeepCopyInto supports using Condition within kubernetes types, where deepcopy-gen is used. func (in *Condition) DeepCopyInto(out *Condition) { - p := proto.Clone(in).(*Condition) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition. Required by controller-gen. @@ -133,8 +133,8 @@ func (in *Condition) DeepCopyInterface() interface{} { // DeepCopyInto supports using Reference within kubernetes types, where deepcopy-gen is used. func (in *Reference) DeepCopyInto(out *Reference) { - p := proto.Clone(in).(*Reference) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Reference. Required by controller-gen. @@ -154,8 +154,8 @@ func (in *Reference) DeepCopyInterface() interface{} { // DeepCopyInto supports using Tombstone within kubernetes types, where deepcopy-gen is used. func (in *Tombstone) DeepCopyInto(out *Tombstone) { - p := proto.Clone(in).(*Tombstone) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tombstone. Required by controller-gen. @@ -175,8 +175,8 @@ func (in *Tombstone) DeepCopyInterface() interface{} { // DeepCopyInto supports using ReadRequest within kubernetes types, where deepcopy-gen is used. func (in *ReadRequest) DeepCopyInto(out *ReadRequest) { - p := proto.Clone(in).(*ReadRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReadRequest. Required by controller-gen. @@ -196,8 +196,8 @@ func (in *ReadRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using ReadResponse within kubernetes types, where deepcopy-gen is used. func (in *ReadResponse) DeepCopyInto(out *ReadResponse) { - p := proto.Clone(in).(*ReadResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReadResponse. Required by controller-gen. @@ -217,8 +217,8 @@ func (in *ReadResponse) DeepCopyInterface() interface{} { // DeepCopyInto supports using ListRequest within kubernetes types, where deepcopy-gen is used. func (in *ListRequest) DeepCopyInto(out *ListRequest) { - p := proto.Clone(in).(*ListRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ListRequest. Required by controller-gen. @@ -238,8 +238,8 @@ func (in *ListRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using ListResponse within kubernetes types, where deepcopy-gen is used. func (in *ListResponse) DeepCopyInto(out *ListResponse) { - p := proto.Clone(in).(*ListResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ListResponse. Required by controller-gen. @@ -259,8 +259,8 @@ func (in *ListResponse) DeepCopyInterface() interface{} { // DeepCopyInto supports using ListByOwnerRequest within kubernetes types, where deepcopy-gen is used. func (in *ListByOwnerRequest) DeepCopyInto(out *ListByOwnerRequest) { - p := proto.Clone(in).(*ListByOwnerRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ListByOwnerRequest. Required by controller-gen. @@ -280,8 +280,8 @@ func (in *ListByOwnerRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using ListByOwnerResponse within kubernetes types, where deepcopy-gen is used. func (in *ListByOwnerResponse) DeepCopyInto(out *ListByOwnerResponse) { - p := proto.Clone(in).(*ListByOwnerResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ListByOwnerResponse. Required by controller-gen. @@ -301,8 +301,8 @@ func (in *ListByOwnerResponse) DeepCopyInterface() interface{} { // DeepCopyInto supports using WriteRequest within kubernetes types, where deepcopy-gen is used. func (in *WriteRequest) DeepCopyInto(out *WriteRequest) { - p := proto.Clone(in).(*WriteRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WriteRequest. Required by controller-gen. @@ -322,8 +322,8 @@ func (in *WriteRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using WriteResponse within kubernetes types, where deepcopy-gen is used. func (in *WriteResponse) DeepCopyInto(out *WriteResponse) { - p := proto.Clone(in).(*WriteResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WriteResponse. Required by controller-gen. @@ -343,8 +343,8 @@ func (in *WriteResponse) DeepCopyInterface() interface{} { // DeepCopyInto supports using WriteStatusRequest within kubernetes types, where deepcopy-gen is used. func (in *WriteStatusRequest) DeepCopyInto(out *WriteStatusRequest) { - p := proto.Clone(in).(*WriteStatusRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WriteStatusRequest. Required by controller-gen. @@ -364,8 +364,8 @@ func (in *WriteStatusRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using WriteStatusResponse within kubernetes types, where deepcopy-gen is used. func (in *WriteStatusResponse) DeepCopyInto(out *WriteStatusResponse) { - p := proto.Clone(in).(*WriteStatusResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WriteStatusResponse. Required by controller-gen. @@ -385,8 +385,8 @@ func (in *WriteStatusResponse) DeepCopyInterface() interface{} { // DeepCopyInto supports using DeleteRequest within kubernetes types, where deepcopy-gen is used. func (in *DeleteRequest) DeepCopyInto(out *DeleteRequest) { - p := proto.Clone(in).(*DeleteRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeleteRequest. Required by controller-gen. @@ -406,8 +406,8 @@ func (in *DeleteRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using DeleteResponse within kubernetes types, where deepcopy-gen is used. func (in *DeleteResponse) DeepCopyInto(out *DeleteResponse) { - p := proto.Clone(in).(*DeleteResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeleteResponse. Required by controller-gen. @@ -427,8 +427,8 @@ func (in *DeleteResponse) DeepCopyInterface() interface{} { // DeepCopyInto supports using WatchListRequest within kubernetes types, where deepcopy-gen is used. func (in *WatchListRequest) DeepCopyInto(out *WatchListRequest) { - p := proto.Clone(in).(*WatchListRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WatchListRequest. Required by controller-gen. @@ -448,8 +448,8 @@ func (in *WatchListRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using WatchEvent within kubernetes types, where deepcopy-gen is used. func (in *WatchEvent) DeepCopyInto(out *WatchEvent) { - p := proto.Clone(in).(*WatchEvent) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WatchEvent. Required by controller-gen. diff --git a/proto-public/pbserverdiscovery/serverdiscovery_deepcopy.gen.go b/proto-public/pbserverdiscovery/serverdiscovery_deepcopy.gen.go index 6d5016561427..2bd82a8a891a 100644 --- a/proto-public/pbserverdiscovery/serverdiscovery_deepcopy.gen.go +++ b/proto-public/pbserverdiscovery/serverdiscovery_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using WatchServersRequest within kubernetes types, where deepcopy-gen is used. func (in *WatchServersRequest) DeepCopyInto(out *WatchServersRequest) { - p := proto.Clone(in).(*WatchServersRequest) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WatchServersRequest. Required by controller-gen. @@ -28,8 +28,8 @@ func (in *WatchServersRequest) DeepCopyInterface() interface{} { // DeepCopyInto supports using WatchServersResponse within kubernetes types, where deepcopy-gen is used. func (in *WatchServersResponse) DeepCopyInto(out *WatchServersResponse) { - p := proto.Clone(in).(*WatchServersResponse) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WatchServersResponse. Required by controller-gen. @@ -49,8 +49,8 @@ func (in *WatchServersResponse) DeepCopyInterface() interface{} { // DeepCopyInto supports using Server within kubernetes types, where deepcopy-gen is used. func (in *Server) DeepCopyInto(out *Server) { - p := proto.Clone(in).(*Server) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Server. Required by controller-gen. diff --git a/proto-public/pbtenancy/v1alpha1/namespace_deepcopy.gen.go b/proto-public/pbtenancy/v1alpha1/namespace_deepcopy.gen.go index 52ee3d7e7cc7..97af531ab333 100644 --- a/proto-public/pbtenancy/v1alpha1/namespace_deepcopy.gen.go +++ b/proto-public/pbtenancy/v1alpha1/namespace_deepcopy.gen.go @@ -7,8 +7,8 @@ import ( // DeepCopyInto supports using Namespace within kubernetes types, where deepcopy-gen is used. func (in *Namespace) DeepCopyInto(out *Namespace) { - p := proto.Clone(in).(*Namespace) - *out = *p + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Namespace. Required by controller-gen. From 9b0f4b7fc5e65390ef04a01edbf5b98f6ee0f95e Mon Sep 17 00:00:00 2001 From: Michael Zalimeni Date: Fri, 13 Oct 2023 17:12:36 -0400 Subject: [PATCH 03/10] chore: update version and nightly CI for 1.17 (#19208) Update version file to 1.18-dev, and replace 1.13 nightly test with 1.17. --- .../{nightly-test-1.13.x.yaml => nightly-test-1.17.x.yaml} | 6 +++--- version/VERSION | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) rename .github/workflows/{nightly-test-1.13.x.yaml => nightly-test-1.17.x.yaml} (98%) diff --git a/.github/workflows/nightly-test-1.13.x.yaml b/.github/workflows/nightly-test-1.17.x.yaml similarity index 98% rename from .github/workflows/nightly-test-1.13.x.yaml rename to .github/workflows/nightly-test-1.17.x.yaml index f314a475dfbd..df6f8d946f83 100644 --- a/.github/workflows/nightly-test-1.13.x.yaml +++ b/.github/workflows/nightly-test-1.17.x.yaml @@ -1,7 +1,7 @@ # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: MPL-2.0 -name: Nightly Frontend Test 1.13.x +name: Nightly Frontend Test 1.17.x on: schedule: - cron: '0 4 * * *' @@ -9,8 +9,8 @@ on: env: EMBER_PARTITION_TOTAL: 4 # Has to be changed in tandem with the matrix.partition - BRANCH: "release/1.13.x" - BRANCH_NAME: "release-1.13.x" # Used for naming artifacts + BRANCH: "release/1.17.x" + BRANCH_NAME: "release-1.17.x" # Used for naming artifacts GOPRIVATE: github.com/hashicorp # Required for enterprise deps jobs: diff --git a/version/VERSION b/version/VERSION index ee8855caa4a7..ee017091ff37 100644 --- a/version/VERSION +++ b/version/VERSION @@ -1 +1 @@ -1.17.0-dev +1.18.0-dev From e94d6ceca6ba825101e6591b37410579c68ab2cb Mon Sep 17 00:00:00 2001 From: Iryna Shustava Date: Fri, 13 Oct 2023 15:21:39 -0600 Subject: [PATCH 04/10] mesh: add validation hook to proxy configuration (#19186) --- .../proxyconfiguration/sort_test.go | 3 +- internal/mesh/internal/types/errors.go | 14 + .../internal/types/proxy_configuration.go | 174 ++++++++- .../types/proxy_configuration_test.go | 193 +++++++++- internal/resource/errors.go | 19 +- .../pbmesh/v2beta1/proxy_configuration.pb.go | 329 +++++++++--------- .../pbmesh/v2beta1/proxy_configuration.proto | 14 +- proto-public/pbmesh/v2beta1/routing.pb.go | 2 +- proto-public/pbmesh/v2beta1/routing.proto | 2 +- 9 files changed, 555 insertions(+), 195 deletions(-) create mode 100644 internal/mesh/internal/types/errors.go diff --git a/internal/mesh/internal/controllers/proxyconfiguration/sort_test.go b/internal/mesh/internal/controllers/proxyconfiguration/sort_test.go index 36033a47e477..1fbf8254ee60 100644 --- a/internal/mesh/internal/controllers/proxyconfiguration/sort_test.go +++ b/internal/mesh/internal/controllers/proxyconfiguration/sort_test.go @@ -99,7 +99,8 @@ func TestSortProxyConfigurations(t *testing.T) { var decProxyCfgs []*types.DecodedProxyConfiguration for i, ws := range c.selectors { proxyCfg := &pbmesh.ProxyConfiguration{ - Workloads: ws, + Workloads: ws, + DynamicConfig: &pbmesh.DynamicConfig{}, } resName := fmt.Sprintf("cfg-%d", i) proxyCfgRes := resourcetest.Resource(pbmesh.ProxyConfigurationType, resName). diff --git a/internal/mesh/internal/types/errors.go b/internal/mesh/internal/types/errors.go new file mode 100644 index 000000000000..e38085b49fa2 --- /dev/null +++ b/internal/mesh/internal/types/errors.go @@ -0,0 +1,14 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package types + +import ( + "errors" +) + +var ( + errInvalidPort = errors.New("port number is outside the range 1 to 65535") + errInvalidExposePathProtocol = errors.New("invalid protocol: only HTTP and HTTP2 protocols are allowed") + errMissingProxyConfigData = errors.New("at least one of \"bootstrap_config\" or \"dynamic_config\" fields must be set") +) diff --git a/internal/mesh/internal/types/proxy_configuration.go b/internal/mesh/internal/types/proxy_configuration.go index 590ee27aeb1b..0c9ac05147e1 100644 --- a/internal/mesh/internal/types/proxy_configuration.go +++ b/internal/mesh/internal/types/proxy_configuration.go @@ -4,9 +4,12 @@ package types import ( + "math" + "github.com/hashicorp/go-multierror" "github.com/hashicorp/consul/internal/catalog" + "github.com/hashicorp/consul/internal/resource" pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" @@ -53,23 +56,174 @@ func MutateProxyConfiguration(res *pbresource.Resource) error { } func ValidateProxyConfiguration(res *pbresource.Resource) error { - var cfg pbmesh.ProxyConfiguration - - if err := res.Data.UnmarshalTo(&cfg); err != nil { - return resource.NewErrDataParse(&cfg, err) + decodedProxyCfg, decodeErr := resource.Decode[*pbmesh.ProxyConfiguration](res) + if decodeErr != nil { + return resource.NewErrDataParse(decodedProxyCfg.GetData(), decodeErr) } + proxyCfg := decodedProxyCfg.GetData() - var merr error + var err error - // Validate the workload selector - if selErr := catalog.ValidateSelector(cfg.Workloads, false); selErr != nil { - merr = multierror.Append(merr, resource.ErrInvalidField{ + if selErr := catalog.ValidateSelector(proxyCfg.Workloads, false); selErr != nil { + err = multierror.Append(err, resource.ErrInvalidField{ Name: "workloads", Wrapped: selErr, }) } - // TODO(rb): add more validation for proxy configuration + if proxyCfg.GetDynamicConfig() == nil && proxyCfg.GetBootstrapConfig() == nil { + err = multierror.Append(err, resource.ErrInvalidFields{ + Names: []string{"dynamic_config", "bootstrap_config"}, + Wrapped: errMissingProxyConfigData, + }) + } + + // nolint:staticcheck + if proxyCfg.GetOpaqueConfig() != nil { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "opaque_config", + Wrapped: resource.ErrUnsupported, + }) + } + + if dynamicCfgErr := validateDynamicProxyConfiguration(proxyCfg.GetDynamicConfig()); dynamicCfgErr != nil { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "dynamic_config", + Wrapped: dynamicCfgErr, + }) + } + + return err +} + +func validateDynamicProxyConfiguration(cfg *pbmesh.DynamicConfig) error { + if cfg == nil { + return nil + } + + var err error + + // Error if any of the currently unsupported fields is set. + if cfg.GetMutualTlsMode() != pbmesh.MutualTLSMode_MUTUAL_TLS_MODE_DEFAULT { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "mutual_tls_mode", + Wrapped: resource.ErrUnsupported, + }) + } + + if cfg.GetMeshGatewayMode() != pbmesh.MeshGatewayMode_MESH_GATEWAY_MODE_UNSPECIFIED { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "mesh_gateway_mode", + Wrapped: resource.ErrUnsupported, + }) + } - return merr + if cfg.GetAccessLogs() != nil { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "access_logs", + Wrapped: resource.ErrUnsupported, + }) + } + + if cfg.GetPublicListenerJson() != "" { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "public_listener_json", + Wrapped: resource.ErrUnsupported, + }) + } + + if cfg.GetListenerTracingJson() != "" { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "listener_tracing_json", + Wrapped: resource.ErrUnsupported, + }) + } + + if cfg.GetLocalClusterJson() != "" { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "local_cluster_json", + Wrapped: resource.ErrUnsupported, + }) + } + + // nolint:staticcheck + if cfg.GetLocalWorkloadAddress() != "" { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "local_workload_address", + Wrapped: resource.ErrUnsupported, + }) + } + + // nolint:staticcheck + if cfg.GetLocalWorkloadPort() != 0 { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "local_workload_port", + Wrapped: resource.ErrUnsupported, + }) + } + + // nolint:staticcheck + if cfg.GetLocalWorkloadSocketPath() != "" { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "local_workload_socket_path", + Wrapped: resource.ErrUnsupported, + }) + } + + if tproxyCfg := cfg.GetTransparentProxy(); tproxyCfg != nil { + if tproxyCfg.DialedDirectly { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "transparent_proxy", + Wrapped: resource.ErrInvalidField{ + Name: "dialed_directly", + Wrapped: resource.ErrUnsupported, + }, + }) + } + + if outboundListenerPortErr := validatePort(tproxyCfg.OutboundListenerPort, "outbound_listener_port"); outboundListenerPortErr != nil { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "transparent_proxy", + Wrapped: outboundListenerPortErr, + }) + } + } + + if exposeCfg := cfg.GetExposeConfig(); exposeCfg != nil { + for i, path := range exposeCfg.GetExposePaths() { + if listenerPortErr := validatePort(path.ListenerPort, "listener_port"); listenerPortErr != nil { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "expose_config", + Wrapped: resource.ErrInvalidListElement{ + Name: "expose_paths", + Index: i, + Wrapped: listenerPortErr, + }, + }) + } + + if localPathPortErr := validatePort(path.LocalPathPort, "local_path_port"); localPathPortErr != nil { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "expose_config", + Wrapped: resource.ErrInvalidListElement{ + Name: "expose_paths", + Index: i, + Wrapped: localPathPortErr, + }, + }) + } + } + } + + return err +} + +func validatePort(port uint32, fieldName string) error { + if port < 1 || port > math.MaxUint16 { + return resource.ErrInvalidField{ + Name: fieldName, + Wrapped: errInvalidPort, + } + } + return nil } diff --git a/internal/mesh/internal/types/proxy_configuration_test.go b/internal/mesh/internal/types/proxy_configuration_test.go index 44d8b8820af4..c504ff2bd03d 100644 --- a/internal/mesh/internal/types/proxy_configuration_test.go +++ b/internal/mesh/internal/types/proxy_configuration_test.go @@ -4,9 +4,12 @@ package types import ( + "math" "testing" + "github.com/hashicorp/go-multierror" "github.com/stretchr/testify/require" + "google.golang.org/protobuf/types/known/structpb" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/resourcetest" @@ -86,7 +89,194 @@ func TestMutateProxyConfiguration(t *testing.T) { } } -func TestValidateProxyConfiguration(t *testing.T) { +func TestValidateProxyConfiguration_MissingBothDynamicAndBootstrapConfig(t *testing.T) { + proxyCfg := &pbmesh.ProxyConfiguration{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{"foo"}}, + } + + res := resourcetest.Resource(pbmesh.ProxyConfigurationType, "test"). + WithData(t, proxyCfg). + Build() + + err := ValidateProxyConfiguration(res) + + var expError error + expError = multierror.Append(expError, + resource.ErrInvalidFields{ + Names: []string{"dynamic_config", "bootstrap_config"}, + Wrapped: errMissingProxyConfigData, + }, + ) + require.Equal(t, err, expError) +} + +func TestValidateProxyConfiguration_AllFieldsInvalid(t *testing.T) { + proxyCfg := &pbmesh.ProxyConfiguration{ + // Omit workload selector. + + DynamicConfig: &pbmesh.DynamicConfig{ + // Set unsupported fields. + MutualTlsMode: pbmesh.MutualTLSMode_MUTUAL_TLS_MODE_PERMISSIVE, + MeshGatewayMode: pbmesh.MeshGatewayMode_MESH_GATEWAY_MODE_LOCAL, + AccessLogs: &pbmesh.AccessLogsConfig{}, + PublicListenerJson: "listener-json", + ListenerTracingJson: "tracing-json", + LocalClusterJson: "cluster-json", + LocalWorkloadAddress: "1.1.1.1", + LocalWorkloadPort: 1234, + LocalWorkloadSocketPath: "/foo/bar", + + TransparentProxy: &pbmesh.TransparentProxy{ + DialedDirectly: true, // unsupported + OutboundListenerPort: math.MaxUint16 + 1, // invalid + }, + + // Create invalid expose paths config. + ExposeConfig: &pbmesh.ExposeConfig{ + ExposePaths: []*pbmesh.ExposePath{ + { + ListenerPort: 0, + LocalPathPort: math.MaxUint16 + 1, + }, + }, + }, + }, + + OpaqueConfig: &structpb.Struct{}, + } + + res := resourcetest.Resource(pbmesh.ProxyConfigurationType, "test"). + WithData(t, proxyCfg). + Build() + + err := ValidateProxyConfiguration(res) + + var dynamicCfgErr error + unsupportedFields := []string{ + "mutual_tls_mode", + "mesh_gateway_mode", + "access_logs", + "public_listener_json", + "listener_tracing_json", + "local_cluster_json", + "local_workload_address", + "local_workload_port", + "local_workload_socket_path", + } + for _, f := range unsupportedFields { + dynamicCfgErr = multierror.Append(dynamicCfgErr, + resource.ErrInvalidField{ + Name: f, + Wrapped: resource.ErrUnsupported, + }, + ) + } + dynamicCfgErr = multierror.Append(dynamicCfgErr, + resource.ErrInvalidField{ + Name: "transparent_proxy", + Wrapped: resource.ErrInvalidField{ + Name: "dialed_directly", + Wrapped: resource.ErrUnsupported, + }, + }, + resource.ErrInvalidField{ + Name: "transparent_proxy", + Wrapped: resource.ErrInvalidField{ + Name: "outbound_listener_port", + Wrapped: errInvalidPort, + }, + }, + resource.ErrInvalidField{ + Name: "expose_config", + Wrapped: resource.ErrInvalidListElement{ + Name: "expose_paths", + Wrapped: resource.ErrInvalidField{ + Name: "listener_port", + Wrapped: errInvalidPort, + }, + }, + }, + resource.ErrInvalidField{ + Name: "expose_config", + Wrapped: resource.ErrInvalidListElement{ + Name: "expose_paths", + Wrapped: resource.ErrInvalidField{ + Name: "local_path_port", + Wrapped: errInvalidPort, + }, + }, + }, + ) + + var expError error + expError = multierror.Append(expError, + resource.ErrInvalidField{ + Name: "workloads", + Wrapped: resource.ErrEmpty, + }, + resource.ErrInvalidField{ + Name: "opaque_config", + Wrapped: resource.ErrUnsupported, + }, + resource.ErrInvalidField{ + Name: "dynamic_config", + Wrapped: dynamicCfgErr, + }, + ) + + require.Equal(t, err, expError) +} + +func TestValidateProxyConfiguration_AllFieldsValid(t *testing.T) { + proxyCfg := &pbmesh.ProxyConfiguration{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{"foo"}}, + + DynamicConfig: &pbmesh.DynamicConfig{ + MutualTlsMode: pbmesh.MutualTLSMode_MUTUAL_TLS_MODE_DEFAULT, + MeshGatewayMode: pbmesh.MeshGatewayMode_MESH_GATEWAY_MODE_UNSPECIFIED, + + TransparentProxy: &pbmesh.TransparentProxy{ + DialedDirectly: false, + OutboundListenerPort: 15500, + }, + + ExposeConfig: &pbmesh.ExposeConfig{ + ExposePaths: []*pbmesh.ExposePath{ + { + ListenerPort: 1234, + LocalPathPort: 1235, + }, + }, + }, + }, + + BootstrapConfig: &pbmesh.BootstrapConfig{ + StatsdUrl: "stats-url", + DogstatsdUrl: "dogstats-url", + StatsTags: []string{"tags"}, + PrometheusBindAddr: "prom-bind-addr", + StatsBindAddr: "stats-bind-addr", + ReadyBindAddr: "ready-bind-addr", + OverrideJsonTpl: "override-json-tpl", + StaticClustersJson: "static-clusters-json", + StaticListenersJson: "static-listeners-json", + StatsSinksJson: "stats-sinks-json", + StatsConfigJson: "stats-config-json", + StatsFlushInterval: "stats-flush-interval", + TracingConfigJson: "tracing-config-json", + TelemetryCollectorBindSocketDir: "telemetry-collector-bind-socket-dir", + }, + } + + res := resourcetest.Resource(pbmesh.ProxyConfigurationType, "test"). + WithData(t, proxyCfg). + Build() + + err := ValidateProxyConfiguration(res) + require.NoError(t, err) +} + +func TestValidateProxyConfiguration_WorkloadSelector(t *testing.T) { type testcase struct { data *pbmesh.ProxyConfiguration expectErr string @@ -146,6 +336,7 @@ func TestValidateProxyConfiguration(t *testing.T) { Names: []string{"blah"}, Filter: "metadata.foo == bar", }, + DynamicConfig: &pbmesh.DynamicConfig{}, }, }, } diff --git a/internal/resource/errors.go b/internal/resource/errors.go index dbb624c8d004..2003d86cbf71 100644 --- a/internal/resource/errors.go +++ b/internal/resource/errors.go @@ -5,15 +5,18 @@ package resource import ( "fmt" + "strings" - "github.com/hashicorp/consul/proto-public/pbresource" "google.golang.org/protobuf/reflect/protoreflect" + + "github.com/hashicorp/consul/proto-public/pbresource" ) var ( ErrMissing = NewConstError("missing required field") ErrEmpty = NewConstError("cannot be empty") ErrReferenceTenancyNotEqual = NewConstError("resource tenancy and reference tenancy differ") + ErrUnsupported = NewConstError("field is currently not supported") ) // ConstError is more or less equivalent to the stdlib errors.errorstring. However, having @@ -147,3 +150,17 @@ type ErrInvalidReferenceType struct { func (err ErrInvalidReferenceType) Error() string { return fmt.Sprintf("reference must have type %s", ToGVK(err.AllowedType)) } + +type ErrInvalidFields struct { + Names []string + Wrapped error +} + +func (err ErrInvalidFields) Error() string { + allFields := strings.Join(err.Names, ",") + return fmt.Sprintf("invalid %q fields: %v", allFields, err.Wrapped) +} + +func (err ErrInvalidFields) Unwrap() error { + return err.Wrapped +} diff --git a/proto-public/pbmesh/v2beta1/proxy_configuration.pb.go b/proto-public/pbmesh/v2beta1/proxy_configuration.pb.go index 1b09926b796f..a374848fd20e 100644 --- a/proto-public/pbmesh/v2beta1/proxy_configuration.pb.go +++ b/proto-public/pbmesh/v2beta1/proxy_configuration.pb.go @@ -298,20 +298,19 @@ type DynamicConfig struct { ExposeConfig *ExposeConfig `protobuf:"bytes,7,opt,name=expose_config,json=exposeConfig,proto3" json:"expose_config,omitempty"` // AccessLogs configures the output and format of Envoy access logs AccessLogs *AccessLogsConfig `protobuf:"bytes,8,opt,name=access_logs,json=accessLogs,proto3" json:"access_logs,omitempty"` - EnvoyExtensions []*EnvoyExtension `protobuf:"bytes,9,rep,name=envoy_extensions,json=envoyExtensions,proto3" json:"envoy_extensions,omitempty"` - PublicListenerJson string `protobuf:"bytes,10,opt,name=public_listener_json,json=publicListenerJson,proto3" json:"public_listener_json,omitempty"` - ListenerTracingJson string `protobuf:"bytes,11,opt,name=listener_tracing_json,json=listenerTracingJson,proto3" json:"listener_tracing_json,omitempty"` - LocalClusterJson string `protobuf:"bytes,12,opt,name=local_cluster_json,json=localClusterJson,proto3" json:"local_cluster_json,omitempty"` + PublicListenerJson string `protobuf:"bytes,9,opt,name=public_listener_json,json=publicListenerJson,proto3" json:"public_listener_json,omitempty"` + ListenerTracingJson string `protobuf:"bytes,10,opt,name=listener_tracing_json,json=listenerTracingJson,proto3" json:"listener_tracing_json,omitempty"` + LocalClusterJson string `protobuf:"bytes,11,opt,name=local_cluster_json,json=localClusterJson,proto3" json:"local_cluster_json,omitempty"` // deprecated: // local_workload_address, local_workload_port, and local_workload_socket_path // are deprecated and are only needed for migration of existing resources. // // Deprecated: Marked as deprecated in pbmesh/v2beta1/proxy_configuration.proto. - LocalWorkloadAddress string `protobuf:"bytes,13,opt,name=local_workload_address,json=localWorkloadAddress,proto3" json:"local_workload_address,omitempty"` + LocalWorkloadAddress string `protobuf:"bytes,12,opt,name=local_workload_address,json=localWorkloadAddress,proto3" json:"local_workload_address,omitempty"` // Deprecated: Marked as deprecated in pbmesh/v2beta1/proxy_configuration.proto. - LocalWorkloadPort uint32 `protobuf:"varint,14,opt,name=local_workload_port,json=localWorkloadPort,proto3" json:"local_workload_port,omitempty"` + LocalWorkloadPort uint32 `protobuf:"varint,13,opt,name=local_workload_port,json=localWorkloadPort,proto3" json:"local_workload_port,omitempty"` // Deprecated: Marked as deprecated in pbmesh/v2beta1/proxy_configuration.proto. - LocalWorkloadSocketPath string `protobuf:"bytes,15,opt,name=local_workload_socket_path,json=localWorkloadSocketPath,proto3" json:"local_workload_socket_path,omitempty"` + LocalWorkloadSocketPath string `protobuf:"bytes,14,opt,name=local_workload_socket_path,json=localWorkloadSocketPath,proto3" json:"local_workload_socket_path,omitempty"` } func (x *DynamicConfig) Reset() { @@ -402,13 +401,6 @@ func (x *DynamicConfig) GetAccessLogs() *AccessLogsConfig { return nil } -func (x *DynamicConfig) GetEnvoyExtensions() []*EnvoyExtension { - if x != nil { - return x.EnvoyExtensions - } - return nil -} - func (x *DynamicConfig) GetPublicListenerJson() string { if x != nil { return x.PublicListenerJson @@ -886,7 +878,7 @@ var file_pbmesh_v2beta1_proxy_configuration_proto_rawDesc = []byte{ 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0c, 0x6f, 0x70, 0x61, 0x71, 0x75, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x3a, 0x06, - 0xa2, 0x93, 0x04, 0x02, 0x08, 0x03, 0x22, 0xeb, 0x09, 0x0a, 0x0d, 0x44, 0x79, 0x6e, 0x61, 0x6d, + 0xa2, 0x93, 0x04, 0x02, 0x08, 0x03, 0x22, 0x91, 0x09, 0x0a, 0x0d, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x3c, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x28, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, @@ -932,154 +924,148 @@ var file_pbmesh_v2beta1_proxy_configuration_proto_rawDesc = []byte{ 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0a, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, - 0x67, 0x73, 0x12, 0x58, 0x0a, 0x10, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x5f, 0x65, 0x78, 0x74, 0x65, - 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x68, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, - 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x45, 0x6e, 0x76, - 0x6f, 0x79, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x65, 0x6e, 0x76, - 0x6f, 0x79, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x30, 0x0a, 0x14, - 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, - 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x70, 0x75, 0x62, 0x6c, - 0x69, 0x63, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x32, - 0x0a, 0x15, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x69, - 0x6e, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x6c, - 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x4a, 0x73, - 0x6f, 0x6e, 0x12, 0x2c, 0x0a, 0x12, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x63, 0x6c, 0x75, 0x73, - 0x74, 0x65, 0x72, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, - 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x4a, 0x73, 0x6f, 0x6e, - 0x12, 0x38, 0x0a, 0x16, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, - 0x61, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, - 0x42, 0x02, 0x18, 0x01, 0x52, 0x14, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, - 0x6f, 0x61, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x32, 0x0a, 0x13, 0x6c, 0x6f, - 0x63, 0x61, 0x6c, 0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x70, 0x6f, 0x72, - 0x74, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x02, 0x18, 0x01, 0x52, 0x11, 0x6c, 0x6f, 0x63, - 0x61, 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x3f, - 0x0a, 0x1a, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, - 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x0f, 0x20, 0x01, - 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x17, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x57, 0x6f, 0x72, - 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x1a, - 0x73, 0x0a, 0x14, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, - 0x6f, 0x6e, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x45, 0x0a, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, - 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, - 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x3a, 0x02, 0x38, 0x01, 0x22, 0x71, 0x0a, 0x10, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, - 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x34, 0x0a, 0x16, 0x6f, 0x75, 0x74, 0x62, - 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x70, 0x6f, - 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x14, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, - 0x6e, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x27, - 0x0a, 0x0f, 0x64, 0x69, 0x61, 0x6c, 0x65, 0x64, 0x5f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, - 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x64, 0x69, 0x61, 0x6c, 0x65, 0x64, 0x44, - 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79, 0x22, 0x8e, 0x05, 0x0a, 0x0f, 0x42, 0x6f, 0x6f, 0x74, - 0x73, 0x74, 0x72, 0x61, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x73, - 0x74, 0x61, 0x74, 0x73, 0x64, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x09, 0x73, 0x74, 0x61, 0x74, 0x73, 0x64, 0x55, 0x72, 0x6c, 0x12, 0x23, 0x0a, 0x0d, 0x64, 0x6f, - 0x67, 0x73, 0x74, 0x61, 0x74, 0x73, 0x64, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0c, 0x64, 0x6f, 0x67, 0x73, 0x74, 0x61, 0x74, 0x73, 0x64, 0x55, 0x72, 0x6c, 0x12, - 0x1d, 0x0a, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x74, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, - 0x03, 0x28, 0x09, 0x52, 0x09, 0x73, 0x74, 0x61, 0x74, 0x73, 0x54, 0x61, 0x67, 0x73, 0x12, 0x30, - 0x0a, 0x14, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x5f, 0x62, 0x69, 0x6e, - 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x70, 0x72, - 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x42, 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, - 0x12, 0x26, 0x0a, 0x0f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x61, - 0x64, 0x64, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x73, 0x74, 0x61, 0x74, 0x73, - 0x42, 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x26, 0x0a, 0x0f, 0x72, 0x65, 0x61, 0x64, - 0x79, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0d, 0x72, 0x65, 0x61, 0x64, 0x79, 0x42, 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, - 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x5f, 0x6a, 0x73, 0x6f, - 0x6e, 0x5f, 0x74, 0x70, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6f, 0x76, 0x65, - 0x72, 0x72, 0x69, 0x64, 0x65, 0x4a, 0x73, 0x6f, 0x6e, 0x54, 0x70, 0x6c, 0x12, 0x30, 0x0a, 0x14, - 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x5f, - 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x73, 0x74, 0x61, 0x74, - 0x69, 0x63, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x32, - 0x0a, 0x15, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, - 0x72, 0x73, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x73, - 0x74, 0x61, 0x74, 0x69, 0x63, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x4a, 0x73, - 0x6f, 0x6e, 0x12, 0x28, 0x0a, 0x10, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x73, 0x69, 0x6e, 0x6b, - 0x73, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x73, 0x74, - 0x61, 0x74, 0x73, 0x53, 0x69, 0x6e, 0x6b, 0x73, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x2a, 0x0a, 0x11, - 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x6a, 0x73, 0x6f, - 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x43, 0x6f, - 0x6e, 0x66, 0x69, 0x67, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x30, 0x0a, 0x14, 0x73, 0x74, 0x61, 0x74, - 0x73, 0x5f, 0x66, 0x6c, 0x75, 0x73, 0x68, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, - 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x73, 0x74, 0x61, 0x74, 0x73, 0x46, 0x6c, 0x75, - 0x73, 0x68, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x2e, 0x0a, 0x13, 0x74, 0x72, - 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x6a, 0x73, 0x6f, - 0x6e, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, - 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x4c, 0x0a, 0x23, 0x74, 0x65, - 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x5f, 0x63, 0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x6f, - 0x72, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x64, 0x69, - 0x72, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1f, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, - 0x72, 0x79, 0x43, 0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x42, 0x69, 0x6e, 0x64, 0x53, - 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x44, 0x69, 0x72, 0x22, 0xf6, 0x01, 0x0a, 0x10, 0x41, 0x63, 0x63, - 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, - 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, - 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x32, 0x0a, 0x15, 0x64, 0x69, 0x73, 0x61, 0x62, - 0x6c, 0x65, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x6c, 0x6f, 0x67, 0x73, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x4c, - 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4c, 0x6f, 0x67, 0x73, 0x12, 0x3e, 0x0a, 0x04, 0x74, - 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, - 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, - 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x67, 0x53, 0x69, 0x6e, - 0x6b, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, - 0x61, 0x74, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, - 0x1f, 0x0a, 0x0b, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6a, 0x73, 0x6f, 0x6e, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, - 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, - 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x74, 0x65, 0x78, 0x74, 0x46, 0x6f, 0x72, 0x6d, 0x61, - 0x74, 0x22, 0xc3, 0x01, 0x0a, 0x0e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x45, 0x78, 0x74, 0x65, 0x6e, - 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x71, 0x75, - 0x69, 0x72, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x71, 0x75, - 0x69, 0x72, 0x65, 0x64, 0x12, 0x35, 0x0a, 0x09, 0x61, 0x72, 0x67, 0x75, 0x6d, 0x65, 0x6e, 0x74, - 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, - 0x52, 0x09, 0x61, 0x72, 0x67, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x63, - 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x0d, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, - 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x5f, 0x76, 0x65, 0x72, 0x73, - 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x65, 0x6e, 0x76, 0x6f, 0x79, - 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x2a, 0x56, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, - 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x4d, 0x4f, - 0x44, 0x45, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, - 0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x54, 0x52, 0x41, 0x4e, 0x53, - 0x50, 0x41, 0x52, 0x45, 0x4e, 0x54, 0x10, 0x01, 0x12, 0x15, 0x0a, 0x11, 0x50, 0x52, 0x4f, 0x58, - 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x10, 0x02, 0x2a, - 0x74, 0x0a, 0x0b, 0x4c, 0x6f, 0x67, 0x53, 0x69, 0x6e, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x12, 0x19, - 0x0a, 0x15, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, - 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x4c, 0x4f, 0x47, - 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x4c, 0x45, 0x10, - 0x01, 0x12, 0x18, 0x0a, 0x14, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, - 0x50, 0x45, 0x5f, 0x53, 0x54, 0x44, 0x45, 0x52, 0x52, 0x10, 0x02, 0x12, 0x18, 0x0a, 0x14, 0x4c, - 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x44, - 0x4f, 0x55, 0x54, 0x10, 0x03, 0x2a, 0x68, 0x0a, 0x0d, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, - 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x1b, 0x0a, 0x17, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, - 0x5f, 0x54, 0x4c, 0x53, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, - 0x54, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x5f, 0x54, 0x4c, - 0x53, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x54, 0x52, 0x49, 0x43, 0x54, 0x10, 0x01, 0x12, - 0x1e, 0x0a, 0x1a, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x5f, 0x54, 0x4c, 0x53, 0x5f, 0x4d, 0x4f, - 0x44, 0x45, 0x5f, 0x50, 0x45, 0x52, 0x4d, 0x49, 0x53, 0x53, 0x49, 0x56, 0x45, 0x10, 0x02, 0x42, - 0x98, 0x02, 0x0a, 0x21, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, - 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x42, 0x17, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, - 0x5a, 0x43, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, - 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, - 0x68, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x32, - 0x62, 0x65, 0x74, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1d, 0x48, 0x61, - 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, - 0x65, 0x73, 0x68, 0x2e, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xca, 0x02, 0x1d, 0x48, 0x61, - 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, - 0x65, 0x73, 0x68, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xe2, 0x02, 0x29, 0x48, 0x61, - 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, - 0x65, 0x73, 0x68, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, - 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x20, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, - 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, - 0x68, 0x3a, 0x3a, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, + 0x67, 0x73, 0x12, 0x30, 0x0a, 0x14, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6c, 0x69, 0x73, + 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x12, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, + 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x32, 0x0a, 0x15, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, + 0x5f, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0a, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x13, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x54, 0x72, 0x61, + 0x63, 0x69, 0x6e, 0x67, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x2c, 0x0a, 0x12, 0x6c, 0x6f, 0x63, 0x61, + 0x6c, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0b, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x43, 0x6c, 0x75, 0x73, 0x74, + 0x65, 0x72, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x38, 0x0a, 0x16, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, + 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, + 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x14, 0x6c, 0x6f, 0x63, 0x61, + 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, + 0x12, 0x32, 0x0a, 0x13, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, + 0x61, 0x64, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x02, 0x18, + 0x01, 0x52, 0x11, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, + 0x50, 0x6f, 0x72, 0x74, 0x12, 0x3f, 0x0a, 0x1a, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x77, 0x6f, + 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x70, 0x61, + 0x74, 0x68, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x17, 0x6c, 0x6f, + 0x63, 0x61, 0x6c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x6f, 0x63, 0x6b, 0x65, + 0x74, 0x50, 0x61, 0x74, 0x68, 0x1a, 0x73, 0x0a, 0x14, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x43, 0x6f, + 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, + 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, + 0x45, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, + 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, + 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x71, 0x0a, 0x10, 0x54, 0x72, + 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x34, + 0x0a, 0x16, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, + 0x6e, 0x65, 0x72, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x14, + 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, + 0x50, 0x6f, 0x72, 0x74, 0x12, 0x27, 0x0a, 0x0f, 0x64, 0x69, 0x61, 0x6c, 0x65, 0x64, 0x5f, 0x64, + 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x64, + 0x69, 0x61, 0x6c, 0x65, 0x64, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79, 0x22, 0x8e, 0x05, + 0x0a, 0x0f, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x73, 0x64, 0x5f, 0x75, 0x72, 0x6c, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x74, 0x61, 0x74, 0x73, 0x64, 0x55, 0x72, 0x6c, + 0x12, 0x23, 0x0a, 0x0d, 0x64, 0x6f, 0x67, 0x73, 0x74, 0x61, 0x74, 0x73, 0x64, 0x5f, 0x75, 0x72, + 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x64, 0x6f, 0x67, 0x73, 0x74, 0x61, 0x74, + 0x73, 0x64, 0x55, 0x72, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x74, + 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x73, 0x74, 0x61, 0x74, 0x73, + 0x54, 0x61, 0x67, 0x73, 0x12, 0x30, 0x0a, 0x14, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, + 0x75, 0x73, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x12, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x42, 0x69, + 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x26, 0x0a, 0x0f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, + 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0d, 0x73, 0x74, 0x61, 0x74, 0x73, 0x42, 0x69, 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x26, + 0x0a, 0x0f, 0x72, 0x65, 0x61, 0x64, 0x79, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x61, 0x64, 0x64, + 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x72, 0x65, 0x61, 0x64, 0x79, 0x42, 0x69, + 0x6e, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, + 0x64, 0x65, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x74, 0x70, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0f, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x4a, 0x73, 0x6f, 0x6e, 0x54, + 0x70, 0x6c, 0x12, 0x30, 0x0a, 0x14, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x5f, 0x63, 0x6c, 0x75, + 0x73, 0x74, 0x65, 0x72, 0x73, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x12, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, + 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x32, 0x0a, 0x15, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x5f, 0x6c, + 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x09, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x13, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x4c, 0x69, 0x73, 0x74, 0x65, + 0x6e, 0x65, 0x72, 0x73, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x28, 0x0a, 0x10, 0x73, 0x74, 0x61, 0x74, + 0x73, 0x5f, 0x73, 0x69, 0x6e, 0x6b, 0x73, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0e, 0x73, 0x74, 0x61, 0x74, 0x73, 0x53, 0x69, 0x6e, 0x6b, 0x73, 0x4a, 0x73, + 0x6f, 0x6e, 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, + 0x74, 0x61, 0x74, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4a, 0x73, 0x6f, 0x6e, 0x12, 0x30, + 0x0a, 0x14, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x66, 0x6c, 0x75, 0x73, 0x68, 0x5f, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x73, 0x74, + 0x61, 0x74, 0x73, 0x46, 0x6c, 0x75, 0x73, 0x68, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, + 0x12, 0x2e, 0x0a, 0x13, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x74, + 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4a, 0x73, 0x6f, 0x6e, + 0x12, 0x4c, 0x0a, 0x23, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x5f, 0x63, 0x6f, + 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x5f, 0x73, 0x6f, 0x63, + 0x6b, 0x65, 0x74, 0x5f, 0x64, 0x69, 0x72, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1f, 0x74, + 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x43, 0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x6f, + 0x72, 0x42, 0x69, 0x6e, 0x64, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x44, 0x69, 0x72, 0x22, 0xf6, + 0x01, 0x0a, 0x10, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x73, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x32, 0x0a, + 0x15, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, + 0x72, 0x5f, 0x6c, 0x6f, 0x67, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x64, 0x69, + 0x73, 0x61, 0x62, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4c, 0x6f, 0x67, + 0x73, 0x12, 0x3e, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, + 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, + 0x4c, 0x6f, 0x67, 0x53, 0x69, 0x6e, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, + 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x1f, 0x0a, 0x0b, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x66, 0x6f, + 0x72, 0x6d, 0x61, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6a, 0x73, 0x6f, 0x6e, + 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x66, + 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x74, 0x65, 0x78, + 0x74, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x22, 0xc3, 0x01, 0x0a, 0x0e, 0x45, 0x6e, 0x76, 0x6f, + 0x79, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, + 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1a, + 0x0a, 0x08, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x08, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x12, 0x35, 0x0a, 0x09, 0x61, 0x72, + 0x67, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x09, 0x61, 0x72, 0x67, 0x75, 0x6d, 0x65, 0x6e, 0x74, + 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5f, 0x76, 0x65, 0x72, 0x73, + 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x65, 0x6e, 0x76, 0x6f, + 0x79, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0c, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x2a, 0x56, 0x0a, + 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x50, 0x52, + 0x4f, 0x58, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, + 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, + 0x5f, 0x54, 0x52, 0x41, 0x4e, 0x53, 0x50, 0x41, 0x52, 0x45, 0x4e, 0x54, 0x10, 0x01, 0x12, 0x15, + 0x0a, 0x11, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x44, 0x49, 0x52, + 0x45, 0x43, 0x54, 0x10, 0x02, 0x2a, 0x74, 0x0a, 0x0b, 0x4c, 0x6f, 0x67, 0x53, 0x69, 0x6e, 0x6b, + 0x54, 0x79, 0x70, 0x65, 0x12, 0x19, 0x0a, 0x15, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, + 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, + 0x16, 0x0a, 0x12, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, + 0x5f, 0x46, 0x49, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x4c, 0x4f, 0x47, 0x5f, 0x53, + 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x44, 0x45, 0x52, 0x52, 0x10, + 0x02, 0x12, 0x18, 0x0a, 0x14, 0x4c, 0x4f, 0x47, 0x5f, 0x53, 0x49, 0x4e, 0x4b, 0x5f, 0x54, 0x59, + 0x50, 0x45, 0x5f, 0x53, 0x54, 0x44, 0x4f, 0x55, 0x54, 0x10, 0x03, 0x2a, 0x68, 0x0a, 0x0d, 0x4d, + 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x1b, 0x0a, 0x17, + 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x5f, 0x54, 0x4c, 0x53, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, + 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x4d, 0x55, 0x54, + 0x55, 0x41, 0x4c, 0x5f, 0x54, 0x4c, 0x53, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x54, 0x52, + 0x49, 0x43, 0x54, 0x10, 0x01, 0x12, 0x1e, 0x0a, 0x1a, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x5f, + 0x54, 0x4c, 0x53, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x50, 0x45, 0x52, 0x4d, 0x49, 0x53, 0x53, + 0x49, 0x56, 0x45, 0x10, 0x02, 0x42, 0x98, 0x02, 0x0a, 0x21, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, + 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x42, 0x17, 0x50, 0x72, 0x6f, + 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, + 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x43, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, + 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, + 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x3b, + 0x6d, 0x65, 0x73, 0x68, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, + 0x4d, 0xaa, 0x02, 0x1d, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, + 0x31, 0xca, 0x02, 0x1d, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, + 0x31, 0xe2, 0x02, 0x29, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, + 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x20, + 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, + 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1127,15 +1113,14 @@ var file_pbmesh_v2beta1_proxy_configuration_proto_depIdxs = []int32{ 13, // 9: hashicorp.consul.mesh.v2beta1.DynamicConfig.mesh_gateway_mode:type_name -> hashicorp.consul.mesh.v2beta1.MeshGatewayMode 14, // 10: hashicorp.consul.mesh.v2beta1.DynamicConfig.expose_config:type_name -> hashicorp.consul.mesh.v2beta1.ExposeConfig 7, // 11: hashicorp.consul.mesh.v2beta1.DynamicConfig.access_logs:type_name -> hashicorp.consul.mesh.v2beta1.AccessLogsConfig - 8, // 12: hashicorp.consul.mesh.v2beta1.DynamicConfig.envoy_extensions:type_name -> hashicorp.consul.mesh.v2beta1.EnvoyExtension - 1, // 13: hashicorp.consul.mesh.v2beta1.AccessLogsConfig.type:type_name -> hashicorp.consul.mesh.v2beta1.LogSinkType - 11, // 14: hashicorp.consul.mesh.v2beta1.EnvoyExtension.arguments:type_name -> google.protobuf.Struct - 15, // 15: hashicorp.consul.mesh.v2beta1.DynamicConfig.LocalConnectionEntry.value:type_name -> hashicorp.consul.mesh.v2beta1.ConnectionConfig - 16, // [16:16] is the sub-list for method output_type - 16, // [16:16] is the sub-list for method input_type - 16, // [16:16] is the sub-list for extension type_name - 16, // [16:16] is the sub-list for extension extendee - 0, // [0:16] is the sub-list for field type_name + 1, // 12: hashicorp.consul.mesh.v2beta1.AccessLogsConfig.type:type_name -> hashicorp.consul.mesh.v2beta1.LogSinkType + 11, // 13: hashicorp.consul.mesh.v2beta1.EnvoyExtension.arguments:type_name -> google.protobuf.Struct + 15, // 14: hashicorp.consul.mesh.v2beta1.DynamicConfig.LocalConnectionEntry.value:type_name -> hashicorp.consul.mesh.v2beta1.ConnectionConfig + 15, // [15:15] is the sub-list for method output_type + 15, // [15:15] is the sub-list for method input_type + 15, // [15:15] is the sub-list for extension type_name + 15, // [15:15] is the sub-list for extension extendee + 0, // [0:15] is the sub-list for field type_name } func init() { file_pbmesh_v2beta1_proxy_configuration_proto_init() } diff --git a/proto-public/pbmesh/v2beta1/proxy_configuration.proto b/proto-public/pbmesh/v2beta1/proxy_configuration.proto index eb47e16e2282..9a2d410d868d 100644 --- a/proto-public/pbmesh/v2beta1/proxy_configuration.proto +++ b/proto-public/pbmesh/v2beta1/proxy_configuration.proto @@ -60,18 +60,16 @@ message DynamicConfig { // AccessLogs configures the output and format of Envoy access logs AccessLogsConfig access_logs = 8; - repeated EnvoyExtension envoy_extensions = 9; - - string public_listener_json = 10; - string listener_tracing_json = 11; - string local_cluster_json = 12; + string public_listener_json = 9; + string listener_tracing_json = 10; + string local_cluster_json = 11; // deprecated: // local_workload_address, local_workload_port, and local_workload_socket_path // are deprecated and are only needed for migration of existing resources. - string local_workload_address = 13 [deprecated = true]; - uint32 local_workload_port = 14 [deprecated = true]; - string local_workload_socket_path = 15 [deprecated = true]; + string local_workload_address = 12 [deprecated = true]; + uint32 local_workload_port = 13 [deprecated = true]; + string local_workload_socket_path = 14 [deprecated = true]; } message TransparentProxy { diff --git a/proto-public/pbmesh/v2beta1/routing.pb.go b/proto-public/pbmesh/v2beta1/routing.pb.go index 163632eb3054..4b1f64877431 100644 --- a/proto-public/pbmesh/v2beta1/routing.pb.go +++ b/proto-public/pbmesh/v2beta1/routing.pb.go @@ -29,7 +29,7 @@ type MeshGatewayMode int32 const ( // MESH_GATEWAY_MODE_UNSPECIFIED represents no specific mode and should be - // used to indicate that a the decision on the mode will be made by other + // used to indicate that the decision on the mode will be made by other // configuration or default settings. MeshGatewayMode_MESH_GATEWAY_MODE_UNSPECIFIED MeshGatewayMode = 0 // MESH_GATEWAY_MODE_NONE is the mode to use when traffic should not be diff --git a/proto-public/pbmesh/v2beta1/routing.proto b/proto-public/pbmesh/v2beta1/routing.proto index 5c28840a72dc..b09d28a6458a 100644 --- a/proto-public/pbmesh/v2beta1/routing.proto +++ b/proto-public/pbmesh/v2beta1/routing.proto @@ -9,7 +9,7 @@ package hashicorp.consul.mesh.v2beta1; // +kubebuilder:validation:Type=string enum MeshGatewayMode { // MESH_GATEWAY_MODE_UNSPECIFIED represents no specific mode and should be - // used to indicate that a the decision on the mode will be made by other + // used to indicate that the decision on the mode will be made by other // configuration or default settings. MESH_GATEWAY_MODE_UNSPECIFIED = 0; From 2ea33e9b865330b7b1a77755244b7d16b1afe222 Mon Sep 17 00:00:00 2001 From: Iryna Shustava Date: Fri, 13 Oct 2023 16:52:20 -0600 Subject: [PATCH 05/10] mesh: add more validations to Destinations resource (#19202) --- command/resource/testdata/nested_data.hcl | 1 + internal/catalog/exports.go | 8 + .../catalog/internal/types/failover_policy.go | 4 +- internal/catalog/internal/types/service.go | 2 +- .../internal/types/service_endpoints.go | 2 +- internal/catalog/internal/types/validators.go | 8 +- .../catalog/internal/types/validators_test.go | 8 +- internal/catalog/internal/types/workload.go | 2 +- .../sidecarproxy/controller_test.go | 4 +- internal/mesh/internal/types/destinations.go | 81 ++++++- .../mesh/internal/types/destinations_test.go | 201 ++++++++++++++++-- internal/mesh/internal/types/errors.go | 2 + internal/resource/errors.go | 1 + 13 files changed, 288 insertions(+), 36 deletions(-) diff --git a/command/resource/testdata/nested_data.hcl b/command/resource/testdata/nested_data.hcl index aab8aa401ee9..b62875c732b4 100644 --- a/command/resource/testdata/nested_data.hcl +++ b/command/resource/testdata/nested_data.hcl @@ -21,6 +21,7 @@ Data { DestinationPort = "tcp" IpPort = { + Ip = "127.0.0.1" Port = 1234 } } diff --git a/internal/catalog/exports.go b/internal/catalog/exports.go index c4e70ffbefe1..b74149d2aec4 100644 --- a/internal/catalog/exports.go +++ b/internal/catalog/exports.go @@ -110,3 +110,11 @@ func ValidateLocalServiceRefNoSection(ref *pbresource.Reference, wrapErr func(er func ValidateSelector(sel *pbcatalog.WorkloadSelector, allowEmpty bool) error { return types.ValidateSelector(sel, allowEmpty) } + +func ValidatePortName(name string) error { + return types.ValidatePortName(name) +} + +func IsValidUnixSocketPath(host string) bool { + return types.IsValidUnixSocketPath(host) +} diff --git a/internal/catalog/internal/types/failover_policy.go b/internal/catalog/internal/types/failover_policy.go index 4dc8b1bd8eb0..620c3f590e97 100644 --- a/internal/catalog/internal/types/failover_policy.go +++ b/internal/catalog/internal/types/failover_policy.go @@ -145,7 +145,7 @@ func ValidateFailoverPolicy(res *pbresource.Resource) error { Wrapped: err, } } - if portNameErr := validatePortName(portName); portNameErr != nil { + if portNameErr := ValidatePortName(portName); portNameErr != nil { merr = multierror.Append(merr, resource.ErrInvalidMapKey{ Map: "port_configs", Key: portName, @@ -245,7 +245,7 @@ func validateFailoverPolicyDestination(dest *pbcatalog.FailoverDestination, port // assumed and will be reconciled. if dest.Port != "" { if ported { - if portNameErr := validatePortName(dest.Port); portNameErr != nil { + if portNameErr := ValidatePortName(dest.Port); portNameErr != nil { merr = multierror.Append(merr, wrapErr(resource.ErrInvalidField{ Name: "port", Wrapped: portNameErr, diff --git a/internal/catalog/internal/types/service.go b/internal/catalog/internal/types/service.go index 4cefb362e78f..9fa703641c7f 100644 --- a/internal/catalog/internal/types/service.go +++ b/internal/catalog/internal/types/service.go @@ -89,7 +89,7 @@ func ValidateService(res *pbresource.Resource) error { } // validate the target port - if nameErr := validatePortName(port.TargetPort); nameErr != nil { + if nameErr := ValidatePortName(port.TargetPort); nameErr != nil { err = multierror.Append(err, resource.ErrInvalidListElement{ Name: "ports", Index: idx, diff --git a/internal/catalog/internal/types/service_endpoints.go b/internal/catalog/internal/types/service_endpoints.go index 8008ada845b4..938d92b79239 100644 --- a/internal/catalog/internal/types/service_endpoints.go +++ b/internal/catalog/internal/types/service_endpoints.go @@ -126,7 +126,7 @@ func validateEndpoint(endpoint *pbcatalog.Endpoint, res *pbresource.Resource) er // Validate the endpoints ports for portName, port := range endpoint.Ports { // Port names must be DNS labels - if portNameErr := validatePortName(portName); portNameErr != nil { + if portNameErr := ValidatePortName(portName); portNameErr != nil { err = multierror.Append(err, resource.ErrInvalidMapKey{ Map: "ports", Key: portName, diff --git a/internal/catalog/internal/types/validators.go b/internal/catalog/internal/types/validators.go index 542bb705b5aa..f3b436329941 100644 --- a/internal/catalog/internal/types/validators.go +++ b/internal/catalog/internal/types/validators.go @@ -56,7 +56,7 @@ func isValidDNSLabel(label string) bool { return dnsLabelMatcher.Match([]byte(label)) } -func isValidUnixSocketPath(host string) bool { +func IsValidUnixSocketPath(host string) bool { if len(host) > maxUnixSocketPathLen || !strings.HasPrefix(host, "unix://") || strings.Contains(host, "\000") { return false } @@ -71,7 +71,7 @@ func validateWorkloadHost(host string) error { } // Check if the host represents an IP address, unix socket path or a DNS name - if !isValidIPAddress(host) && !isValidUnixSocketPath(host) && !isValidDNSName(host) { + if !isValidIPAddress(host) && !IsValidUnixSocketPath(host) && !isValidDNSName(host) { return errInvalidWorkloadHostFormat{Host: host} } @@ -139,7 +139,7 @@ func validateIPAddress(ip string) error { return nil } -func validatePortName(name string) error { +func ValidatePortName(name string) error { if name == "" { return resource.ErrEmpty } @@ -184,7 +184,7 @@ func validateWorkloadAddress(addr *pbcatalog.WorkloadAddress, ports map[string]* // Ensure that unix sockets reference exactly 1 port. They may also indirectly reference 1 port // by the workload having only a single port and omitting any explicit port assignment. - if isValidUnixSocketPath(addr.Host) && + if IsValidUnixSocketPath(addr.Host) && (len(addr.Ports) > 1 || (len(addr.Ports) == 0 && len(ports) > 1)) { err = multierror.Append(err, errUnixSocketMultiport) } diff --git a/internal/catalog/internal/types/validators_test.go b/internal/catalog/internal/types/validators_test.go index a8a8f740394d..ea3d2fa38ffe 100644 --- a/internal/catalog/internal/types/validators_test.go +++ b/internal/catalog/internal/types/validators_test.go @@ -178,7 +178,7 @@ func TestIsValidUnixSocketPath(t *testing.T) { for name, tcase := range cases { t.Run(name, func(t *testing.T) { - require.Equal(t, tcase.valid, isValidUnixSocketPath(tcase.name)) + require.Equal(t, tcase.valid, IsValidUnixSocketPath(tcase.name)) }) } } @@ -361,15 +361,15 @@ func TestValidatePortName(t *testing.T) { // test for the isValidDNSLabel function. t.Run("empty", func(t *testing.T) { - require.Equal(t, resource.ErrEmpty, validatePortName("")) + require.Equal(t, resource.ErrEmpty, ValidatePortName("")) }) t.Run("invalid", func(t *testing.T) { - require.Equal(t, errNotDNSLabel, validatePortName("foo.com")) + require.Equal(t, errNotDNSLabel, ValidatePortName("foo.com")) }) t.Run("ok", func(t *testing.T) { - require.NoError(t, validatePortName("http")) + require.NoError(t, ValidatePortName("http")) }) } diff --git a/internal/catalog/internal/types/workload.go b/internal/catalog/internal/types/workload.go index 961a85346c4f..89308667d2c1 100644 --- a/internal/catalog/internal/types/workload.go +++ b/internal/catalog/internal/types/workload.go @@ -44,7 +44,7 @@ func ValidateWorkload(res *pbresource.Resource) error { // Validate the Workload Ports for portName, port := range workload.Ports { - if portNameErr := validatePortName(portName); portNameErr != nil { + if portNameErr := ValidatePortName(portName); portNameErr != nil { err = multierror.Append(err, resource.ErrInvalidMapKey{ Map: "ports", Key: portName, diff --git a/internal/mesh/internal/controllers/sidecarproxy/controller_test.go b/internal/mesh/internal/controllers/sidecarproxy/controller_test.go index 883984f1615d..0d6684f0ef54 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/controller_test.go +++ b/internal/mesh/internal/controllers/sidecarproxy/controller_test.go @@ -553,7 +553,7 @@ func (suite *controllerTestSuite) TestController() { }).Write(suite.T(), suite.client) testutil.RunStep(suite.T(), "add explicit destinations and check that new proxy state is generated", func(t *testing.T) { - webProxyStateTemplate = suite.client.WaitForNewVersion(t, webProxyStateTemplateID, webProxyStateTemplate.Version) + webProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), webProxyStateTemplateID, webProxyStateTemplate.Version) requireExplicitDestinationsFound(t, "api", webProxyStateTemplate) }) @@ -613,7 +613,7 @@ func (suite *controllerTestSuite) TestController() { }) // We should get a new web proxy template resource because this destination should be removed. - webProxyStateTemplate = suite.client.WaitForNewVersion(t, webProxyStateTemplateID, webProxyStateTemplate.Version) + webProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), webProxyStateTemplateID, webProxyStateTemplate.Version) requireExplicitDestinationsNotFound(t, "api", webProxyStateTemplate) }) diff --git a/internal/mesh/internal/types/destinations.go b/internal/mesh/internal/types/destinations.go index 657aa33cb0a0..e4da2997e1da 100644 --- a/internal/mesh/internal/types/destinations.go +++ b/internal/mesh/internal/types/destinations.go @@ -4,6 +4,8 @@ package types import ( + "net" + "github.com/hashicorp/go-multierror" "google.golang.org/protobuf/proto" @@ -73,7 +75,6 @@ func ValidateDestinations(res *pbresource.Resource) error { var merr error - // Validate the workload selector if selErr := catalog.ValidateSelector(destinations.Workloads, false); selErr != nil { merr = multierror.Append(merr, resource.ErrInvalidField{ Name: "workloads", @@ -81,10 +82,17 @@ func ValidateDestinations(res *pbresource.Resource) error { }) } + if destinations.GetPqDestinations() != nil { + merr = multierror.Append(merr, resource.ErrInvalidField{ + Name: "pq_destinations", + Wrapped: resource.ErrUnsupported, + }) + } + for i, dest := range destinations.Destinations { wrapDestErr := func(err error) error { return resource.ErrInvalidListElement{ - Name: "upstreams", + Name: "destinations", Index: i, Wrapped: err, } @@ -101,8 +109,73 @@ func ValidateDestinations(res *pbresource.Resource) error { merr = multierror.Append(merr, refErr) } - // TODO(v2): validate port name using catalog validator - // TODO(v2): validate ListenAddr + if portErr := catalog.ValidatePortName(dest.DestinationPort); portErr != nil { + merr = multierror.Append(merr, wrapDestErr(resource.ErrInvalidField{ + Name: "destination_port", + Wrapped: portErr, + })) + } + + if dest.GetDatacenter() != "" { + merr = multierror.Append(merr, wrapDestErr(resource.ErrInvalidField{ + Name: "datacenter", + Wrapped: resource.ErrUnsupported, + })) + } + + if listenAddrErr := validateListenAddr(dest); listenAddrErr != nil { + merr = multierror.Append(merr, wrapDestErr(listenAddrErr)) + } + } + + return merr +} + +func validateListenAddr(dest *pbmesh.Destination) error { + var merr error + + if dest.GetListenAddr() == nil { + return multierror.Append(merr, resource.ErrInvalidFields{ + Names: []string{"ip_port", "unix"}, + Wrapped: resource.ErrMissingOneOf, + }) + } + + switch listenAddr := dest.GetListenAddr().(type) { + case *pbmesh.Destination_IpPort: + if ipPortErr := validateIPPort(listenAddr.IpPort); ipPortErr != nil { + merr = multierror.Append(merr, resource.ErrInvalidField{ + Name: "ip_port", + Wrapped: ipPortErr, + }) + } + case *pbmesh.Destination_Unix: + if !catalog.IsValidUnixSocketPath(listenAddr.Unix.GetPath()) { + merr = multierror.Append(merr, resource.ErrInvalidField{ + Name: "unix", + Wrapped: resource.ErrInvalidField{ + Name: "path", + Wrapped: errInvalidUnixSocketPath, + }, + }) + } + } + + return merr +} + +func validateIPPort(ipPort *pbmesh.IPPortAddress) error { + var merr error + + if listenPortErr := validatePort(ipPort.GetPort(), "port"); listenPortErr != nil { + merr = multierror.Append(merr, listenPortErr) + } + + if net.ParseIP(ipPort.GetIp()) == nil { + merr = multierror.Append(merr, resource.ErrInvalidField{ + Name: "ip", + Wrapped: errInvalidIP, + }) } return merr diff --git a/internal/mesh/internal/types/destinations_test.go b/internal/mesh/internal/types/destinations_test.go index 2601e884df07..ca0150a60c3d 100644 --- a/internal/mesh/internal/types/destinations_test.go +++ b/internal/mesh/internal/types/destinations_test.go @@ -17,7 +17,7 @@ import ( "github.com/hashicorp/consul/sdk/testutil" ) -func TestMutateUpstreams(t *testing.T) { +func TestMutateDestinations(t *testing.T) { type testcase struct { tenancy *pbresource.Tenancy data *pbmesh.Destinations @@ -86,7 +86,7 @@ func TestMutateUpstreams(t *testing.T) { } } -func TestValidateUpstreams(t *testing.T) { +func TestValidateDestinations(t *testing.T) { type testcase struct { data *pbmesh.Destinations skipMutate bool @@ -151,7 +151,7 @@ func TestValidateUpstreams(t *testing.T) { {DestinationRef: nil}, }, }, - expectErr: `invalid element at index 0 of list "upstreams": invalid "destination_ref" field: missing required field`, + expectErr: `invalid element at index 0 of list "destinations": invalid "destination_ref" field: missing required field`, }, "dest/bad type": { skipMutate: true, @@ -163,7 +163,7 @@ func TestValidateUpstreams(t *testing.T) { {DestinationRef: newRefWithTenancy(pbcatalog.WorkloadType, "default.default", "api")}, }, }, - expectErr: `invalid element at index 0 of list "upstreams": invalid "destination_ref" field: invalid "type" field: reference must have type catalog.v2beta1.Service`, + expectErr: `invalid element at index 0 of list "destinations": invalid "destination_ref" field: invalid "type" field: reference must have type catalog.v2beta1.Service`, }, "dest/nil tenancy": { skipMutate: true, @@ -175,7 +175,7 @@ func TestValidateUpstreams(t *testing.T) { {DestinationRef: &pbresource.Reference{Type: pbcatalog.ServiceType, Name: "api"}}, }, }, - expectErr: `invalid element at index 0 of list "upstreams": invalid "destination_ref" field: invalid "tenancy" field: missing required field`, + expectErr: `invalid element at index 0 of list "destinations": invalid "destination_ref" field: invalid "tenancy" field: missing required field`, }, "dest/bad dest tenancy/partition": { skipMutate: true, @@ -187,7 +187,7 @@ func TestValidateUpstreams(t *testing.T) { {DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, ".bar", "api")}, }, }, - expectErr: `invalid element at index 0 of list "upstreams": invalid "destination_ref" field: invalid "tenancy" field: invalid "partition" field: cannot be empty`, + expectErr: `invalid element at index 0 of list "destinations": invalid "destination_ref" field: invalid "tenancy" field: invalid "partition" field: cannot be empty`, }, "dest/bad dest tenancy/namespace": { skipMutate: true, @@ -199,7 +199,7 @@ func TestValidateUpstreams(t *testing.T) { {DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo", "api")}, }, }, - expectErr: `invalid element at index 0 of list "upstreams": invalid "destination_ref" field: invalid "tenancy" field: invalid "namespace" field: cannot be empty`, + expectErr: `invalid element at index 0 of list "destinations": invalid "destination_ref" field: invalid "tenancy" field: invalid "namespace" field: cannot be empty`, }, "dest/bad dest tenancy/peer_name": { skipMutate: true, @@ -213,17 +213,158 @@ func TestValidateUpstreams(t *testing.T) { Reference("")}, }, }, - expectErr: `invalid element at index 0 of list "upstreams": invalid "destination_ref" field: invalid "tenancy" field: invalid "peer_name" field: must be set to "local"`, + expectErr: `invalid element at index 0 of list "destinations": invalid "destination_ref" field: invalid "tenancy" field: invalid "peer_name" field: must be set to "local"`, }, - "normal": { + "unsupported pq_destinations": { + skipMutate: true, data: &pbmesh.Destinations{ - Workloads: &pbcatalog.WorkloadSelector{ - Names: []string{"blah"}, + Workloads: &pbcatalog.WorkloadSelector{Names: []string{"foo"}}, + PqDestinations: []*pbmesh.PreparedQueryDestination{ + {Name: "foo-query"}, }, + }, + expectErr: `invalid "pq_destinations" field: field is currently not supported`, + }, + "missing destination port": { + skipMutate: true, + data: &pbmesh.Destinations{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{"foo"}}, Destinations: []*pbmesh.Destination{ - {DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.bar", "api")}, - {DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.zim", "api")}, - {DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "gir.zim", "api")}, + { + DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.bar", "api"), + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{ + Ip: "127.0.0.1", + Port: 1234, + }, + }, + }, + }, + }, + expectErr: `invalid element at index 0 of list "destinations": invalid "destination_port" field: cannot be empty`, + }, + "unsupported datacenter": { + skipMutate: true, + data: &pbmesh.Destinations{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{"foo"}}, + Destinations: []*pbmesh.Destination{ + { + DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.bar", "api"), + DestinationPort: "p1", + Datacenter: "dc2", + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{ + Ip: "127.0.0.1", + Port: 1234, + }, + }, + }, + }, + }, + expectErr: `invalid element at index 0 of list "destinations": invalid "datacenter" field: field is currently not supported`, + }, + "missing listen addr": { + skipMutate: true, + data: &pbmesh.Destinations{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{"foo"}}, + Destinations: []*pbmesh.Destination{ + { + DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.bar", "api"), + DestinationPort: "p1", + }, + }, + }, + expectErr: `invalid "ip_port,unix" fields: missing one of the required fields`, + }, + "invalid ip for listen addr": { + skipMutate: true, + data: &pbmesh.Destinations{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{"foo"}}, + Destinations: []*pbmesh.Destination{ + { + DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.bar", "api"), + DestinationPort: "p1", + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{ + Ip: "invalid", + Port: 1234, + }, + }, + }, + }, + }, + expectErr: `invalid "ip" field: IP address is not valid`, + }, + "invalid port for listen addr": { + skipMutate: true, + data: &pbmesh.Destinations{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{"foo"}}, + Destinations: []*pbmesh.Destination{ + { + DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.bar", "api"), + DestinationPort: "p1", + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{ + Ip: "127.0.0.1", + Port: 0, + }, + }, + }, + }, + }, + expectErr: `invalid "port" field: port number is outside the range 1 to 65535`, + }, + "invalid unix path for listen addr": { + skipMutate: true, + data: &pbmesh.Destinations{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{"foo"}}, + Destinations: []*pbmesh.Destination{ + { + DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.bar", "api"), + DestinationPort: "p1", + ListenAddr: &pbmesh.Destination_Unix{ + Unix: &pbmesh.UnixSocketAddress{ + Path: "foo", + }, + }, + }, + }, + }, + expectErr: `invalid "unix" field: invalid "path" field: unix socket path is not valid`, + }, + "normal": { + data: &pbmesh.Destinations{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{"foo"}}, + Destinations: []*pbmesh.Destination{ + { + DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.bar", "api"), + DestinationPort: "p1", + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{ + Ip: "127.0.0.1", + Port: 1234, + }, + }, + }, + { + DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.zim", "api"), + DestinationPort: "p2", + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{ + Ip: "127.0.0.1", + Port: 1235, + }, + }, + }, + { + DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "gir.zim", "api"), + DestinationPort: "p3", + ListenAddr: &pbmesh.Destination_Unix{ + Unix: &pbmesh.UnixSocketAddress{ + Path: "unix://foo/bar", + }, + }, + }, }, }, }, @@ -234,9 +375,35 @@ func TestValidateUpstreams(t *testing.T) { Filter: "metadata.foo == bar", }, Destinations: []*pbmesh.Destination{ - {DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.bar", "api")}, - {DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.zim", "api")}, - {DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "gir.zim", "api")}, + { + DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.bar", "api"), + DestinationPort: "p1", + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{ + Ip: "127.0.0.1", + Port: 1234, + }, + }, + }, + { + DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "foo.zim", "api"), + DestinationPort: "p2", + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{ + Ip: "127.0.0.1", + Port: 1235, + }, + }, + }, + { + DestinationRef: newRefWithTenancy(pbcatalog.ServiceType, "gir.zim", "api"), + DestinationPort: "p3", + ListenAddr: &pbmesh.Destination_Unix{ + Unix: &pbmesh.UnixSocketAddress{ + Path: "unix://foo/bar", + }, + }, + }, }, }, }, diff --git a/internal/mesh/internal/types/errors.go b/internal/mesh/internal/types/errors.go index e38085b49fa2..bc9dacbbf0c4 100644 --- a/internal/mesh/internal/types/errors.go +++ b/internal/mesh/internal/types/errors.go @@ -9,6 +9,8 @@ import ( var ( errInvalidPort = errors.New("port number is outside the range 1 to 65535") + errInvalidIP = errors.New("IP address is not valid") + errInvalidUnixSocketPath = errors.New("unix socket path is not valid") errInvalidExposePathProtocol = errors.New("invalid protocol: only HTTP and HTTP2 protocols are allowed") errMissingProxyConfigData = errors.New("at least one of \"bootstrap_config\" or \"dynamic_config\" fields must be set") ) diff --git a/internal/resource/errors.go b/internal/resource/errors.go index 2003d86cbf71..2602e8c5b6ca 100644 --- a/internal/resource/errors.go +++ b/internal/resource/errors.go @@ -14,6 +14,7 @@ import ( var ( ErrMissing = NewConstError("missing required field") + ErrMissingOneOf = NewConstError("missing one of the required fields") ErrEmpty = NewConstError("cannot be empty") ErrReferenceTenancyNotEqual = NewConstError("resource tenancy and reference tenancy differ") ErrUnsupported = NewConstError("field is currently not supported") From 105ebfdd005a9ae2e58afd2572899662aaad9676 Mon Sep 17 00:00:00 2001 From: Iryna Shustava Date: Fri, 13 Oct 2023 17:16:26 -0600 Subject: [PATCH 06/10] catalog, mesh: implement missing ACL hooks (#19143) This change adds ACL hooks to the remaining catalog and mesh resources, excluding any computed ones. Those will for now continue using the default operator:x permissions. It refactors a lot of the common testing functions so that they can be re-used between resources. There are also some types that we don't yet support (e.g. virtual IPs) that this change adds ACL hooks to for future-proofing. --- agent/grpc-external/services/resource/read.go | 2 +- .../types/computed_traffic_permissions.go | 8 +- .../internal/types/traffic_permissions.go | 10 +- .../auth/internal/types/workload_identity.go | 12 +- .../internal/types/workload_identity_test.go | 4 +- .../helpers/acl_hooks_test_helpers.go | 21 +++ internal/catalog/exports.go | 6 + .../controllers/nodehealth/controller_test.go | 2 +- .../testhelpers/acl_hooks_test_helpers.go | 113 +++++++++++++ internal/catalog/internal/types/acl_hooks.go | 56 +++++++ internal/catalog/internal/types/dns_policy.go | 1 + .../catalog/internal/types/dns_policy_test.go | 17 ++ .../catalog/internal/types/failover_policy.go | 8 +- .../internal/types/failover_policy_test.go | 129 ++++---------- .../catalog/internal/types/health_checks.go | 1 + .../internal/types/health_checks_test.go | 10 ++ .../catalog/internal/types/health_status.go | 35 ++++ .../internal/types/health_status_test.go | 104 ++++++++++++ internal/catalog/internal/types/node.go | 14 ++ internal/catalog/internal/types/node_test.go | 46 +++++ internal/catalog/internal/types/service.go | 1 + .../internal/types/service_endpoints.go | 10 ++ .../internal/types/service_endpoints_test.go | 44 +++++ .../catalog/internal/types/service_test.go | 10 ++ internal/catalog/internal/types/types.go | 8 +- internal/catalog/internal/types/types_test.go | 4 +- .../catalog/internal/types/virtual_ips.go | 23 ++- .../internal/types/virtual_ips_test.go | 45 +++++ internal/catalog/internal/types/workload.go | 35 ++++ .../internal/types/workload_selecting.go | 16 ++ .../catalog/internal/types/workload_test.go | 158 ++++++++++++++++++ .../workload_selection_mapper.go | 14 +- .../mesh/internal/types/destination_policy.go | 8 +- internal/mesh/internal/types/destinations.go | 1 + .../types/destinations_configuration.go | 4 +- .../types/destinations_configuration_test.go | 10 ++ .../mesh/internal/types/destinations_test.go | 10 ++ .../internal/types/proxy_configuration.go | 5 +- .../types/proxy_configuration_test.go | 13 ++ .../internal/types/proxy_state_template.go | 6 +- internal/mesh/internal/types/types.go | 3 +- internal/mesh/internal/types/types_test.go | 3 +- internal/mesh/internal/types/xroute.go | 10 +- internal/mesh/internal/types/xroute_test.go | 2 +- internal/resource/acls.go | 13 ++ internal/resource/demo/demo.go | 2 +- internal/resource/errors.go | 14 ++ internal/resource/registry.go | 4 +- internal/resource/resourcetest/acls.go | 85 ++++++++++ internal/resource/resourcetest/tenancy.go | 15 ++ 50 files changed, 996 insertions(+), 179 deletions(-) create mode 100644 internal/catalog/catalogtest/helpers/acl_hooks_test_helpers.go create mode 100644 internal/catalog/internal/testhelpers/acl_hooks_test_helpers.go create mode 100644 internal/catalog/internal/types/acl_hooks.go create mode 100644 internal/catalog/internal/types/workload_selecting.go create mode 100644 internal/resource/acls.go create mode 100644 internal/resource/resourcetest/acls.go diff --git a/agent/grpc-external/services/resource/read.go b/agent/grpc-external/services/resource/read.go index 351a50385655..b6cec3725456 100644 --- a/agent/grpc-external/services/resource/read.go +++ b/agent/grpc-external/services/resource/read.go @@ -50,7 +50,7 @@ func (s *Server) Read(ctx context.Context, req *pbresource.ReadRequest) (*pbreso authzNeedsData := false err = reg.ACLs.Read(authz, authzContext, req.Id, nil) switch { - case errors.Is(err, resource.ErrNeedData): + case errors.Is(err, resource.ErrNeedResource): authzNeedsData = true err = nil case acl.IsErrPermissionDenied(err): diff --git a/internal/auth/internal/types/computed_traffic_permissions.go b/internal/auth/internal/types/computed_traffic_permissions.go index 0ba88427233b..0a32e13d2926 100644 --- a/internal/auth/internal/types/computed_traffic_permissions.go +++ b/internal/auth/internal/types/computed_traffic_permissions.go @@ -19,7 +19,7 @@ func RegisterComputedTrafficPermission(r resource.Registry) { ACLs: &resource.ACLHooks{ Read: aclReadHookComputedTrafficPermissions, Write: aclWriteHookComputedTrafficPermissions, - List: aclListHookComputedTrafficPermissions, + List: resource.NoOpACLListHook, }, Validate: ValidateComputedTrafficPermissions, Scope: resource.ScopeNamespace, @@ -71,9 +71,3 @@ func aclReadHookComputedTrafficPermissions(authorizer acl.Authorizer, authzConte func aclWriteHookComputedTrafficPermissions(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error { return authorizer.ToAllowAuthorizer().TrafficPermissionsWriteAllowed(res.Id.Name, authzContext) } - -func aclListHookComputedTrafficPermissions(_ acl.Authorizer, _ *acl.AuthorizerContext) error { - // No-op List permission as we want to default to filtering resources - // from the list using the Read enforcement - return nil -} diff --git a/internal/auth/internal/types/traffic_permissions.go b/internal/auth/internal/types/traffic_permissions.go index fb1de7acff90..78d53c70c628 100644 --- a/internal/auth/internal/types/traffic_permissions.go +++ b/internal/auth/internal/types/traffic_permissions.go @@ -19,7 +19,7 @@ func RegisterTrafficPermissions(r resource.Registry) { ACLs: &resource.ACLHooks{ Read: aclReadHookTrafficPermissions, Write: aclWriteHookTrafficPermissions, - List: aclListHookTrafficPermissions, + List: resource.NoOpACLListHook, }, Validate: ValidateTrafficPermissions, Mutate: MutateTrafficPermissions, @@ -273,7 +273,7 @@ func isLocalPeer(p string) bool { func aclReadHookTrafficPermissions(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, _ *pbresource.ID, res *pbresource.Resource) error { if res == nil { - return resource.ErrNeedData + return resource.ErrNeedResource } return authorizeDestination(res, func(dest string) error { return authorizer.ToAllowAuthorizer().TrafficPermissionsReadAllowed(dest, authzContext) @@ -286,12 +286,6 @@ func aclWriteHookTrafficPermissions(authorizer acl.Authorizer, authzContext *acl }) } -func aclListHookTrafficPermissions(_ acl.Authorizer, _ *acl.AuthorizerContext) error { - // No-op List permission as we want to default to filtering resources - // from the list using the Read enforcement - return nil -} - func authorizeDestination(res *pbresource.Resource, intentionAllowed func(string) error) error { tp, err := resource.Decode[*pbauth.TrafficPermissions](res) if err != nil { diff --git a/internal/auth/internal/types/workload_identity.go b/internal/auth/internal/types/workload_identity.go index 5379d256ba4f..17334e66099e 100644 --- a/internal/auth/internal/types/workload_identity.go +++ b/internal/auth/internal/types/workload_identity.go @@ -18,7 +18,7 @@ func RegisterWorkloadIdentity(r resource.Registry) { ACLs: &resource.ACLHooks{ Read: aclReadHookWorkloadIdentity, Write: aclWriteHookWorkloadIdentity, - List: aclListHookWorkloadIdentity, + List: resource.NoOpACLListHook, }, Validate: nil, }) @@ -36,7 +36,7 @@ func aclReadHookWorkloadIdentity( if res != nil { return authorizer.ToAllowAuthorizer().IdentityReadAllowed(res.Id.Name, authzCtx) } - return resource.ErrNeedData + return resource.ErrNeedResource } func aclWriteHookWorkloadIdentity( @@ -44,13 +44,7 @@ func aclWriteHookWorkloadIdentity( authzCtx *acl.AuthorizerContext, res *pbresource.Resource) error { if res == nil { - return resource.ErrNeedData + return resource.ErrNeedResource } return authorizer.ToAllowAuthorizer().IdentityWriteAllowed(res.Id.Name, authzCtx) } - -func aclListHookWorkloadIdentity(authorizer acl.Authorizer, context *acl.AuthorizerContext) error { - // No-op List permission as we want to default to filtering resources - // from the list using the Read enforcement - return nil -} diff --git a/internal/auth/internal/types/workload_identity_test.go b/internal/auth/internal/types/workload_identity_test.go index 1ca59952ecee..8dfb22bc74a2 100644 --- a/internal/auth/internal/types/workload_identity_test.go +++ b/internal/auth/internal/types/workload_identity_test.go @@ -82,8 +82,8 @@ func TestWorkloadIdentityACLs(t *testing.T) { checkF(t, tc.listOK, err) }) t.Run("errors", func(t *testing.T) { - require.ErrorIs(t, reg.ACLs.Read(authz, &acl.AuthorizerContext{}, nil, nil), resource.ErrNeedData) - require.ErrorIs(t, reg.ACLs.Write(authz, &acl.AuthorizerContext{}, nil), resource.ErrNeedData) + require.ErrorIs(t, reg.ACLs.Read(authz, &acl.AuthorizerContext{}, nil, nil), resource.ErrNeedResource) + require.ErrorIs(t, reg.ACLs.Write(authz, &acl.AuthorizerContext{}, nil), resource.ErrNeedResource) }) } diff --git a/internal/catalog/catalogtest/helpers/acl_hooks_test_helpers.go b/internal/catalog/catalogtest/helpers/acl_hooks_test_helpers.go new file mode 100644 index 000000000000..097647ed08d1 --- /dev/null +++ b/internal/catalog/catalogtest/helpers/acl_hooks_test_helpers.go @@ -0,0 +1,21 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package helpers + +import ( + "testing" + + "github.com/hashicorp/consul/internal/catalog" + "github.com/hashicorp/consul/internal/catalog/internal/testhelpers" + "github.com/hashicorp/consul/internal/resource" + pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" + "github.com/hashicorp/consul/proto-public/pbresource" +) + +func RunWorkloadSelectingTypeACLsTests[T catalog.WorkloadSelecting](t *testing.T, typ *pbresource.Type, + getData func(selector *pbcatalog.WorkloadSelector) T, + registerFunc func(registry resource.Registry), +) { + testhelpers.RunWorkloadSelectingTypeACLsTests[T](t, typ, getData, registerFunc) +} diff --git a/internal/catalog/exports.go b/internal/catalog/exports.go index b74149d2aec4..0391bea78442 100644 --- a/internal/catalog/exports.go +++ b/internal/catalog/exports.go @@ -48,6 +48,12 @@ var ( FailoverStatusConditionAcceptedUsingMeshDestinationPortReason = failover.UsingMeshDestinationPortReason ) +type WorkloadSelecting = types.WorkloadSelecting + +func ACLHooksForWorkloadSelectingType[T WorkloadSelecting]() *resource.ACLHooks { + return types.ACLHooksForWorkloadSelectingType[T]() +} + // RegisterTypes adds all resource types within the "catalog" API group // to the given type registry func RegisterTypes(r resource.Registry) { diff --git a/internal/catalog/internal/controllers/nodehealth/controller_test.go b/internal/catalog/internal/controllers/nodehealth/controller_test.go index 30989b479b0f..b21c52e521f8 100644 --- a/internal/catalog/internal/controllers/nodehealth/controller_test.go +++ b/internal/catalog/internal/controllers/nodehealth/controller_test.go @@ -73,7 +73,7 @@ type nodeHealthControllerTestSuite struct { } func (suite *nodeHealthControllerTestSuite) SetupTest() { - suite.resourceClient = svctest.RunResourceService(suite.T(), types.Register) + suite.resourceClient = svctest.RunResourceService(suite.T(), types.Register, types.RegisterDNSPolicy) suite.runtime = controller.Runtime{Client: suite.resourceClient, Logger: testutil.Logger(suite.T())} // The rest of the setup will be to prime the resource service with some data diff --git a/internal/catalog/internal/testhelpers/acl_hooks_test_helpers.go b/internal/catalog/internal/testhelpers/acl_hooks_test_helpers.go new file mode 100644 index 000000000000..c2e8947ac545 --- /dev/null +++ b/internal/catalog/internal/testhelpers/acl_hooks_test_helpers.go @@ -0,0 +1,113 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package testhelpers + +import ( + "testing" + + "google.golang.org/protobuf/proto" + + "github.com/hashicorp/consul/internal/resource" + "github.com/hashicorp/consul/internal/resource/resourcetest" + pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" + "github.com/hashicorp/consul/proto-public/pbresource" +) + +// WorkloadSelecting denotes a resource type that uses workload selectors. +type WorkloadSelecting interface { + proto.Message + GetWorkloads() *pbcatalog.WorkloadSelector +} + +func RunWorkloadSelectingTypeACLsTests[T WorkloadSelecting](t *testing.T, typ *pbresource.Type, + getData func(selector *pbcatalog.WorkloadSelector) T, + registerFunc func(registry resource.Registry), +) { + // Wire up a registry to generically invoke hooks + registry := resource.NewRegistry() + registerFunc(registry) + + cases := map[string]resourcetest.ACLTestCase{ + "no rules": { + Rules: ``, + Data: getData(&pbcatalog.WorkloadSelector{Names: []string{"workload"}}), + Typ: typ, + ReadOK: resourcetest.DENY, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "service test read": { + Rules: `service "test" { policy = "read" }`, + Data: getData(&pbcatalog.WorkloadSelector{Names: []string{"workload"}}), + Typ: typ, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "service test write with named selectors and insufficient policy": { + Rules: `service "test" { policy = "write" }`, + Data: getData(&pbcatalog.WorkloadSelector{Names: []string{"workload"}}), + Typ: typ, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "service test write with prefixed selectors and insufficient policy": { + Rules: `service "test" { policy = "write" }`, + Data: getData(&pbcatalog.WorkloadSelector{Prefixes: []string{"workload"}}), + Typ: typ, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "service test write with named selectors": { + Rules: `service "test" { policy = "write" } service "workload" { policy = "read" }`, + Data: getData(&pbcatalog.WorkloadSelector{Names: []string{"workload"}}), + Typ: typ, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.ALLOW, + ListOK: resourcetest.DEFAULT, + }, + "service test write with prefixed selectors": { + Rules: `service "test" { policy = "write" } service_prefix "workload-" { policy = "read" }`, + Data: getData(&pbcatalog.WorkloadSelector{Prefixes: []string{"workload-"}}), + Typ: typ, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.ALLOW, + ListOK: resourcetest.DEFAULT, + }, + "service test write with prefixed selectors and a policy with more specific than the selector": { + Rules: `service "test" { policy = "write" } service_prefix "workload-" { policy = "read" }`, + Data: getData(&pbcatalog.WorkloadSelector{Prefixes: []string{"wor"}}), + Typ: typ, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "service test write with prefixed selectors and a policy with less specific than the selector": { + Rules: `service "test" { policy = "write" } service_prefix "wor" { policy = "read" }`, + Data: getData(&pbcatalog.WorkloadSelector{Prefixes: []string{"workload-"}}), + Typ: typ, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.ALLOW, + ListOK: resourcetest.DEFAULT, + }, + "service test write with prefixed selectors and a policy with a specific service": { + Rules: `service "test" { policy = "write" } service "workload" { policy = "read" }`, + Data: getData(&pbcatalog.WorkloadSelector{Prefixes: []string{"workload"}}), + Typ: typ, + ReadOK: resourcetest.ALLOW, + // TODO (ishustava): this is wrong and should be fixed in a follow up PR. We should not allow + // a policy for a specific service when only prefixes are specified in the selector. + WriteOK: resourcetest.ALLOW, + ListOK: resourcetest.DEFAULT, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + resourcetest.RunACLTestCase(t, tc, registry) + }) + } +} diff --git a/internal/catalog/internal/types/acl_hooks.go b/internal/catalog/internal/types/acl_hooks.go new file mode 100644 index 000000000000..3752e2b8de35 --- /dev/null +++ b/internal/catalog/internal/types/acl_hooks.go @@ -0,0 +1,56 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package types + +import ( + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/internal/resource" + "github.com/hashicorp/consul/proto-public/pbresource" +) + +func aclReadHookResourceWithWorkloadSelector(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, id *pbresource.ID, _ *pbresource.Resource) error { + return authorizer.ToAllowAuthorizer().ServiceReadAllowed(id.GetName(), authzContext) +} + +func aclWriteHookResourceWithWorkloadSelector[T WorkloadSelecting](authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error { + if res == nil { + return resource.ErrNeedResource + } + + decodedService, err := resource.Decode[T](res) + if err != nil { + return resource.ErrNeedResource + } + + // First check service:write on the name. + err = authorizer.ToAllowAuthorizer().ServiceWriteAllowed(res.GetId().GetName(), authzContext) + if err != nil { + return err + } + + // Then also check whether we're allowed to select a service. + for _, name := range decodedService.GetData().GetWorkloads().GetNames() { + err = authorizer.ToAllowAuthorizer().ServiceReadAllowed(name, authzContext) + if err != nil { + return err + } + } + + for _, prefix := range decodedService.GetData().GetWorkloads().GetPrefixes() { + err = authorizer.ToAllowAuthorizer().ServiceReadAllowed(prefix, authzContext) + if err != nil { + return err + } + } + + return nil +} + +func ACLHooksForWorkloadSelectingType[T WorkloadSelecting]() *resource.ACLHooks { + return &resource.ACLHooks{ + Read: aclReadHookResourceWithWorkloadSelector, + Write: aclWriteHookResourceWithWorkloadSelector[T], + List: resource.NoOpACLListHook, + } +} diff --git a/internal/catalog/internal/types/dns_policy.go b/internal/catalog/internal/types/dns_policy.go index 809dd6f880c2..8e9dd864a957 100644 --- a/internal/catalog/internal/types/dns_policy.go +++ b/internal/catalog/internal/types/dns_policy.go @@ -19,6 +19,7 @@ func RegisterDNSPolicy(r resource.Registry) { Proto: &pbcatalog.DNSPolicy{}, Scope: resource.ScopeNamespace, Validate: ValidateDNSPolicy, + ACLs: ACLHooksForWorkloadSelectingType[*pbcatalog.DNSPolicy](), }) } diff --git a/internal/catalog/internal/types/dns_policy_test.go b/internal/catalog/internal/types/dns_policy_test.go index 3a611171070a..1303d2878cf7 100644 --- a/internal/catalog/internal/types/dns_policy_test.go +++ b/internal/catalog/internal/types/dns_policy_test.go @@ -11,6 +11,7 @@ import ( "google.golang.org/protobuf/reflect/protoreflect" "google.golang.org/protobuf/types/known/anypb" + "github.com/hashicorp/consul/internal/catalog/internal/testhelpers" "github.com/hashicorp/consul/internal/resource" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" @@ -161,3 +162,19 @@ func TestValidateDNSPolicy_EmptySelector(t *testing.T) { require.ErrorAs(t, err, &actual) require.Equal(t, expected, actual) } + +func TestDNSPolicyACLs(t *testing.T) { + // Wire up a registry to generically invoke hooks + registry := resource.NewRegistry() + RegisterDNSPolicy(registry) + + testhelpers.RunWorkloadSelectingTypeACLsTests[*pbcatalog.DNSPolicy](t, pbcatalog.DNSPolicyType, + func(selector *pbcatalog.WorkloadSelector) *pbcatalog.DNSPolicy { + return &pbcatalog.DNSPolicy{ + Workloads: selector, + Weights: &pbcatalog.Weights{Passing: 1, Warning: 0}, + } + }, + RegisterDNSPolicy, + ) +} diff --git a/internal/catalog/internal/types/failover_policy.go b/internal/catalog/internal/types/failover_policy.go index 620c3f590e97..047bb9a95b05 100644 --- a/internal/catalog/internal/types/failover_policy.go +++ b/internal/catalog/internal/types/failover_policy.go @@ -25,7 +25,7 @@ func RegisterFailoverPolicy(r resource.Registry) { ACLs: &resource.ACLHooks{ Read: aclReadHookFailoverPolicy, Write: aclWriteHookFailoverPolicy, - List: aclListHookFailoverPolicy, + List: resource.NoOpACLListHook, }, }) } @@ -371,9 +371,3 @@ func aclWriteHookFailoverPolicy(authorizer acl.Authorizer, authzContext *acl.Aut return nil } - -func aclListHookFailoverPolicy(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext) error { - // No-op List permission as we want to default to filtering resources - // from the list using the Read enforcement. - return nil -} diff --git a/internal/catalog/internal/types/failover_policy_test.go b/internal/catalog/internal/types/failover_policy_test.go index 8abe5d5cb74d..923d260580e0 100644 --- a/internal/catalog/internal/types/failover_policy_test.go +++ b/internal/catalog/internal/types/failover_policy_test.go @@ -10,8 +10,6 @@ import ( "github.com/stretchr/testify/require" "google.golang.org/protobuf/proto" - "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" @@ -685,105 +683,52 @@ func TestFailoverPolicyACLs(t *testing.T) { registry := resource.NewRegistry() Register(registry) - type testcase struct { - rules string - check func(t *testing.T, authz acl.Authorizer, res *pbresource.Resource) - readOK string - writeOK string - listOK string - } - - const ( - DENY = "deny" - ALLOW = "allow" - DEFAULT = "default" - ) - - checkF := func(t *testing.T, expect string, got error) { - switch expect { - case ALLOW: - if acl.IsErrPermissionDenied(got) { - t.Fatal("should be allowed") - } - case DENY: - if !acl.IsErrPermissionDenied(got) { - t.Fatal("should be denied") - } - case DEFAULT: - require.Nil(t, got, "expected fallthrough decision") - default: - t.Fatalf("unexpected expectation: %q", expect) - } - } - - reg, ok := registry.Resolve(pbcatalog.FailoverPolicyType) - require.True(t, ok) - - run := func(t *testing.T, tc testcase) { - failoverData := &pbcatalog.FailoverPolicy{ - Config: &pbcatalog.FailoverConfig{ - Destinations: []*pbcatalog.FailoverDestination{ - {Ref: newRef(pbcatalog.ServiceType, "api-backup")}, - }, + failoverData := &pbcatalog.FailoverPolicy{ + Config: &pbcatalog.FailoverConfig{ + Destinations: []*pbcatalog.FailoverDestination{ + {Ref: newRef(pbcatalog.ServiceType, "api-backup")}, }, - } - res := resourcetest.Resource(pbcatalog.FailoverPolicyType, "api"). - WithTenancy(resource.DefaultNamespacedTenancy()). - WithData(t, failoverData). - Build() - resourcetest.ValidateAndNormalize(t, registry, res) - - config := acl.Config{ - WildcardName: structs.WildcardSpecifier, - } - authz, err := acl.NewAuthorizerFromRules(tc.rules, &config, nil) - require.NoError(t, err) - authz = acl.NewChainedAuthorizer([]acl.Authorizer{authz, acl.DenyAll()}) - - t.Run("read", func(t *testing.T) { - err := reg.ACLs.Read(authz, &acl.AuthorizerContext{}, res.Id, nil) - checkF(t, tc.readOK, err) - }) - t.Run("write", func(t *testing.T) { - err := reg.ACLs.Write(authz, &acl.AuthorizerContext{}, res) - checkF(t, tc.writeOK, err) - }) - t.Run("list", func(t *testing.T) { - err := reg.ACLs.List(authz, &acl.AuthorizerContext{}) - checkF(t, tc.listOK, err) - }) + }, } - cases := map[string]testcase{ + cases := map[string]resourcetest.ACLTestCase{ "no rules": { - rules: ``, - readOK: DENY, - writeOK: DENY, - listOK: DEFAULT, - }, - "service api read": { - rules: `service "api" { policy = "read" }`, - readOK: ALLOW, - writeOK: DENY, - listOK: DEFAULT, - }, - "service api write": { - rules: `service "api" { policy = "write" }`, - readOK: ALLOW, - writeOK: DENY, - listOK: DEFAULT, - }, - "service api write and api-backup read": { - rules: `service "api" { policy = "write" } service "api-backup" { policy = "read" }`, - readOK: ALLOW, - writeOK: ALLOW, - listOK: DEFAULT, + Rules: ``, + Data: failoverData, + Typ: pbcatalog.FailoverPolicyType, + ReadOK: resourcetest.DENY, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "service test read": { + Rules: `service "test" { policy = "read" }`, + Data: failoverData, + Typ: pbcatalog.FailoverPolicyType, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "service test write": { + Rules: `service "test" { policy = "write" }`, + Data: failoverData, + Typ: pbcatalog.FailoverPolicyType, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "service test write and api-backup read": { + Rules: `service "test" { policy = "write" } service "api-backup" { policy = "read" }`, + Data: failoverData, + Typ: pbcatalog.FailoverPolicyType, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.ALLOW, + ListOK: resourcetest.DEFAULT, }, } for name, tc := range cases { t.Run(name, func(t *testing.T) { - run(t, tc) + resourcetest.RunACLTestCase(t, tc, registry) }) } } diff --git a/internal/catalog/internal/types/health_checks.go b/internal/catalog/internal/types/health_checks.go index b470be331feb..1333e2368d88 100644 --- a/internal/catalog/internal/types/health_checks.go +++ b/internal/catalog/internal/types/health_checks.go @@ -17,6 +17,7 @@ func RegisterHealthChecks(r resource.Registry) { Proto: &pbcatalog.HealthChecks{}, Scope: resource.ScopeNamespace, Validate: ValidateHealthChecks, + ACLs: ACLHooksForWorkloadSelectingType[*pbcatalog.HealthChecks](), }) } diff --git a/internal/catalog/internal/types/health_checks_test.go b/internal/catalog/internal/types/health_checks_test.go index 8af0ffde9fac..c9cdf01ae84c 100644 --- a/internal/catalog/internal/types/health_checks_test.go +++ b/internal/catalog/internal/types/health_checks_test.go @@ -12,6 +12,7 @@ import ( "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/durationpb" + "github.com/hashicorp/consul/internal/catalog/internal/testhelpers" "github.com/hashicorp/consul/internal/resource" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" @@ -196,3 +197,12 @@ func TestValidateHealthChecks_EmptySelector(t *testing.T) { require.ErrorAs(t, err, &actual) require.Equal(t, expected, actual) } + +func TestHealthChecksACLs(t *testing.T) { + testhelpers.RunWorkloadSelectingTypeACLsTests[*pbcatalog.HealthChecks](t, pbcatalog.HealthChecksType, + func(selector *pbcatalog.WorkloadSelector) *pbcatalog.HealthChecks { + return &pbcatalog.HealthChecks{Workloads: selector} + }, + RegisterHealthChecks, + ) +} diff --git a/internal/catalog/internal/types/health_status.go b/internal/catalog/internal/types/health_status.go index 99b153895c1f..fe92e858b025 100644 --- a/internal/catalog/internal/types/health_status.go +++ b/internal/catalog/internal/types/health_status.go @@ -6,6 +6,7 @@ package types import ( "github.com/hashicorp/go-multierror" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/internal/resource" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" @@ -17,6 +18,11 @@ func RegisterHealthStatus(r resource.Registry) { Proto: &pbcatalog.HealthStatus{}, Scope: resource.ScopeNamespace, Validate: ValidateHealthStatus, + ACLs: &resource.ACLHooks{ + Read: aclReadHookHealthStatus, + Write: aclWriteHookHealthStatus, + List: resource.NoOpACLListHook, + }, }) } @@ -66,3 +72,32 @@ func ValidateHealthStatus(res *pbresource.Resource) error { return err } + +func aclReadHookHealthStatus(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, _ *pbresource.ID, res *pbresource.Resource) error { + if res == nil { + return resource.ErrNeedResource + } + // For a health status of a workload we need to check service:read perms. + if res.GetOwner() != nil && resource.EqualType(res.GetOwner().GetType(), pbcatalog.WorkloadType) { + return authorizer.ToAllowAuthorizer().ServiceReadAllowed(res.GetOwner().GetName(), authzContext) + } + + if res.GetOwner() != nil && resource.EqualType(res.GetOwner().GetType(), pbcatalog.NodeType) { + return authorizer.ToAllowAuthorizer().NodeReadAllowed(res.GetOwner().GetName(), authzContext) + } + + return acl.PermissionDenied("cannot read catalog.HealthStatus because there is no owner") +} + +func aclWriteHookHealthStatus(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error { + // For a health status of a workload we need to check service:write perms. + if res.GetOwner() != nil && resource.EqualType(res.GetOwner().GetType(), pbcatalog.WorkloadType) { + return authorizer.ToAllowAuthorizer().ServiceWriteAllowed(res.GetOwner().GetName(), authzContext) + } + + if res.GetOwner() != nil && resource.EqualType(res.GetOwner().GetType(), pbcatalog.NodeType) { + return authorizer.ToAllowAuthorizer().NodeWriteAllowed(res.GetOwner().GetName(), authzContext) + } + + return acl.PermissionDenied("cannot write catalog.HealthStatus because there is no owner") +} diff --git a/internal/catalog/internal/types/health_status_test.go b/internal/catalog/internal/types/health_status_test.go index 654573d24a53..9482e4770e40 100644 --- a/internal/catalog/internal/types/health_status_test.go +++ b/internal/catalog/internal/types/health_status_test.go @@ -11,6 +11,7 @@ import ( "google.golang.org/protobuf/types/known/anypb" "github.com/hashicorp/consul/internal/resource" + "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" ) @@ -214,3 +215,106 @@ func TestValidateHealthStatus_InvalidOwner(t *testing.T) { }) } } + +func TestHealthStatusACLs(t *testing.T) { + registry := resource.NewRegistry() + Register(registry) + + workload := resourcetest.Resource(pbcatalog.WorkloadType, "test").ID() + node := resourcetest.Resource(pbcatalog.NodeType, "test").ID() + + healthStatusData := &pbcatalog.HealthStatus{ + Type: "tcp", + Status: pbcatalog.Health_HEALTH_PASSING, + } + + cases := map[string]resourcetest.ACLTestCase{ + "no rules": { + Rules: ``, + Data: healthStatusData, + Owner: workload, + Typ: pbcatalog.HealthStatusType, + ReadOK: resourcetest.DENY, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "service test read": { + Rules: `service "test" { policy = "read" }`, + Data: healthStatusData, + Owner: workload, + Typ: pbcatalog.HealthStatusType, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "service test write": { + Rules: `service "test" { policy = "write" }`, + Data: healthStatusData, + Owner: workload, + Typ: pbcatalog.HealthStatusType, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.ALLOW, + ListOK: resourcetest.DEFAULT, + }, + "service test read with node owner": { + Rules: `service "test" { policy = "read" }`, + Data: healthStatusData, + Owner: node, + Typ: pbcatalog.HealthStatusType, + ReadOK: resourcetest.DENY, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "service test write with node owner": { + Rules: `service "test" { policy = "write" }`, + Data: healthStatusData, + Owner: node, + Typ: pbcatalog.HealthStatusType, + ReadOK: resourcetest.DENY, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "node test read with node owner": { + Rules: `node "test" { policy = "read" }`, + Data: healthStatusData, + Owner: node, + Typ: pbcatalog.HealthStatusType, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "node test write with node owner": { + Rules: `node "test" { policy = "write" }`, + Data: healthStatusData, + Owner: node, + Typ: pbcatalog.HealthStatusType, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.ALLOW, + ListOK: resourcetest.DEFAULT, + }, + "node test read with workload owner": { + Rules: `node "test" { policy = "read" }`, + Data: healthStatusData, + Owner: workload, + Typ: pbcatalog.HealthStatusType, + ReadOK: resourcetest.DENY, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "node test write with workload owner": { + Rules: `node "test" { policy = "write" }`, + Data: healthStatusData, + Owner: workload, + Typ: pbcatalog.HealthStatusType, + ReadOK: resourcetest.DENY, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + resourcetest.RunACLTestCase(t, tc, registry) + }) + } +} diff --git a/internal/catalog/internal/types/node.go b/internal/catalog/internal/types/node.go index 9c59228a49b6..42ac833c6e7d 100644 --- a/internal/catalog/internal/types/node.go +++ b/internal/catalog/internal/types/node.go @@ -6,6 +6,7 @@ package types import ( "github.com/hashicorp/go-multierror" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/internal/resource" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" @@ -22,6 +23,11 @@ func RegisterNode(r resource.Registry) { // Until that time, Node will remain namespace scoped. Scope: resource.ScopeNamespace, Validate: ValidateNode, + ACLs: &resource.ACLHooks{ + Read: aclReadHookNode, + Write: aclWriteHookNode, + List: resource.NoOpACLListHook, + }, }) } @@ -80,3 +86,11 @@ func validateNodeAddress(addr *pbcatalog.NodeAddress) error { return nil } + +func aclReadHookNode(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, id *pbresource.ID, _ *pbresource.Resource) error { + return authorizer.ToAllowAuthorizer().NodeReadAllowed(id.GetName(), authzContext) +} + +func aclWriteHookNode(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error { + return authorizer.ToAllowAuthorizer().NodeWriteAllowed(res.GetId().GetName(), authzContext) +} diff --git a/internal/catalog/internal/types/node_test.go b/internal/catalog/internal/types/node_test.go index 130551fad2b6..5a678745e3a3 100644 --- a/internal/catalog/internal/types/node_test.go +++ b/internal/catalog/internal/types/node_test.go @@ -11,6 +11,7 @@ import ( "google.golang.org/protobuf/types/known/anypb" "github.com/hashicorp/consul/internal/resource" + "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" ) @@ -127,3 +128,48 @@ func TestValidateNode_AddressMissingHost(t *testing.T) { require.ErrorAs(t, err, &actual) require.Equal(t, expected, actual) } + +func TestNodeACLs(t *testing.T) { + registry := resource.NewRegistry() + Register(registry) + + nodeData := &pbcatalog.Node{ + Addresses: []*pbcatalog.NodeAddress{ + { + Host: "1.1.1.1", + }, + }, + } + cases := map[string]resourcetest.ACLTestCase{ + "no rules": { + Rules: ``, + Data: nodeData, + Typ: pbcatalog.NodeType, + ReadOK: resourcetest.DENY, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "node test read": { + Rules: `node "test" { policy = "read" }`, + Data: nodeData, + Typ: pbcatalog.NodeType, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "node test write": { + Rules: `node "test" { policy = "write" }`, + Data: nodeData, + Typ: pbcatalog.NodeType, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.ALLOW, + ListOK: resourcetest.DEFAULT, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + resourcetest.RunACLTestCase(t, tc, registry) + }) + } +} diff --git a/internal/catalog/internal/types/service.go b/internal/catalog/internal/types/service.go index 9fa703641c7f..ad9351f0d54f 100644 --- a/internal/catalog/internal/types/service.go +++ b/internal/catalog/internal/types/service.go @@ -20,6 +20,7 @@ func RegisterService(r resource.Registry) { Scope: resource.ScopeNamespace, Validate: ValidateService, Mutate: MutateService, + ACLs: ACLHooksForWorkloadSelectingType[*pbcatalog.Service](), }) } diff --git a/internal/catalog/internal/types/service_endpoints.go b/internal/catalog/internal/types/service_endpoints.go index 938d92b79239..14f055fcba77 100644 --- a/internal/catalog/internal/types/service_endpoints.go +++ b/internal/catalog/internal/types/service_endpoints.go @@ -8,6 +8,7 @@ import ( "github.com/hashicorp/go-multierror" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/internal/resource" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" @@ -20,6 +21,15 @@ func RegisterServiceEndpoints(r resource.Registry) { Scope: resource.ScopeNamespace, Validate: ValidateServiceEndpoints, Mutate: MutateServiceEndpoints, + ACLs: &resource.ACLHooks{ + Read: func(authorizer acl.Authorizer, context *acl.AuthorizerContext, id *pbresource.ID, _ *pbresource.Resource) error { + return authorizer.ToAllowAuthorizer().ServiceReadAllowed(id.GetName(), context) + }, + Write: func(authorizer acl.Authorizer, context *acl.AuthorizerContext, p *pbresource.Resource) error { + return authorizer.ToAllowAuthorizer().ServiceWriteAllowed(p.GetId().GetName(), context) + }, + List: resource.NoOpACLListHook, + }, }) } diff --git a/internal/catalog/internal/types/service_endpoints_test.go b/internal/catalog/internal/types/service_endpoints_test.go index d210ba1aaafd..7a298e397949 100644 --- a/internal/catalog/internal/types/service_endpoints_test.go +++ b/internal/catalog/internal/types/service_endpoints_test.go @@ -258,3 +258,47 @@ func TestMutateServiceEndpoints_PopulateOwner(t *testing.T) { require.True(t, resource.EqualTenancy(res.Owner.Tenancy, defaultEndpointTenancy)) require.Equal(t, res.Owner.Name, res.Id.Name) } + +func TestServiceEndpointsACLs(t *testing.T) { + registry := resource.NewRegistry() + Register(registry) + + service := rtest.Resource(pbcatalog.ServiceType, "test"). + WithTenancy(resource.DefaultNamespacedTenancy()).ID() + serviceEndpointsData := &pbcatalog.ServiceEndpoints{} + cases := map[string]rtest.ACLTestCase{ + "no rules": { + Rules: ``, + Data: serviceEndpointsData, + Owner: service, + Typ: pbcatalog.ServiceEndpointsType, + ReadOK: rtest.DENY, + WriteOK: rtest.DENY, + ListOK: rtest.DEFAULT, + }, + "service test read": { + Rules: `service "test" { policy = "read" }`, + Data: serviceEndpointsData, + Owner: service, + Typ: pbcatalog.ServiceEndpointsType, + ReadOK: rtest.ALLOW, + WriteOK: rtest.DENY, + ListOK: rtest.DEFAULT, + }, + "service test write": { + Rules: `service "test" { policy = "write" }`, + Data: serviceEndpointsData, + Owner: service, + Typ: pbcatalog.ServiceEndpointsType, + ReadOK: rtest.ALLOW, + WriteOK: rtest.ALLOW, + ListOK: rtest.DEFAULT, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + rtest.RunACLTestCase(t, tc, registry) + }) + } +} diff --git a/internal/catalog/internal/types/service_test.go b/internal/catalog/internal/types/service_test.go index b47c02218405..18649dda9a0a 100644 --- a/internal/catalog/internal/types/service_test.go +++ b/internal/catalog/internal/types/service_test.go @@ -10,6 +10,7 @@ import ( "google.golang.org/protobuf/reflect/protoreflect" "google.golang.org/protobuf/types/known/anypb" + "github.com/hashicorp/consul/internal/catalog/internal/testhelpers" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" @@ -275,3 +276,12 @@ func TestValidateService_InvalidVIP(t *testing.T) { require.Error(t, err) require.ErrorIs(t, err, errNotIPAddress) } + +func TestServiceACLs(t *testing.T) { + testhelpers.RunWorkloadSelectingTypeACLsTests[*pbcatalog.Service](t, pbcatalog.ServiceType, + func(selector *pbcatalog.WorkloadSelector) *pbcatalog.Service { + return &pbcatalog.Service{Workloads: selector} + }, + RegisterService, + ) +} diff --git a/internal/catalog/internal/types/types.go b/internal/catalog/internal/types/types.go index 6ce29a265963..15ed6b148de7 100644 --- a/internal/catalog/internal/types/types.go +++ b/internal/catalog/internal/types/types.go @@ -13,8 +13,10 @@ func Register(r resource.Registry) { RegisterServiceEndpoints(r) RegisterNode(r) RegisterHealthStatus(r) - RegisterHealthChecks(r) - RegisterDNSPolicy(r) - RegisterVirtualIPs(r) RegisterFailoverPolicy(r) + + // todo (v2): re-register once these resources are implemented. + //RegisterHealthChecks(r) + //RegisterDNSPolicy(r) + //RegisterVirtualIPs(r) } diff --git a/internal/catalog/internal/types/types_test.go b/internal/catalog/internal/types/types_test.go index ba4243b62805..4facd921c368 100644 --- a/internal/catalog/internal/types/types_test.go +++ b/internal/catalog/internal/types/types_test.go @@ -24,9 +24,9 @@ func TestTypeRegistration(t *testing.T) { pbcatalog.ServiceEndpointsKind, pbcatalog.NodeKind, pbcatalog.HealthStatusKind, - pbcatalog.HealthChecksKind, - pbcatalog.DNSPolicyKind, // todo (ishustava): uncomment once we implement these + //pbcatalog.HealthChecksKind, + //pbcatalog.DNSPolicyKind, //pbcatalog.VirtualIPsKind, } diff --git a/internal/catalog/internal/types/virtual_ips.go b/internal/catalog/internal/types/virtual_ips.go index 7a4cee276ae6..9c7a06547405 100644 --- a/internal/catalog/internal/types/virtual_ips.go +++ b/internal/catalog/internal/types/virtual_ips.go @@ -6,19 +6,28 @@ package types import ( "github.com/hashicorp/go-multierror" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/internal/resource" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" ) func RegisterVirtualIPs(r resource.Registry) { - // todo (ishustava): uncomment when we implement it - //r.Register(resource.Registration{ - // Type: pbcatalog.VirtualIPsV2Beta1Type, - // Proto: &pbcatalog.VirtualIPs{}, - // Scope: resource.ScopeNamespace, - // Validate: ValidateVirtualIPs, - //}) + r.Register(resource.Registration{ + Type: pbcatalog.VirtualIPsType, + Proto: &pbcatalog.VirtualIPs{}, + Scope: resource.ScopeNamespace, + Validate: ValidateVirtualIPs, + ACLs: &resource.ACLHooks{ + Read: func(authorizer acl.Authorizer, context *acl.AuthorizerContext, id *pbresource.ID, p *pbresource.Resource) error { + return authorizer.ToAllowAuthorizer().ServiceReadAllowed(id.GetName(), context) + }, + Write: func(authorizer acl.Authorizer, context *acl.AuthorizerContext, p *pbresource.Resource) error { + return authorizer.ToAllowAuthorizer().ServiceWriteAllowed(p.GetId().GetName(), context) + }, + List: resource.NoOpACLListHook, + }, + }) } func ValidateVirtualIPs(res *pbresource.Resource) error { diff --git a/internal/catalog/internal/types/virtual_ips_test.go b/internal/catalog/internal/types/virtual_ips_test.go index c7ed70972530..0107e1cfd94f 100644 --- a/internal/catalog/internal/types/virtual_ips_test.go +++ b/internal/catalog/internal/types/virtual_ips_test.go @@ -11,6 +11,7 @@ import ( "google.golang.org/protobuf/types/known/anypb" "github.com/hashicorp/consul/internal/resource" + rtest "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" ) @@ -81,3 +82,47 @@ func TestValidateVirtualIPs_InvalidIP(t *testing.T) { require.Error(t, err) require.ErrorIs(t, err, errNotIPAddress) } + +func TestVirtualIPsACLs(t *testing.T) { + registry := resource.NewRegistry() + RegisterVirtualIPs(registry) + + service := rtest.Resource(pbcatalog.ServiceType, "test"). + WithTenancy(resource.DefaultNamespacedTenancy()).ID() + virtualIPsData := &pbcatalog.VirtualIPs{} + cases := map[string]rtest.ACLTestCase{ + "no rules": { + Rules: ``, + Data: virtualIPsData, + Owner: service, + Typ: pbcatalog.VirtualIPsType, + ReadOK: rtest.DENY, + WriteOK: rtest.DENY, + ListOK: rtest.DEFAULT, + }, + "service test read": { + Rules: `service "test" { policy = "read" }`, + Data: virtualIPsData, + Owner: service, + Typ: pbcatalog.VirtualIPsType, + ReadOK: rtest.ALLOW, + WriteOK: rtest.DENY, + ListOK: rtest.DEFAULT, + }, + "service test write": { + Rules: `service "test" { policy = "write" }`, + Data: virtualIPsData, + Owner: service, + Typ: pbcatalog.VirtualIPsType, + ReadOK: rtest.ALLOW, + WriteOK: rtest.ALLOW, + ListOK: rtest.DEFAULT, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + rtest.RunACLTestCase(t, tc, registry) + }) + } +} diff --git a/internal/catalog/internal/types/workload.go b/internal/catalog/internal/types/workload.go index 89308667d2c1..db0175d46d1a 100644 --- a/internal/catalog/internal/types/workload.go +++ b/internal/catalog/internal/types/workload.go @@ -9,6 +9,7 @@ import ( "github.com/hashicorp/go-multierror" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/internal/resource" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" @@ -20,6 +21,11 @@ func RegisterWorkload(r resource.Registry) { Proto: &pbcatalog.Workload{}, Scope: resource.ScopeNamespace, Validate: ValidateWorkload, + ACLs: &resource.ACLHooks{ + Read: aclReadHookWorkload, + Write: aclWriteHookWorkload, + List: resource.NoOpACLListHook, + }, }) } @@ -145,3 +151,32 @@ func ValidateWorkload(res *pbresource.Resource) error { return err } + +func aclReadHookWorkload(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, id *pbresource.ID, _ *pbresource.Resource) error { + return authorizer.ToAllowAuthorizer().ServiceReadAllowed(id.GetName(), authzContext) +} + +func aclWriteHookWorkload(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error { + decodedWorkload, err := resource.Decode[*pbcatalog.Workload](res) + if err != nil { + return resource.ErrNeedResource + } + + // First check service:write on the workload name. + err = authorizer.ToAllowAuthorizer().ServiceWriteAllowed(res.GetId().GetName(), authzContext) + if err != nil { + return err + } + + // Check node:read permissions if node is specified. + if decodedWorkload.GetData().GetNodeName() != "" { + return authorizer.ToAllowAuthorizer().NodeReadAllowed(decodedWorkload.GetData().GetNodeName(), authzContext) + } + + // Check identity:read permissions if identity is specified. + if decodedWorkload.GetData().GetIdentity() != "" { + return authorizer.ToAllowAuthorizer().IdentityReadAllowed(decodedWorkload.GetData().GetIdentity(), authzContext) + } + + return nil +} diff --git a/internal/catalog/internal/types/workload_selecting.go b/internal/catalog/internal/types/workload_selecting.go new file mode 100644 index 000000000000..6d129bfaa693 --- /dev/null +++ b/internal/catalog/internal/types/workload_selecting.go @@ -0,0 +1,16 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package types + +import ( + "google.golang.org/protobuf/proto" + + pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" +) + +// WorkloadSelecting denotes a resource type that uses workload selectors. +type WorkloadSelecting interface { + proto.Message + GetWorkloads() *pbcatalog.WorkloadSelector +} diff --git a/internal/catalog/internal/types/workload_test.go b/internal/catalog/internal/types/workload_test.go index e55d9a44fd2b..1c7f7b825594 100644 --- a/internal/catalog/internal/types/workload_test.go +++ b/internal/catalog/internal/types/workload_test.go @@ -11,6 +11,7 @@ import ( "google.golang.org/protobuf/types/known/anypb" "github.com/hashicorp/consul/internal/resource" + rtest "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" ) @@ -304,3 +305,160 @@ func TestValidateWorkload_Locality(t *testing.T) { require.ErrorAs(t, err, &actual) require.Equal(t, expected, actual) } + +func TestWorkloadACLs(t *testing.T) { + registry := resource.NewRegistry() + Register(registry) + + cases := map[string]rtest.ACLTestCase{ + "no rules": { + Rules: ``, + Data: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "1.1.1.1"}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080}, + }, + }, + Typ: pbcatalog.WorkloadType, + ReadOK: rtest.DENY, + WriteOK: rtest.DENY, + ListOK: rtest.DEFAULT, + }, + "service test read": { + Rules: `service "test" { policy = "read" }`, + Data: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "1.1.1.1"}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080}, + }, + }, + Typ: pbcatalog.WorkloadType, + ReadOK: rtest.ALLOW, + WriteOK: rtest.DENY, + ListOK: rtest.DEFAULT, + }, + "service test write": { + Rules: `service "test" { policy = "write" }`, + Data: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "1.1.1.1"}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080}, + }, + }, + Typ: pbcatalog.WorkloadType, + ReadOK: rtest.ALLOW, + WriteOK: rtest.ALLOW, + ListOK: rtest.DEFAULT, + }, + "service test write with node": { + Rules: `service "test" { policy = "write" }`, + Data: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "1.1.1.1"}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080}, + }, + NodeName: "test-node", + }, + Typ: pbcatalog.WorkloadType, + ReadOK: rtest.ALLOW, + WriteOK: rtest.DENY, + ListOK: rtest.DEFAULT, + }, + "service test write with workload identity": { + Rules: `service "test" { policy = "write" }`, + Data: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "1.1.1.1"}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080}, + }, + Identity: "test-identity", + }, + Typ: pbcatalog.WorkloadType, + ReadOK: rtest.ALLOW, + WriteOK: rtest.DENY, + ListOK: rtest.DEFAULT, + }, + "service test write with workload identity and node": { + Rules: `service "test" { policy = "write" }`, + Data: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "1.1.1.1"}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080}, + }, + NodeName: "test-node", + Identity: "test-identity", + }, + Typ: pbcatalog.WorkloadType, + ReadOK: rtest.ALLOW, + WriteOK: rtest.DENY, + ListOK: rtest.DEFAULT, + }, + "service test write with node and node policy": { + Rules: `service "test" { policy = "write" } node "test-node" { policy = "read" }`, + Data: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "1.1.1.1"}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080}, + }, + NodeName: "test-node", + }, + Typ: pbcatalog.WorkloadType, + ReadOK: rtest.ALLOW, + WriteOK: rtest.ALLOW, + ListOK: rtest.DEFAULT, + }, + "service test write with workload identity and identity policy ": { + Rules: `service "test" { policy = "write" } identity "test-identity" { policy = "read" }`, + Data: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "1.1.1.1"}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080}, + }, + Identity: "test-identity", + }, + Typ: pbcatalog.WorkloadType, + ReadOK: rtest.ALLOW, + WriteOK: rtest.ALLOW, + ListOK: rtest.DEFAULT, + }, + "service test write with workload identity and node with both node and identity policy": { + Rules: `service "test" { policy = "write" } identity "test-identity" { policy = "read" } node "test-node" { policy = "read" }`, + Data: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "1.1.1.1"}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080}, + }, + NodeName: "test-node", + Identity: "test-identity", + }, + Typ: pbcatalog.WorkloadType, + ReadOK: rtest.ALLOW, + WriteOK: rtest.ALLOW, + ListOK: rtest.DEFAULT, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + rtest.RunACLTestCase(t, tc, registry) + }) + } +} diff --git a/internal/mesh/internal/mappers/workloadselectionmapper/workload_selection_mapper.go b/internal/mesh/internal/mappers/workloadselectionmapper/workload_selection_mapper.go index 533474e6522a..7b064248414b 100644 --- a/internal/mesh/internal/mappers/workloadselectionmapper/workload_selection_mapper.go +++ b/internal/mesh/internal/mappers/workloadselectionmapper/workload_selection_mapper.go @@ -6,29 +6,21 @@ package workloadselectionmapper import ( "context" - "google.golang.org/protobuf/proto" - + "github.com/hashicorp/consul/internal/catalog" "github.com/hashicorp/consul/internal/controller" "github.com/hashicorp/consul/internal/mesh/internal/mappers/common" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/mappers/selectiontracker" "github.com/hashicorp/consul/lib/stringslice" - pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" ) -// WorkloadSelecting denotes a resource type that uses workload selectors. -type WorkloadSelecting interface { - proto.Message - GetWorkloads() *pbcatalog.WorkloadSelector -} - -type Mapper[T WorkloadSelecting] struct { +type Mapper[T catalog.WorkloadSelecting] struct { workloadSelectionTracker *selectiontracker.WorkloadSelectionTracker computedType *pbresource.Type } -func New[T WorkloadSelecting](computedType *pbresource.Type) *Mapper[T] { +func New[T catalog.WorkloadSelecting](computedType *pbresource.Type) *Mapper[T] { if computedType == nil { panic("computed type is required") } diff --git a/internal/mesh/internal/types/destination_policy.go b/internal/mesh/internal/types/destination_policy.go index 75a6b9f18fb0..68b37345baf3 100644 --- a/internal/mesh/internal/types/destination_policy.go +++ b/internal/mesh/internal/types/destination_policy.go @@ -24,7 +24,7 @@ func RegisterDestinationPolicy(r resource.Registry) { ACLs: &resource.ACLHooks{ Read: aclReadHookDestinationPolicy, Write: aclWriteHookDestinationPolicy, - List: aclListHookDestinationPolicy, + List: resource.NoOpACLListHook, }, }) } @@ -233,9 +233,3 @@ func aclWriteHookDestinationPolicy(authorizer acl.Authorizer, authzContext *acl. // Check service:write permissions on the service this is controlling. return authorizer.ToAllowAuthorizer().ServiceWriteAllowed(serviceName, authzContext) } - -func aclListHookDestinationPolicy(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext) error { - // No-op List permission as we want to default to filtering resources - // from the list using the Read enforcement. - return nil -} diff --git a/internal/mesh/internal/types/destinations.go b/internal/mesh/internal/types/destinations.go index e4da2997e1da..34287e627ab7 100644 --- a/internal/mesh/internal/types/destinations.go +++ b/internal/mesh/internal/types/destinations.go @@ -22,6 +22,7 @@ func RegisterDestinations(r resource.Registry) { Scope: resource.ScopeNamespace, Mutate: MutateDestinations, Validate: ValidateDestinations, + ACLs: catalog.ACLHooksForWorkloadSelectingType[*pbmesh.Destinations](), }) } diff --git a/internal/mesh/internal/types/destinations_configuration.go b/internal/mesh/internal/types/destinations_configuration.go index b5de19d029b5..fedbe40df48c 100644 --- a/internal/mesh/internal/types/destinations_configuration.go +++ b/internal/mesh/internal/types/destinations_configuration.go @@ -7,17 +7,19 @@ import ( "github.com/hashicorp/go-multierror" "github.com/hashicorp/consul/internal/catalog" + "github.com/hashicorp/consul/internal/resource" pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" ) -func RegisterUpstreamsConfiguration(r resource.Registry) { +func RegisterDestinationsConfiguration(r resource.Registry) { r.Register(resource.Registration{ Type: pbmesh.DestinationsConfigurationType, Proto: &pbmesh.DestinationsConfiguration{}, Scope: resource.ScopeNamespace, Validate: ValidateDestinationsConfiguration, + ACLs: catalog.ACLHooksForWorkloadSelectingType[*pbmesh.DestinationsConfiguration](), }) } diff --git a/internal/mesh/internal/types/destinations_configuration_test.go b/internal/mesh/internal/types/destinations_configuration_test.go index 29c7c7cae0f1..11af0732d5d9 100644 --- a/internal/mesh/internal/types/destinations_configuration_test.go +++ b/internal/mesh/internal/types/destinations_configuration_test.go @@ -8,6 +8,7 @@ import ( "github.com/stretchr/testify/require" + catalogtesthelpers "github.com/hashicorp/consul/internal/catalog/catalogtest/helpers" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" @@ -16,6 +17,15 @@ import ( "github.com/hashicorp/consul/sdk/testutil" ) +func TestDestinationsConfigurationACLs(t *testing.T) { + catalogtesthelpers.RunWorkloadSelectingTypeACLsTests[*pbmesh.DestinationsConfiguration](t, pbmesh.DestinationsConfigurationType, + func(selector *pbcatalog.WorkloadSelector) *pbmesh.DestinationsConfiguration { + return &pbmesh.DestinationsConfiguration{Workloads: selector} + }, + RegisterDestinationsConfiguration, + ) +} + func TestValidateDestinationsConfiguration(t *testing.T) { type testcase struct { data *pbmesh.DestinationsConfiguration diff --git a/internal/mesh/internal/types/destinations_test.go b/internal/mesh/internal/types/destinations_test.go index ca0150a60c3d..55624a6316f4 100644 --- a/internal/mesh/internal/types/destinations_test.go +++ b/internal/mesh/internal/types/destinations_test.go @@ -8,6 +8,7 @@ import ( "github.com/stretchr/testify/require" + catalogtesthelpers "github.com/hashicorp/consul/internal/catalog/catalogtest/helpers" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" @@ -415,3 +416,12 @@ func TestValidateDestinations(t *testing.T) { }) } } + +func TestDestinationsACLs(t *testing.T) { + catalogtesthelpers.RunWorkloadSelectingTypeACLsTests[*pbmesh.Destinations](t, pbmesh.DestinationsType, + func(selector *pbcatalog.WorkloadSelector) *pbmesh.Destinations { + return &pbmesh.Destinations{Workloads: selector} + }, + RegisterDestinations, + ) +} diff --git a/internal/mesh/internal/types/proxy_configuration.go b/internal/mesh/internal/types/proxy_configuration.go index 0c9ac05147e1..081324d72167 100644 --- a/internal/mesh/internal/types/proxy_configuration.go +++ b/internal/mesh/internal/types/proxy_configuration.go @@ -6,10 +6,10 @@ package types import ( "math" - "github.com/hashicorp/go-multierror" - "github.com/hashicorp/consul/internal/catalog" + "github.com/hashicorp/go-multierror" + "github.com/hashicorp/consul/internal/resource" pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" @@ -23,6 +23,7 @@ func RegisterProxyConfiguration(r resource.Registry) { Scope: resource.ScopeNamespace, Mutate: MutateProxyConfiguration, Validate: ValidateProxyConfiguration, + ACLs: catalog.ACLHooksForWorkloadSelectingType[*pbmesh.ProxyConfiguration](), }) } diff --git a/internal/mesh/internal/types/proxy_configuration_test.go b/internal/mesh/internal/types/proxy_configuration_test.go index c504ff2bd03d..f5c52d474c35 100644 --- a/internal/mesh/internal/types/proxy_configuration_test.go +++ b/internal/mesh/internal/types/proxy_configuration_test.go @@ -11,6 +11,7 @@ import ( "github.com/stretchr/testify/require" "google.golang.org/protobuf/types/known/structpb" + catalogtesthelpers "github.com/hashicorp/consul/internal/catalog/catalogtest/helpers" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" @@ -20,6 +21,18 @@ import ( "github.com/hashicorp/consul/sdk/testutil" ) +func TestProxyConfigurationACLs(t *testing.T) { + catalogtesthelpers.RunWorkloadSelectingTypeACLsTests[*pbmesh.ProxyConfiguration](t, pbmesh.ProxyConfigurationType, + func(selector *pbcatalog.WorkloadSelector) *pbmesh.ProxyConfiguration { + return &pbmesh.ProxyConfiguration{ + Workloads: selector, + DynamicConfig: &pbmesh.DynamicConfig{}, + } + }, + RegisterProxyConfiguration, + ) +} + func TestMutateProxyConfiguration(t *testing.T) { cases := map[string]struct { data *pbmesh.ProxyConfiguration diff --git a/internal/mesh/internal/types/proxy_state_template.go b/internal/mesh/internal/types/proxy_state_template.go index 010d0f9591b3..b84d0e9b45cb 100644 --- a/internal/mesh/internal/types/proxy_state_template.go +++ b/internal/mesh/internal/types/proxy_state_template.go @@ -44,11 +44,7 @@ func RegisterProxyStateTemplate(r resource.Registry) { // managed by a controller. return authorizer.ToAllowAuthorizer().OperatorWriteAllowed(authzContext) }, - List: func(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext) error { - // No-op List permission as we want to default to filtering resources - // from the list using the Read enforcement. - return nil - }, + List: resource.NoOpACLListHook, }, }) } diff --git a/internal/mesh/internal/types/types.go b/internal/mesh/internal/types/types.go index 20b23604fc6e..cf1443aabf18 100644 --- a/internal/mesh/internal/types/types.go +++ b/internal/mesh/internal/types/types.go @@ -12,11 +12,12 @@ func Register(r resource.Registry) { RegisterComputedProxyConfiguration(r) RegisterDestinations(r) RegisterComputedExplicitDestinations(r) - RegisterUpstreamsConfiguration(r) RegisterProxyStateTemplate(r) RegisterHTTPRoute(r) RegisterTCPRoute(r) RegisterGRPCRoute(r) RegisterDestinationPolicy(r) RegisterComputedRoutes(r) + // todo (v2): uncomment once we implement it. + //RegisterDestinationsConfiguration(r) } diff --git a/internal/mesh/internal/types/types_test.go b/internal/mesh/internal/types/types_test.go index 631e1b4be8d0..801d3de01846 100644 --- a/internal/mesh/internal/types/types_test.go +++ b/internal/mesh/internal/types/types_test.go @@ -21,13 +21,14 @@ func TestTypeRegistration(t *testing.T) { requiredKinds := []string{ pbmesh.ProxyConfigurationKind, pbmesh.DestinationsKind, - pbmesh.DestinationsConfigurationKind, pbmesh.ProxyStateTemplateKind, pbmesh.HTTPRouteKind, pbmesh.TCPRouteKind, pbmesh.GRPCRouteKind, pbmesh.DestinationPolicyKind, pbmesh.ComputedRoutesKind, + // todo (v2): re-enable once we implement it. + //pbmesh.DestinationsConfigurationKind, } r := resource.NewRegistry() diff --git a/internal/mesh/internal/types/xroute.go b/internal/mesh/internal/types/xroute.go index 1c60bdcb1c54..619c9cb68243 100644 --- a/internal/mesh/internal/types/xroute.go +++ b/internal/mesh/internal/types/xroute.go @@ -290,7 +290,7 @@ func xRouteACLHooks[R XRouteData]() *resource.ACLHooks { hooks := &resource.ACLHooks{ Read: aclReadHookXRoute[R], Write: aclWriteHookXRoute[R], - List: aclListHookXRoute[R], + List: resource.NoOpACLListHook, } return hooks @@ -298,7 +298,7 @@ func xRouteACLHooks[R XRouteData]() *resource.ACLHooks { func aclReadHookXRoute[R XRouteData](authorizer acl.Authorizer, _ *acl.AuthorizerContext, _ *pbresource.ID, res *pbresource.Resource) error { if res == nil { - return resource.ErrNeedData + return resource.ErrNeedResource } dec, err := resource.Decode[R](res) @@ -351,9 +351,3 @@ func aclWriteHookXRoute[R XRouteData](authorizer acl.Authorizer, _ *acl.Authoriz return nil } - -func aclListHookXRoute[R XRouteData](authorizer acl.Authorizer, authzContext *acl.AuthorizerContext) error { - // No-op List permission as we want to default to filtering resources - // from the list using the Read enforcement. - return nil -} diff --git a/internal/mesh/internal/types/xroute_test.go b/internal/mesh/internal/types/xroute_test.go index 09806bea8c7e..cd6d6d766327 100644 --- a/internal/mesh/internal/types/xroute_test.go +++ b/internal/mesh/internal/types/xroute_test.go @@ -458,7 +458,7 @@ func testXRouteACLs[R XRouteData](t *testing.T, newRoute func(t *testing.T, pare require.True(t, ok) err = reg.ACLs.Read(authz, &acl.AuthorizerContext{}, tc.res.Id, nil) - require.ErrorIs(t, err, resource.ErrNeedData, "read hook should require the data payload") + require.ErrorIs(t, err, resource.ErrNeedResource, "read hook should require the data payload") checkF(t, "read", tc.readOK, reg.ACLs.Read(authz, &acl.AuthorizerContext{}, tc.res.Id, tc.res)) checkF(t, "write", tc.writeOK, reg.ACLs.Write(authz, &acl.AuthorizerContext{}, tc.res)) diff --git a/internal/resource/acls.go b/internal/resource/acls.go new file mode 100644 index 000000000000..55a5872fc0de --- /dev/null +++ b/internal/resource/acls.go @@ -0,0 +1,13 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package resource + +import "github.com/hashicorp/consul/acl" + +// NoOpACLListHook is a common function that can be used if no special list permission is required for a resource. +func NoOpACLListHook(_ acl.Authorizer, _ *acl.AuthorizerContext) error { + // No-op List permission as we want to default to filtering resources + // from the list using the Read enforcement. + return nil +} diff --git a/internal/resource/demo/demo.go b/internal/resource/demo/demo.go index b6a9263842d3..8e978c9fb49a 100644 --- a/internal/resource/demo/demo.go +++ b/internal/resource/demo/demo.go @@ -97,7 +97,7 @@ func RegisterTypes(r resource.Registry) { readACL := func(authz acl.Authorizer, authzContext *acl.AuthorizerContext, id *pbresource.ID, res *pbresource.Resource) error { if resource.EqualType(TypeV1RecordLabel, id.Type) { if res == nil { - return resource.ErrNeedData + return resource.ErrNeedResource } } key := fmt.Sprintf("resource/%s/%s", resource.ToGVK(id.Type), id.Name) diff --git a/internal/resource/errors.go b/internal/resource/errors.go index 2602e8c5b6ca..24dd96e90ec4 100644 --- a/internal/resource/errors.go +++ b/internal/resource/errors.go @@ -137,6 +137,20 @@ type ErrOwnerTenantInvalid struct { } func (err ErrOwnerTenantInvalid) Error() string { + if err.ResourceTenancy == nil && err.OwnerTenancy != nil { + return fmt.Sprintf( + "empty resource tenancy cannot be owned by a resource in partition %s, namespace %s and peer %s", + err.OwnerTenancy.Partition, err.OwnerTenancy.Namespace, err.OwnerTenancy.PeerName, + ) + } + + if err.ResourceTenancy != nil && err.OwnerTenancy == nil { + return fmt.Sprintf( + "resource in partition %s, namespace %s and peer %s cannot be owned by a resource with empty tenancy", + err.ResourceTenancy.Partition, err.ResourceTenancy.Namespace, err.ResourceTenancy.PeerName, + ) + } + return fmt.Sprintf( "resource in partition %s, namespace %s and peer %s cannot be owned by a resource in partition %s, namespace %s and peer %s", err.ResourceTenancy.Partition, err.ResourceTenancy.Namespace, err.ResourceTenancy.PeerName, diff --git a/internal/resource/registry.go b/internal/resource/registry.go index 2b004b6b4c0c..20c1f4dc41a8 100644 --- a/internal/resource/registry.go +++ b/internal/resource/registry.go @@ -68,14 +68,14 @@ type Registration struct { Scope Scope } -var ErrNeedData = errors.New("authorization check requires resource data") +var ErrNeedResource = errors.New("authorization check requires the entire resource") type ACLHooks struct { // Read is used to authorize Read RPCs and to filter results in List // RPCs. // // It can be called an ID and possibly a Resource. The check will first - // attempt to use the ID and if the hook returns ErrNeedData, then the + // attempt to use the ID and if the hook returns ErrNeedResource, then the // check will be deferred until the data is fetched from the storage layer. // // If it is omitted, `operator:read` permission is assumed. diff --git a/internal/resource/resourcetest/acls.go b/internal/resource/resourcetest/acls.go new file mode 100644 index 000000000000..4aff9e30327b --- /dev/null +++ b/internal/resource/resourcetest/acls.go @@ -0,0 +1,85 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package resourcetest + +import ( + "testing" + + "github.com/stretchr/testify/require" + "google.golang.org/protobuf/reflect/protoreflect" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/internal/resource" + "github.com/hashicorp/consul/proto-public/pbresource" +) + +const ( + DENY = "deny" + ALLOW = "allow" + DEFAULT = "default" +) + +var checkF = func(t *testing.T, expect string, got error) { + switch expect { + case ALLOW: + if acl.IsErrPermissionDenied(got) { + t.Fatal("should be allowed") + } + case DENY: + if !acl.IsErrPermissionDenied(got) { + t.Fatal("should be denied") + } + case DEFAULT: + require.Nil(t, got, "expected fallthrough decision") + default: + t.Fatalf("unexpected expectation: %q", expect) + } +} + +type ACLTestCase struct { + Rules string + Data protoreflect.ProtoMessage + Owner *pbresource.ID + Typ *pbresource.Type + ReadOK string + WriteOK string + ListOK string +} + +func RunACLTestCase(t *testing.T, tc ACLTestCase, registry resource.Registry) { + reg, ok := registry.Resolve(tc.Typ) + require.True(t, ok) + + resolvedType, ok := registry.Resolve(tc.Typ) + require.True(t, ok) + + res := Resource(tc.Typ, "test"). + WithTenancy(DefaultTenancyForType(t, resolvedType)). + WithOwner(tc.Owner). + WithData(t, tc.Data). + Build() + + ValidateAndNormalize(t, registry, res) + + config := acl.Config{ + WildcardName: structs.WildcardSpecifier, + } + authz, err := acl.NewAuthorizerFromRules(tc.Rules, &config, nil) + require.NoError(t, err) + authz = acl.NewChainedAuthorizer([]acl.Authorizer{authz, acl.DenyAll()}) + + t.Run("read", func(t *testing.T) { + err := reg.ACLs.Read(authz, &acl.AuthorizerContext{}, res.Id, res) + checkF(t, tc.ReadOK, err) + }) + t.Run("write", func(t *testing.T) { + err := reg.ACLs.Write(authz, &acl.AuthorizerContext{}, res) + checkF(t, tc.WriteOK, err) + }) + t.Run("list", func(t *testing.T) { + err := reg.ACLs.List(authz, &acl.AuthorizerContext{}) + checkF(t, tc.ListOK, err) + }) +} diff --git a/internal/resource/resourcetest/tenancy.go b/internal/resource/resourcetest/tenancy.go index 838379cebbed..5f5c0525b6f4 100644 --- a/internal/resource/resourcetest/tenancy.go +++ b/internal/resource/resourcetest/tenancy.go @@ -5,6 +5,7 @@ package resourcetest import ( "strings" + "testing" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/proto-public/pbresource" @@ -35,3 +36,17 @@ func Tenancy(s string) *pbresource.Tenancy { return &pbresource.Tenancy{Partition: "BAD", Namespace: "BAD", PeerName: "BAD"} } } + +func DefaultTenancyForType(t *testing.T, reg resource.Registration) *pbresource.Tenancy { + switch reg.Scope { + case resource.ScopeNamespace: + return resource.DefaultNamespacedTenancy() + case resource.ScopePartition: + return resource.DefaultPartitionedTenancy() + case resource.ScopeCluster: + return resource.DefaultClusteredTenancy() + default: + t.Fatalf("unsupported resource scope: %v", reg.Scope) + return nil + } +} From e093aa7c52ddb07ac1350f5618395adbf47d2de1 Mon Sep 17 00:00:00 2001 From: John Murret Date: Thu, 12 Oct 2023 21:41:31 -0600 Subject: [PATCH 07/10] NET-5073 - ProxyConfiguration: implement various connection options --- .../sidecarproxy/builder/expose_paths.go | 2 +- .../sidecarproxy/builder/local_app.go | 62 ++++++-- .../sidecarproxy/builder/local_app_test.go | 51 +++++- .../local-and-inbound-connections.golden | 149 ++++++++++++++++++ proto-public/pbmesh/v2beta1/connection.pb.go | 6 +- proto-public/pbmesh/v2beta1/connection.proto | 2 +- 6 files changed, 250 insertions(+), 22 deletions(-) create mode 100644 internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections.golden diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/expose_paths.go b/internal/mesh/internal/controllers/sidecarproxy/builder/expose_paths.go index e5baaa2cba59..61aa666e73bc 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/expose_paths.go +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/expose_paths.go @@ -22,7 +22,7 @@ func (b *Builder) buildExposePaths(workload *pbcatalog.Workload) { buildListener() b.addExposePathsRoute(exposePath, clusterName). - addLocalAppCluster(clusterName). + addLocalAppCluster(clusterName, fmt.Sprintf("%d", exposePath.LocalPathPort)). addLocalAppStaticEndpoints(clusterName, exposePath.LocalPathPort) } } diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/local_app.go b/internal/mesh/internal/controllers/sidecarproxy/builder/local_app.go index e6ba896b68e0..1dcb25e23c9d 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/local_app.go +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/local_app.go @@ -6,6 +6,9 @@ package builder import ( "fmt" + pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" + "google.golang.org/protobuf/types/known/wrapperspb" + "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/envoyextensions/xdscommon" pbauth "github.com/hashicorp/consul/proto-public/pbauth/v2beta1" @@ -31,13 +34,13 @@ func (b *Builder) BuildLocalApp(workload *pbcatalog.Workload, ctp *pbauth.Comput if port.Protocol != pbcatalog.Protocol_PROTOCOL_MESH { foundInboundNonMeshPorts = true - lb.addInboundRouter(clusterName, routeName, port, portName, trafficPermissions[portName]). + lb.addInboundRouter(clusterName, routeName, port, portName, trafficPermissions[portName], b.proxyCfg.GetDynamicConfig().GetInboundConnections()). addInboundTLS() if isL7(port.Protocol) { b.addLocalAppRoute(routeName, clusterName) } - b.addLocalAppCluster(clusterName). + b.addLocalAppCluster(clusterName, portName). addLocalAppStaticEndpoints(clusterName, port.GetPort()) } } @@ -264,10 +267,16 @@ func (b *Builder) addInboundListener(name string, workload *pbcatalog.Workload) // Add TLS inspection capability to be able to parse ALPN and/or SNI information from inbound connections. listener.Capabilities = append(listener.Capabilities, pbproxystate.Capability_CAPABILITY_L4_TLS_INSPECTION) + if b.proxyCfg != nil && b.proxyCfg.DynamicConfig != nil && b.proxyCfg.DynamicConfig.InboundConnections != nil { + listener.BalanceConnections = pbproxystate.BalanceConnections(b.proxyCfg.DynamicConfig.InboundConnections.BalanceInboundConnections) + } return b.NewListenerBuilder(listener) } -func (l *ListenerBuilder) addInboundRouter(clusterName string, routeName string, port *pbcatalog.WorkloadPort, portName string, tp *pbproxystate.TrafficPermissions) *ListenerBuilder { +func (l *ListenerBuilder) addInboundRouter(clusterName string, routeName string, + port *pbcatalog.WorkloadPort, portName string, tp *pbproxystate.TrafficPermissions, + ic *pbmesh.InboundConnectionsConfig) *ListenerBuilder { + if l.listener == nil { return l } @@ -289,6 +298,15 @@ func (l *ListenerBuilder) addInboundRouter(clusterName string, routeName string, AlpnProtocols: []string{getAlpnProtocolFromPortName(portName)}, }, } + + if ic != nil { + // MaxInboundConnections is uint32 that is used on: + // - router destinations MaxInboundConnection (uint64) + // - cluster circuit breakers UpstreamLimits.MaxConnections (uint32) + // It is cast to a uint64 here similarly as it is to the proxystateconverter code + r.GetL4().MaxInboundConnections = uint64(ic.MaxInboundConnections) + } + l.listener.Routers = append(l.listener.Routers, r) } else if isL7(port.Protocol) { r := &pbproxystate.Router{ @@ -373,9 +391,9 @@ func isL7(protocol pbcatalog.Protocol) bool { return false } -func (b *Builder) addLocalAppCluster(clusterName string) *Builder { +func (b *Builder) addLocalAppCluster(clusterName, portName string) *Builder { // Make cluster for this router destination. - b.proxyStateTemplate.ProxyState.Clusters[clusterName] = &pbproxystate.Cluster{ + cluster := &pbproxystate.Cluster{ Group: &pbproxystate.Cluster_EndpointGroup{ EndpointGroup: &pbproxystate.EndpointGroup{ Group: &pbproxystate.EndpointGroup_Static{ @@ -384,20 +402,34 @@ func (b *Builder) addLocalAppCluster(clusterName string) *Builder { }, }, } + + // configure inbound connections or connection timeout if either is defined + if b.proxyCfg.GetDynamicConfig() != nil { + lc, lcOK := b.proxyCfg.DynamicConfig.LocalConnection[portName] + + if lcOK || b.proxyCfg.DynamicConfig.InboundConnections != nil { + cluster.GetEndpointGroup().GetStatic().Config = &pbproxystate.StaticEndpointGroupConfig{} + + if lcOK { + cluster.GetEndpointGroup().GetStatic().GetConfig().ConnectTimeout = lc.ConnectTimeout + } + + if b.proxyCfg.DynamicConfig.InboundConnections != nil { + cluster.GetEndpointGroup().GetStatic().GetConfig().CircuitBreakers = &pbproxystate.CircuitBreakers{ + UpstreamLimits: &pbproxystate.UpstreamLimits{ + MaxConnections: &wrapperspb.UInt32Value{Value: b.proxyCfg.DynamicConfig.InboundConnections.MaxInboundConnections}, + }, + } + } + } + } + + b.proxyStateTemplate.ProxyState.Clusters[clusterName] = cluster return b } func (b *Builder) addBlackHoleCluster() *Builder { - b.proxyStateTemplate.ProxyState.Clusters[xdscommon.BlackHoleClusterName] = &pbproxystate.Cluster{ - Group: &pbproxystate.Cluster_EndpointGroup{ - EndpointGroup: &pbproxystate.EndpointGroup{ - Group: &pbproxystate.EndpointGroup_Static{ - Static: &pbproxystate.StaticEndpointGroup{}, - }, - }, - }, - } - return b + return b.addLocalAppCluster(xdscommon.BlackHoleClusterName, "") } func (b *Builder) addLocalAppStaticEndpoints(clusterName string, port uint32) { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/local_app_test.go b/internal/mesh/internal/controllers/sidecarproxy/builder/local_app_test.go index 785e0aab2e2e..6a1fb93835dc 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/local_app_test.go +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/local_app_test.go @@ -4,7 +4,10 @@ package builder import ( + "google.golang.org/protobuf/types/known/durationpb" + "sort" "testing" + "time" "github.com/stretchr/testify/require" @@ -139,6 +142,36 @@ func TestBuildLocalApp_WithProxyConfiguration(t *testing.T) { }, }, }, + "source/local-and-inbound-connections": { + workload: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + { + Host: "10.0.0.1", + }, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "port1": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + "port2": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + "port3": {Port: 8081, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + }, + }, + proxyCfg: &pbmesh.ComputedProxyConfiguration{ + DynamicConfig: &pbmesh.DynamicConfig{ + LocalConnection: map[string]*pbmesh.ConnectionConfig{ + "port1": { + ConnectTimeout: durationpb.New(6 * time.Second), + RequestTimeout: durationpb.New(7 * time.Second)}, + "port3": { + ConnectTimeout: durationpb.New(8 * time.Second), + RequestTimeout: durationpb.New(9 * time.Second)}, + }, + InboundConnections: &pbmesh.InboundConnectionsConfig{ + MaxInboundConnections: 123, + BalanceInboundConnections: pbmesh.BalanceConnections(pbproxystate.BalanceConnections_BALANCE_CONNECTIONS_EXACT), + }, + }, + }, + }, } for name, c := range cases { @@ -146,10 +179,24 @@ func TestBuildLocalApp_WithProxyConfiguration(t *testing.T) { proxyTmpl := New(testProxyStateTemplateID(), testIdentityRef(), "foo.consul", "dc1", true, c.proxyCfg). BuildLocalApp(c.workload, nil). Build() + + // sort routers because of test flakes where order was flip flopping. + actualRouters := proxyTmpl.ProxyState.Listeners[0].Routers + sort.Slice(actualRouters, func(i, j int) bool { + return actualRouters[i].String() < actualRouters[j].String() + }) + actual := protoToJSON(t, proxyTmpl) - expected := golden.Get(t, actual, name+".golden") + expected := JSONToProxyTemplate(t, golden.GetBytes(t, actual, name+".golden")) - require.JSONEq(t, expected, actual) + // sort routers on listener from golden file + expectedRouters := expected.ProxyState.Listeners[0].Routers + sort.Slice(expectedRouters, func(i, j int) bool { + return expectedRouters[i].String() < expectedRouters[j].String() + }) + + // convert back to json after sorting so that test output does not contain extraneous fields. + require.Equal(t, protoToJSON(t, expected), protoToJSON(t, proxyTmpl)) }) } } diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections.golden new file mode 100644 index 000000000000..757a2caa8f40 --- /dev/null +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections.golden @@ -0,0 +1,149 @@ +{ + "proxyState": { + "clusters": { + "local_app:port1": { + "endpointGroup": { + "static": { + "config": { + "connectTimeout": "6s", + "circuitBreakers": { + "upstreamLimits": { + "maxConnections": 123 + } + } + } + } + }, + "name": "local_app:port1" + }, + "local_app:port3": { + "endpointGroup": { + "static": { + "config": { + "connectTimeout": "8s", + "circuitBreakers": { + "upstreamLimits": { + "maxConnections": 123 + } + } + } + } + }, + "name": "local_app:port3" + } + }, + "endpoints": { + "local_app:port1": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 8080 + } + } + ] + }, + "local_app:port3": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 8081 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "listeners": [ + { + "capabilities": [ + "CAPABILITY_L4_TLS_INSPECTION" + ], + "direction": "DIRECTION_INBOUND", + "hostPort": { + "host": "10.0.0.1", + "port": 20000 + }, + "name": "public_listener", + "balanceConnections": "BALANCE_CONNECTIONS_EXACT", + "routers": [ + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l4": { + "cluster": { + "name": "local_app:port1" + }, + "maxInboundConnections": 123, + "statPrefix": "public_listener", + "trafficPermissions": {} + }, + "match": { + "alpnProtocols": [ + "consul~port1" + ] + } + }, + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l4": { + "cluster": { + "name": "local_app:port3" + }, + "maxInboundConnections": 123, + "statPrefix": "public_listener", + "trafficPermissions": {} + }, + "match": { + "alpnProtocols": [ + "consul~port3" + ] + } + } + ] + } + ] + }, + "requiredLeafCertificates": { + "test-identity": { + "name": "test-identity", + "namespace": "default", + "partition": "default" + } + }, + "requiredTrustBundles": { + "local": { + "peer": "local" + } + } +} \ No newline at end of file diff --git a/proto-public/pbmesh/v2beta1/connection.pb.go b/proto-public/pbmesh/v2beta1/connection.pb.go index d8ccaba7d74e..909071da81c7 100644 --- a/proto-public/pbmesh/v2beta1/connection.pb.go +++ b/proto-public/pbmesh/v2beta1/connection.pb.go @@ -137,7 +137,7 @@ type InboundConnectionsConfig struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - MaxInboundConnections uint64 `protobuf:"varint,12,opt,name=max_inbound_connections,json=maxInboundConnections,proto3" json:"max_inbound_connections,omitempty"` + MaxInboundConnections uint32 `protobuf:"varint,12,opt,name=max_inbound_connections,json=maxInboundConnections,proto3" json:"max_inbound_connections,omitempty"` BalanceInboundConnections BalanceConnections `protobuf:"varint,13,opt,name=balance_inbound_connections,json=balanceInboundConnections,proto3,enum=hashicorp.consul.mesh.v2beta1.BalanceConnections" json:"balance_inbound_connections,omitempty"` } @@ -173,7 +173,7 @@ func (*InboundConnectionsConfig) Descriptor() ([]byte, []int) { return file_pbmesh_v2beta1_connection_proto_rawDescGZIP(), []int{1} } -func (x *InboundConnectionsConfig) GetMaxInboundConnections() uint64 { +func (x *InboundConnectionsConfig) GetMaxInboundConnections() uint32 { if x != nil { return x.MaxInboundConnections } @@ -209,7 +209,7 @@ var file_pbmesh_v2beta1_connection_proto_rawDesc = []byte{ 0x0a, 0x18, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x36, 0x0a, 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x04, 0x52, 0x15, 0x6d, 0x61, 0x78, + 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x15, 0x6d, 0x61, 0x78, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x71, 0x0a, 0x1b, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, diff --git a/proto-public/pbmesh/v2beta1/connection.proto b/proto-public/pbmesh/v2beta1/connection.proto index fdb7217a123b..3106dbe733ae 100644 --- a/proto-public/pbmesh/v2beta1/connection.proto +++ b/proto-public/pbmesh/v2beta1/connection.proto @@ -17,7 +17,7 @@ message ConnectionConfig { // Referenced by ProxyConfiguration message InboundConnectionsConfig { - uint64 max_inbound_connections = 12; + uint32 max_inbound_connections = 12; BalanceConnections balance_inbound_connections = 13; } From c9c1b86789587dfbdf71bdba02e73023914c0f84 Mon Sep 17 00:00:00 2001 From: John Murret Date: Fri, 13 Oct 2023 14:25:00 -0600 Subject: [PATCH 08/10] PR feedback - LocalConnection and InboundConnection do not affect exposed routes. configure L7 route destinations. fix connection proto sequence numbers. --- .../sidecarproxy/builder/expose_paths.go | 2 +- .../sidecarproxy/builder/local_app.go | 25 ++- .../sidecarproxy/builder/local_app_test.go | 21 ++- .../local-and-inbound-connections.golden | 154 +++++++++++++++++- proto-public/pbmesh/v2beta1/connection.pb.go | 8 +- proto-public/pbmesh/v2beta1/connection.proto | 4 +- 6 files changed, 193 insertions(+), 21 deletions(-) diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/expose_paths.go b/internal/mesh/internal/controllers/sidecarproxy/builder/expose_paths.go index 61aa666e73bc..6215ab540ca5 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/expose_paths.go +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/expose_paths.go @@ -22,7 +22,7 @@ func (b *Builder) buildExposePaths(workload *pbcatalog.Workload) { buildListener() b.addExposePathsRoute(exposePath, clusterName). - addLocalAppCluster(clusterName, fmt.Sprintf("%d", exposePath.LocalPathPort)). + addLocalAppCluster(clusterName, nil). addLocalAppStaticEndpoints(clusterName, exposePath.LocalPathPort) } } diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/local_app.go b/internal/mesh/internal/controllers/sidecarproxy/builder/local_app.go index 1dcb25e23c9d..6bde969346d1 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/local_app.go +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/local_app.go @@ -40,7 +40,7 @@ func (b *Builder) BuildLocalApp(workload *pbcatalog.Workload, ctp *pbauth.Comput if isL7(port.Protocol) { b.addLocalAppRoute(routeName, clusterName) } - b.addLocalAppCluster(clusterName, portName). + b.addLocalAppCluster(clusterName, &portName). addLocalAppStaticEndpoints(clusterName, port.GetPort()) } } @@ -267,7 +267,7 @@ func (b *Builder) addInboundListener(name string, workload *pbcatalog.Workload) // Add TLS inspection capability to be able to parse ALPN and/or SNI information from inbound connections. listener.Capabilities = append(listener.Capabilities, pbproxystate.Capability_CAPABILITY_L4_TLS_INSPECTION) - if b.proxyCfg != nil && b.proxyCfg.DynamicConfig != nil && b.proxyCfg.DynamicConfig.InboundConnections != nil { + if b.proxyCfg.GetDynamicConfig() != nil && b.proxyCfg.GetDynamicConfig().InboundConnections != nil { listener.BalanceConnections = pbproxystate.BalanceConnections(b.proxyCfg.DynamicConfig.InboundConnections.BalanceInboundConnections) } return b.NewListenerBuilder(listener) @@ -301,9 +301,9 @@ func (l *ListenerBuilder) addInboundRouter(clusterName string, routeName string, if ic != nil { // MaxInboundConnections is uint32 that is used on: - // - router destinations MaxInboundConnection (uint64) - // - cluster circuit breakers UpstreamLimits.MaxConnections (uint32) - // It is cast to a uint64 here similarly as it is to the proxystateconverter code + // - router destinations MaxInboundConnection (uint64). + // - cluster circuit breakers UpstreamLimits.MaxConnections (uint32). + // It is cast to a uint64 here similarly as it is to the proxystateconverter code. r.GetL4().MaxInboundConnections = uint64(ic.MaxInboundConnections) } @@ -326,6 +326,13 @@ func (l *ListenerBuilder) addInboundRouter(clusterName string, routeName string, AlpnProtocols: []string{getAlpnProtocolFromPortName(portName)}, }, } + + if ic != nil { + // MaxInboundConnections is cast to a uint64 here similarly as it is to the + // as the L4 case statement above and in proxystateconverter code. + r.GetL7().MaxInboundConnections = uint64(ic.MaxInboundConnections) + } + l.listener.Routers = append(l.listener.Routers, r) } return l @@ -391,7 +398,7 @@ func isL7(protocol pbcatalog.Protocol) bool { return false } -func (b *Builder) addLocalAppCluster(clusterName, portName string) *Builder { +func (b *Builder) addLocalAppCluster(clusterName string, portName *string) *Builder { // Make cluster for this router destination. cluster := &pbproxystate.Cluster{ Group: &pbproxystate.Cluster_EndpointGroup{ @@ -404,8 +411,8 @@ func (b *Builder) addLocalAppCluster(clusterName, portName string) *Builder { } // configure inbound connections or connection timeout if either is defined - if b.proxyCfg.GetDynamicConfig() != nil { - lc, lcOK := b.proxyCfg.DynamicConfig.LocalConnection[portName] + if b.proxyCfg.GetDynamicConfig() != nil && portName != nil { + lc, lcOK := b.proxyCfg.DynamicConfig.LocalConnection[*portName] if lcOK || b.proxyCfg.DynamicConfig.InboundConnections != nil { cluster.GetEndpointGroup().GetStatic().Config = &pbproxystate.StaticEndpointGroupConfig{} @@ -429,7 +436,7 @@ func (b *Builder) addLocalAppCluster(clusterName, portName string) *Builder { } func (b *Builder) addBlackHoleCluster() *Builder { - return b.addLocalAppCluster(xdscommon.BlackHoleClusterName, "") + return b.addLocalAppCluster(xdscommon.BlackHoleClusterName, nil) } func (b *Builder) addLocalAppStaticEndpoints(clusterName string, port uint32) { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/local_app_test.go b/internal/mesh/internal/controllers/sidecarproxy/builder/local_app_test.go index 6a1fb93835dc..33dcab715522 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/local_app_test.go +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/local_app_test.go @@ -142,6 +142,9 @@ func TestBuildLocalApp_WithProxyConfiguration(t *testing.T) { }, }, }, + // source/local-and-inbound-connections shows that configuring LocalCOnnection + // and InboundConnections in DynamicConfig will set fields on standard clusters and routes, + // but will not set fields on exposed path clusters and routes. "source/local-and-inbound-connections": { workload: &pbcatalog.Workload{ Addresses: []*pbcatalog.WorkloadAddress{ @@ -152,7 +155,7 @@ func TestBuildLocalApp_WithProxyConfiguration(t *testing.T) { Ports: map[string]*pbcatalog.WorkloadPort{ "port1": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, "port2": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - "port3": {Port: 8081, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + "port3": {Port: 8081, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, }, }, proxyCfg: &pbmesh.ComputedProxyConfiguration{ @@ -169,6 +172,22 @@ func TestBuildLocalApp_WithProxyConfiguration(t *testing.T) { MaxInboundConnections: 123, BalanceInboundConnections: pbmesh.BalanceConnections(pbproxystate.BalanceConnections_BALANCE_CONNECTIONS_EXACT), }, + ExposeConfig: &pbmesh.ExposeConfig{ + ExposePaths: []*pbmesh.ExposePath{ + { + ListenerPort: 1234, + Path: "/health", + LocalPathPort: 9090, + Protocol: pbmesh.ExposePathProtocol_EXPOSE_PATH_PROTOCOL_HTTP, + }, + { + ListenerPort: 1235, + Path: "GetHealth", + LocalPathPort: 9091, + Protocol: pbmesh.ExposePathProtocol_EXPOSE_PATH_PROTOCOL_HTTP2, + }, + }, + }, }, }, }, diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections.golden index 757a2caa8f40..bd9820f7c6b2 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections.golden @@ -1,6 +1,18 @@ { "proxyState": { "clusters": { + "exposed_cluster_9090": { + "endpointGroup": { + "static": {} + }, + "name": "exposed_cluster_9090" + }, + "exposed_cluster_9091": { + "endpointGroup": { + "static": {} + }, + "name": "exposed_cluster_9091" + }, "local_app:port1": { "endpointGroup": { "static": { @@ -33,6 +45,26 @@ } }, "endpoints": { + "exposed_cluster_9090": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 9090 + } + } + ] + }, + "exposed_cluster_9091": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 9091 + } + } + ] + }, "local_app:port1": { "endpoints": [ { @@ -116,12 +148,13 @@ } } }, - "l4": { - "cluster": { - "name": "local_app:port3" + "l7": { + "route": { + "name": "public_listener:port3" }, "maxInboundConnections": 123, "statPrefix": "public_listener", + "staticRoute": true, "trafficPermissions": {} }, "match": { @@ -131,8 +164,121 @@ } } ] + }, + { + "direction": "DIRECTION_INBOUND", + "hostPort": { + "host": "10.0.0.1", + "port": 9090 + }, + "name": "exposed_path_health", + "routers": [ + { + "l7": { + "route": { + "name": "exposed_path_filter_health_1234" + }, + "statPrefix": "exposed_path_filter_health_1234", + "staticRoute": true + } + } + ] + }, + { + "direction": "DIRECTION_INBOUND", + "hostPort": { + "host": "10.0.0.1", + "port": 9091 + }, + "name": "exposed_path_GetHealth", + "routers": [ + { + "l7": { + "protocol": "L7_PROTOCOL_HTTP2", + "route": { + "name": "exposed_path_filter_GetHealth_1235" + }, + "statPrefix": "exposed_path_filter_GetHealth_1235", + "staticRoute": true + } + } + ] } - ] + ], + "routes": { + "exposed_path_filter_GetHealth_1235": { + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "exposed_path_filter_GetHealth_1235", + "routeRules": [ + { + "destination": { + "cluster": { + "name": "exposed_cluster_9091" + } + }, + "match": { + "pathMatch": { + "exact": "GetHealth" + } + } + } + ] + } + ] + }, + "exposed_path_filter_health_1234": { + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "exposed_path_filter_health_1234", + "routeRules": [ + { + "destination": { + "cluster": { + "name": "exposed_cluster_9090" + } + }, + "match": { + "pathMatch": { + "exact": "/health" + } + } + } + ] + } + ] + }, + "public_listener:port3": { + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "public_listener:port3", + "routeRules": [ + { + "destination": { + "cluster": { + "name": "local_app:port3" + } + }, + "match": { + "pathMatch": { + "prefix": "/" + } + } + } + ] + } + ] + } + } }, "requiredLeafCertificates": { "test-identity": { diff --git a/proto-public/pbmesh/v2beta1/connection.pb.go b/proto-public/pbmesh/v2beta1/connection.pb.go index 909071da81c7..591df222fc93 100644 --- a/proto-public/pbmesh/v2beta1/connection.pb.go +++ b/proto-public/pbmesh/v2beta1/connection.pb.go @@ -137,8 +137,8 @@ type InboundConnectionsConfig struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - MaxInboundConnections uint32 `protobuf:"varint,12,opt,name=max_inbound_connections,json=maxInboundConnections,proto3" json:"max_inbound_connections,omitempty"` - BalanceInboundConnections BalanceConnections `protobuf:"varint,13,opt,name=balance_inbound_connections,json=balanceInboundConnections,proto3,enum=hashicorp.consul.mesh.v2beta1.BalanceConnections" json:"balance_inbound_connections,omitempty"` + MaxInboundConnections uint32 `protobuf:"varint,1,opt,name=max_inbound_connections,json=maxInboundConnections,proto3" json:"max_inbound_connections,omitempty"` + BalanceInboundConnections BalanceConnections `protobuf:"varint,2,opt,name=balance_inbound_connections,json=balanceInboundConnections,proto3,enum=hashicorp.consul.mesh.v2beta1.BalanceConnections" json:"balance_inbound_connections,omitempty"` } func (x *InboundConnectionsConfig) Reset() { @@ -209,11 +209,11 @@ var file_pbmesh_v2beta1_connection_proto_rawDesc = []byte{ 0x0a, 0x18, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x36, 0x0a, 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x15, 0x6d, 0x61, 0x78, + 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x15, 0x6d, 0x61, 0x78, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x71, 0x0a, 0x1b, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x73, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x19, 0x62, 0x61, 0x6c, 0x61, diff --git a/proto-public/pbmesh/v2beta1/connection.proto b/proto-public/pbmesh/v2beta1/connection.proto index 3106dbe733ae..65cb21e586dd 100644 --- a/proto-public/pbmesh/v2beta1/connection.proto +++ b/proto-public/pbmesh/v2beta1/connection.proto @@ -17,8 +17,8 @@ message ConnectionConfig { // Referenced by ProxyConfiguration message InboundConnectionsConfig { - uint32 max_inbound_connections = 12; - BalanceConnections balance_inbound_connections = 13; + uint32 max_inbound_connections = 1; + BalanceConnections balance_inbound_connections = 2; } // +kubebuilder:validation:Enum=BALANCE_CONNECTIONS_DEFAULT;BALANCE_CONNECTIONS_EXACT From 8b967a3fac87baa6cf0f6fb1fbeb3d3cae0a5db9 Mon Sep 17 00:00:00 2001 From: John Murret Date: Fri, 13 Oct 2023 20:25:00 +0000 Subject: [PATCH 09/10] backport of commit c9c1b86789587dfbdf71bdba02e73023914c0f84 --- .../{nightly-test-1.17.x.yaml => nightly-test-1.13.x.yaml} | 6 +++--- version/VERSION | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) rename .github/workflows/{nightly-test-1.17.x.yaml => nightly-test-1.13.x.yaml} (98%) diff --git a/.github/workflows/nightly-test-1.17.x.yaml b/.github/workflows/nightly-test-1.13.x.yaml similarity index 98% rename from .github/workflows/nightly-test-1.17.x.yaml rename to .github/workflows/nightly-test-1.13.x.yaml index df6f8d946f83..f314a475dfbd 100644 --- a/.github/workflows/nightly-test-1.17.x.yaml +++ b/.github/workflows/nightly-test-1.13.x.yaml @@ -1,7 +1,7 @@ # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: MPL-2.0 -name: Nightly Frontend Test 1.17.x +name: Nightly Frontend Test 1.13.x on: schedule: - cron: '0 4 * * *' @@ -9,8 +9,8 @@ on: env: EMBER_PARTITION_TOTAL: 4 # Has to be changed in tandem with the matrix.partition - BRANCH: "release/1.17.x" - BRANCH_NAME: "release-1.17.x" # Used for naming artifacts + BRANCH: "release/1.13.x" + BRANCH_NAME: "release-1.13.x" # Used for naming artifacts GOPRIVATE: github.com/hashicorp # Required for enterprise deps jobs: diff --git a/version/VERSION b/version/VERSION index ee017091ff37..ee8855caa4a7 100644 --- a/version/VERSION +++ b/version/VERSION @@ -1 +1 @@ -1.18.0-dev +1.17.0-dev From 46c7e06b293176b8616a6111bad40de6df130f13 Mon Sep 17 00:00:00 2001 From: John Murret Date: Fri, 13 Oct 2023 22:20:15 +0000 Subject: [PATCH 10/10] backport of commit 44c6c8c896eee5e31b667c27ce6d6e27490576f6 --- .../sidecarproxy/builder/local_app.go | 16 ++++++++++++++-- .../source/local-and-inbound-connections.golden | 5 +++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/local_app.go b/internal/mesh/internal/controllers/sidecarproxy/builder/local_app.go index 6bde969346d1..54ea6db57816 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/local_app.go +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/local_app.go @@ -38,7 +38,7 @@ func (b *Builder) BuildLocalApp(workload *pbcatalog.Workload, ctp *pbauth.Comput addInboundTLS() if isL7(port.Protocol) { - b.addLocalAppRoute(routeName, clusterName) + b.addLocalAppRoute(routeName, clusterName, portName) } b.addLocalAppCluster(clusterName, &portName). addLocalAppStaticEndpoints(clusterName, port.GetPort()) @@ -364,7 +364,7 @@ func getAlpnProtocolFromPortName(portName string) string { return fmt.Sprintf("consul~%s", portName) } -func (b *Builder) addLocalAppRoute(routeName string, clusterName string) { +func (b *Builder) addLocalAppRoute(routeName, clusterName, portName string) { proxyRouteRule := &pbproxystate.RouteRule{ Match: &pbproxystate.RouteMatch{ PathMatch: &pbproxystate.PathMatch{ @@ -381,6 +381,18 @@ func (b *Builder) addLocalAppRoute(routeName string, clusterName string) { }, }, } + if b.proxyCfg.GetDynamicConfig() != nil && b.proxyCfg.GetDynamicConfig().LocalConnection != nil { + lc, lcOK := b.proxyCfg.GetDynamicConfig().LocalConnection[portName] + if lcOK { + proxyRouteRule.Destination.DestinationConfiguration = + &pbproxystate.DestinationConfiguration{ + TimeoutConfig: &pbproxystate.TimeoutConfig{ + Timeout: lc.RequestTimeout, + }, + } + } + } + // Each route name for the local app is listenerName:port since there is a route per port on the local app listener. b.addRoute(routeName, &pbproxystate.Route{ VirtualHosts: []*pbproxystate.VirtualHost{{ diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections.golden index bd9820f7c6b2..169a4969aefd 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections.golden @@ -266,6 +266,11 @@ "destination": { "cluster": { "name": "local_app:port3" + }, + "destinationConfiguration": { + "timeoutConfig": { + "timeout": "9s" + } } }, "match": {