kumahq · michaelbeaumont · Nov 8, 2022 · Nov 1, 2022 · Nov 7, 2022
@@ -23,6 +23,7 @@ import (
 	"github.com/kumahq/kuma/pkg/plugins/runtime/gateway/route"
 	xds_context "github.com/kumahq/kuma/pkg/xds/context"
 	"github.com/kumahq/kuma/pkg/xds/envoy"
+	"github.com/kumahq/kuma/pkg/xds/envoy/tags"
 	"github.com/kumahq/kuma/pkg/xds/server/callbacks"
 	"github.com/kumahq/kuma/pkg/xds/sync"
 )
@@ -438,9 +439,9 @@ func newGatewayDataplaneInspectResponse(
 }
 
 func routeToPolicyInspect(
-	policyMap map[inspect.PolicyKey][]envoy.Tags,
+	policyMap map[inspect.PolicyKey][]tags.Tags,
 	des route.Destination,
-) map[inspect.PolicyKey][]envoy.Tags {
+) map[inspect.PolicyKey][]tags.Tags {
 	for kind, p := range des.Policies {
 		policyKey := inspect.PolicyKey{
 			Type: kind,
@@ -473,7 +474,7 @@ func gatewayEntriesByPolicy(
 		for _, info := range info.HostInfos {
 			routeMap := map[inspect.PolicyKey][]api_server_types.PolicyInspectGatewayRouteEntry{}
 			for _, entry := range info.Entries {
-				entryMap := map[inspect.PolicyKey][]envoy.Tags{}
+				entryMap := map[inspect.PolicyKey][]tags.Tags{}
 				if entry.Mirror != nil {
 					entryMap = routeToPolicyInspect(entryMap, entry.Mirror.Forward)
 				}

@@ -3,14 +3,14 @@ package types
 import (
 	core_model "github.com/kumahq/kuma/pkg/core/resources/model"
 	"github.com/kumahq/kuma/pkg/core/resources/model/rest/unversioned"
-	"github.com/kumahq/kuma/pkg/xds/envoy"
+	"github.com/kumahq/kuma/pkg/xds/envoy/tags"
 )
 
 type PolicyMap map[core_model.ResourceType]*unversioned.Resource
 
 type Destination struct {
-	Tags     envoy.Tags `json:"tags"`
-	Policies PolicyMap  `json:"policies"`
+	Tags     tags.Tags `json:"tags"`
+	Policies PolicyMap `json:"policies"`
 }
 
 type RouteInspectEntry struct {
@@ -45,8 +45,8 @@ func NewGatewayDataplaneInspectResult() GatewayDataplaneInspectResult {
 }
 
 type PolicyInspectGatewayRouteEntry struct {
-	Route        string       `json:"route"`
-	Destinations []envoy.Tags `json:"destinations"`
+	Route        string      `json:"route"`
+	Destinations []tags.Tags `json:"destinations"`
 }
 
 type PolicyInspectGatewayHostEntry struct {

@@ -1,22 +1,19 @@
 package xds
 
 import (
-	"context"
 	"fmt"
 	"strings"
 
 	"github.com/pkg/errors"
-	"google.golang.org/protobuf/proto"
 
 	mesh_proto "github.com/kumahq/kuma/api/mesh/v1alpha1"
 	core_mesh "github.com/kumahq/kuma/pkg/core/resources/apis/mesh"
 	core_model "github.com/kumahq/kuma/pkg/core/resources/model"
 	util_tls "github.com/kumahq/kuma/pkg/tls"
-	envoy_common "github.com/kumahq/kuma/pkg/xds/envoy"
-	"github.com/kumahq/kuma/pkg/xds/envoy/names"
-	xds_tls "github.com/kumahq/kuma/pkg/xds/envoy/tls"
 )
 
+type APIVersion string
+
 // StreamID represents a stream opened by XDS
 type StreamID = int64
 
@@ -121,10 +118,6 @@ type ExternalServiceFaultInjectionMap map[ServiceName][]*core_mesh.FaultInjectio
 
 type ExternalServiceRateLimitMap map[ServiceName][]*core_mesh.RateLimitResource
 
-type CLACache interface {
-	GetCLA(ctx context.Context, meshName, meshHash string, cluster envoy_common.Cluster, apiVersion envoy_common.APIVersion, endpointMap EndpointMap) (proto.Message, error)
-}
-
 // SocketAddressProtocol is the L4 protocol the listener should bind to
 type SocketAddressProtocol int32
 
@@ -137,7 +130,7 @@ const (
 // The data that is specific for the whole mesh should go into MeshContext.
 type Proxy struct {
 	Id                  ProxyId
-	APIVersion          envoy_common.APIVersion // todo(jakubdyszkiewicz) consider moving APIVersion here. pkg/core should not depend on pkg/xds. It should be other way around.
+	APIVersion          APIVersion
 	Dataplane           *core_mesh.DataplaneResource
 	ZoneIngress         *core_mesh.ZoneIngressResource
 	Metadata            *DataplaneMetadata
@@ -160,14 +153,6 @@ type ServerSideMTLSCerts struct {
 	ServerPair util_tls.KeyPair
 }
 
-type identityCertRequest struct {
-	meshName string
-}
-
-func (r identityCertRequest) Name() string {
-	return names.GetSecretName(xds_tls.IdentityCertResource, "secret", r.meshName)
-}
-
 type IdentityCertRequest interface {
 	Name() string
 }
@@ -177,30 +162,6 @@ type CaRequest interface {
 	Name() string
 }
 
-type caRequest struct {
-	meshName string
-}
-
-type allInOneCaRequest struct {
-	meshNames []string
-}
-
-func (r caRequest) Name() string {
-	return names.GetSecretName(xds_tls.MeshCaResource, "secret", r.meshName)
-}
-
-func (r caRequest) MeshName() []string {
-	return []string{r.meshName}
-}
-
-func (r allInOneCaRequest) Name() string {
-	return names.GetSecretName(xds_tls.MeshCaResource, "secret", "all")
-}
-
-func (r allInOneCaRequest) MeshName() []string {
-	return r.meshNames
-}
-
 // SecretsTracker provides a way to ask for a secret and keeps track of which are
 // used, so that they can later be generated and included in the resources.
 type SecretsTracker interface {
@@ -213,54 +174,6 @@ type SecretsTracker interface {
 	UsedAllInOne() bool
 }
 
-type secretsTracker struct {
-	ownMesh   string
-	allMeshes []string
-
-	identity bool
-	meshes   map[string]struct{}
-	allInOne bool
-}
-
-func NewSecretsTracker(ownMesh string, allMeshes []string) SecretsTracker {
-	return &secretsTracker{
-		ownMesh:   ownMesh,
-		allMeshes: allMeshes,
-
-		meshes: map[string]struct{}{},
-	}
-}
-
-func (st *secretsTracker) RequestIdentityCert() IdentityCertRequest {
-	st.identity = true
-	return &identityCertRequest{
-		meshName: st.ownMesh,
-	}
-}
-
-func (st *secretsTracker) RequestCa(mesh string) CaRequest {
-	st.meshes[mesh] = struct{}{}
-	return &caRequest{
-		meshName: mesh,
-	}
-}
-
-func (st *secretsTracker) RequestAllInOneCa() CaRequest {
-	st.allInOne = true
-	return &allInOneCaRequest{
-		meshNames: st.allMeshes,
-	}
-}
-func (st *secretsTracker) UsedIdentity() bool {
-	return st.identity
-}
-func (st *secretsTracker) UsedCas() map[string]struct{} {
-	return st.meshes
-}
-func (st *secretsTracker) UsedAllInOne() bool {
-	return st.allInOne
-}
-
 type MeshResources struct {
 	Mesh                           *core_mesh.MeshResource
 	TrafficRoutes                  []*core_mesh.TrafficRouteResource

@@ -15,6 +15,7 @@ import (
 	xds_context "github.com/kumahq/kuma/pkg/xds/context"
 	"github.com/kumahq/kuma/pkg/xds/envoy"
 	"github.com/kumahq/kuma/pkg/xds/envoy/clusters"
+	"github.com/kumahq/kuma/pkg/xds/envoy/tags"
 	"github.com/kumahq/kuma/pkg/xds/topology"
 )
 
@@ -128,7 +129,7 @@ func (c *ClusterGenerator) generateMeshCluster(
 	builder := newClusterBuilder(info.Proxy.APIVersion, protocol, dest).Configure(
 		clusters.EdsCluster(dest.Destination[mesh_proto.ServiceTag]),
 		clusters.LB(nil /* TODO(jpeach) uses default Round Robin*/),
-		clusters.ClientSideMTLS(info.Proxy.SecretsTracker, mesh, upstreamServiceName, true, []envoy.Tags{dest.Destination}),
+		clusters.ClientSideMTLS(info.Proxy.SecretsTracker, mesh, upstreamServiceName, true, []tags.Tags{dest.Destination}),
 		clusters.ConnectionBufferLimit(DefaultConnectionBuffer),
 	)
 
@@ -174,7 +175,7 @@ func (c *ClusterGenerator) generateExternalCluster(
 }
 
 func newClusterBuilder(
-	version envoy.APIVersion,
+	version core_xds.APIVersion,
 	protocol core_mesh.Protocol,
 	dest *route.Destination,
 ) *clusters.ClusterBuilder {

@@ -7,7 +7,7 @@ import (
 	"github.com/kumahq/kuma/pkg/core/resources/model"
 	"github.com/kumahq/kuma/pkg/plugins/runtime/gateway/match"
 	"github.com/kumahq/kuma/pkg/plugins/runtime/gateway/route"
-	"github.com/kumahq/kuma/pkg/xds/envoy"
+	"github.com/kumahq/kuma/pkg/xds/envoy/tags"
 )
 
 func PopulatePolicies(host GatewayHost, routes []route.Entry) []route.Entry {
@@ -27,7 +27,7 @@ func PopulatePolicies(host GatewayHost, routes []route.Entry) []route.Entry {
 	return routesWithPolicies
 }
 
-func mapPoliciesForDestination(destination envoy.Tags, host GatewayHost) map[model.ResourceType]model.Resource {
+func mapPoliciesForDestination(destination tags.Tags, host GatewayHost) map[model.ResourceType]model.Resource {
 	policies := map[model.ResourceType]model.Resource{}
 
 	for _, policyType := range ConnectionPolicyTypes {
@@ -39,7 +39,7 @@ func mapPoliciesForDestination(destination envoy.Tags, host GatewayHost) map[mod
 	return policies
 }
 
-func matchConnectionPolicy(candidates []match.RankedPolicy, destination envoy.Tags) model.Resource {
+func matchConnectionPolicy(candidates []match.RankedPolicy, destination tags.Tags) model.Resource {
 	var matches []match.RankedPolicy
 
 	for _, c := range candidates {

@@ -3,7 +3,7 @@ package route
 import (
 	core_mesh "github.com/kumahq/kuma/pkg/core/resources/apis/mesh"
 	"github.com/kumahq/kuma/pkg/core/resources/model"
-	"github.com/kumahq/kuma/pkg/xds/envoy"
+	"github.com/kumahq/kuma/pkg/xds/envoy/tags"
 )
 
 // Table stores a collection of routing Entries, aka. a routing table.
@@ -92,7 +92,7 @@ type Redirection struct {
 
 // Destination is a forwarding target (aka Cluster).
 type Destination struct {
-	Destination   envoy.Tags
+	Destination   tags.Tags
 	Weight        uint32
 	RouteProtocol core_mesh.Protocol
 

@@ -36,7 +36,7 @@ func NewCache(
 	}, nil
 }
 
-func (c *Cache) GetCLA(ctx context.Context, meshName, meshHash string, cluster envoy_common.Cluster, apiVersion envoy_common.APIVersion, endpointMap xds.EndpointMap) (proto.Message, error) {
+func (c *Cache) GetCLA(ctx context.Context, meshName, meshHash string, cluster envoy_common.Cluster, apiVersion xds.APIVersion, endpointMap xds.EndpointMap) (proto.Message, error) {
 	key := sha256.Hash(fmt.Sprintf("%s:%s:%s:%s", apiVersion, meshName, cluster.Hash(), meshHash))
 
 	elt, err := c.cache.GetOrRetrieve(ctx, key, once.RetrieverFunc(func(ctx context.Context, key string) (interface{}, error) {

@@ -13,6 +13,7 @@ import (
 	"github.com/kumahq/kuma/pkg/xds/cache/cla"
 	envoy_common "github.com/kumahq/kuma/pkg/xds/envoy"
 	envoy_endpoints "github.com/kumahq/kuma/pkg/xds/envoy/endpoints/v3"
+	"github.com/kumahq/kuma/pkg/xds/envoy/tags"
 )
 
 var _ = Describe("ClusterLoadAssignment Cache", func() {
@@ -109,7 +110,7 @@ var _ = Describe("ClusterLoadAssignment Cache", func() {
 		// when
 		clusterV1 := envoy_common.NewCluster(
 			envoy_common.WithService("backend"),
-			envoy_common.WithTags(envoy_common.Tags{}.WithTags("version", "v1")),
+			envoy_common.WithTags(tags.Tags{}.WithTags("version", "v1")),
 		)
 		claV1, err := claCache.GetCLA(context.Background(), "mesh-0", "", clusterV1, envoy_common.APIV3, endpointMap)
 
@@ -121,7 +122,7 @@ var _ = Describe("ClusterLoadAssignment Cache", func() {
 		// when
 		clusterV2 := envoy_common.NewCluster(
 			envoy_common.WithService("backend"),
-			envoy_common.WithTags(envoy_common.Tags{}.WithTags("version", "v2")),
+			envoy_common.WithTags(tags.Tags{}.WithTags("version", "v2")),
 		)
 		claV2, err := claCache.GetCLA(context.Background(), "mesh-0", "", clusterV2, envoy_common.APIV3, endpointMap)
 

@@ -6,6 +6,7 @@ import (
 	"github.com/kumahq/kuma/pkg/core/datasource"
 	core_mesh "github.com/kumahq/kuma/pkg/core/resources/apis/mesh"
 	"github.com/kumahq/kuma/pkg/core/xds"
+	"github.com/kumahq/kuma/pkg/xds/envoy"
 	"github.com/kumahq/kuma/pkg/xds/secrets"
 )
 
@@ -22,7 +23,7 @@ type ConnectionInfo struct {
 // ControlPlaneContext contains shared global data and components that are required for generating XDS
 // This data is the same regardless of a data plane proxy and mesh we are generating the data for.
 type ControlPlaneContext struct {
-	CLACache xds.CLACache
+	CLACache envoy.CLACache
 	Secrets  secrets.Secrets
 	Zone     string
 }

@@ -1,7 +1,9 @@
 package envoy
 
-type APIVersion string
+import (
+	core_xds "github.com/kumahq/kuma/pkg/core/xds"
+)
 
 const (
-	APIV3 APIVersion = "v3"
+	APIV3 core_xds.APIVersion = "v3"
 )
@@ -5,6 +5,7 @@ import (
 
 	envoy_api "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
 
+	core_xds "github.com/kumahq/kuma/pkg/core/xds"
 	"github.com/kumahq/kuma/pkg/xds/envoy"
 	v3 "github.com/kumahq/kuma/pkg/xds/envoy/clusters/v3"
 )
@@ -17,7 +18,7 @@ type ClusterBuilderOpt interface {
 	ApplyTo(config *ClusterBuilderConfig)
 }
 
-func NewClusterBuilder(apiVersion envoy.APIVersion) *ClusterBuilder {
+func NewClusterBuilder(apiVersion core_xds.APIVersion) *ClusterBuilder {
 	return &ClusterBuilder{
 		apiVersion: apiVersion,
 	}
@@ -26,7 +27,7 @@ func NewClusterBuilder(apiVersion envoy.APIVersion) *ClusterBuilder {
 // ClusterBuilder is responsible for generating an Envoy cluster
 // by applying a series of ClusterConfigurers.
 type ClusterBuilder struct {
-	apiVersion envoy.APIVersion
+	apiVersion core_xds.APIVersion
 	config     ClusterBuilderConfig
 }