luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/proto/pbconfigentry/config_entry.proto

854 lines
22 KiB
Protocol Buffer
Raw Normal View History

proxycfg: server-local config entry data sources This is the OSS portion of enterprise PR 2056. This commit provides server-local implementations of the proxycfg.ConfigEntry and proxycfg.ConfigEntryList interfaces, that source data from streaming events. It makes use of the LocalMaterializer type introduced for peering replication, adding the necessary support for authorization. It also adds support for "wildcard" subscriptions (within a topic) to the event publisher, as this is needed to fetch service-resolvers for all services when configuring mesh gateways. Currently, events will be emitted for just the ingress-gateway, service-resolver, and mesh config entry types, as these are the only entries required by proxycfg — the events will be emitted on topics named IngressGateway, ServiceResolver, and MeshConfig topics respectively. Though these events will only be consumed "locally" for now, they can also be consumed via the gRPC endpoint (confirmed using grpcurl) so using them from client agents should be a case of swapping the LocalMaterializer for an RPCMaterializer.
2022-07-01 15:09:47 +00:00
syntax = "proto3";
proto: add package prefixes for all proto files where it is safe (#13735) We cannot do this for "subscribe" and "partition" this easily without breakage so those are omitted. Any protobuf message passed around via an Any construct will have the fully qualified package name embedded in the protobuf as a string. Also RPC method dispatch will include the package of the service during serialization. - We will be passing pbservice and pbpeering through an Any as part of peer stream replication. - We will be exposing two new gRPC services via pbpeering and pbpeerstream.
2022-07-13 16:03:27 +00:00
package hashicorp.consul.internal.configentry;
proto: ensure buf formatter has been applied to protobufs (#13709)
2022-07-11 18:44:51 +00:00
proxycfg: server-local config entry data sources This is the OSS portion of enterprise PR 2056. This commit provides server-local implementations of the proxycfg.ConfigEntry and proxycfg.ConfigEntryList interfaces, that source data from streaming events. It makes use of the LocalMaterializer type introduced for peering replication, adding the necessary support for authorization. It also adds support for "wildcard" subscriptions (within a topic) to the event publisher, as this is needed to fetch service-resolvers for all services when configuring mesh gateways. Currently, events will be emitted for just the ingress-gateway, service-resolver, and mesh config entry types, as these are the only entries required by proxycfg — the events will be emitted on topics named IngressGateway, ServiceResolver, and MeshConfig topics respectively. Though these events will only be consumed "locally" for now, they can also be consumed via the gRPC endpoint (confirmed using grpcurl) so using them from client agents should be a case of swapping the LocalMaterializer for an RPCMaterializer.
2022-07-01 15:09:47 +00:00
import "google/protobuf/duration.proto";
proxycfg: server-local intentions data source This is the OSS portion of enterprise PR 2141. This commit provides a server-local implementation of the `proxycfg.Intentions` interface that sources data from streaming events. It adds events for the `service-intentions` config entry type, and then consumes event streams (via materialized views) for the service's explicit intentions and any applicable wildcard intentions, merging them into a single list of intentions. An alternative approach I considered was to consume _all_ intention events (via `SubjectWildcard`) and filter out the irrelevant ones. This would admittedly remove some complexity in the `agent/proxycfg-glue` package but at the expense of considerable overhead from waking potentially many thousands of connect proxies every time any intention is updated.
2022-07-01 15:15:49 +00:00
import "google/protobuf/timestamp.proto";
proto: ensure buf formatter has been applied to protobufs (#13709)
2022-07-11 18:44:51 +00:00
import "proto/pbcommon/common.proto";
proxycfg: server-local config entry data sources This is the OSS portion of enterprise PR 2056. This commit provides server-local implementations of the proxycfg.ConfigEntry and proxycfg.ConfigEntryList interfaces, that source data from streaming events. It makes use of the LocalMaterializer type introduced for peering replication, adding the necessary support for authorization. It also adds support for "wildcard" subscriptions (within a topic) to the event publisher, as this is needed to fetch service-resolvers for all services when configuring mesh gateways. Currently, events will be emitted for just the ingress-gateway, service-resolver, and mesh config entry types, as these are the only entries required by proxycfg — the events will be emitted on topics named IngressGateway, ServiceResolver, and MeshConfig topics respectively. Though these events will only be consumed "locally" for now, they can also be consumed via the gRPC endpoint (confirmed using grpcurl) so using them from client agents should be a case of swapping the LocalMaterializer for an RPCMaterializer.
2022-07-01 15:09:47 +00:00
enum Kind {
KindUnknown = 0;
KindMeshConfig = 1;
KindServiceResolver = 2;
KindIngressGateway = 3;
proxycfg: server-local intentions data source This is the OSS portion of enterprise PR 2141. This commit provides a server-local implementation of the `proxycfg.Intentions` interface that sources data from streaming events. It adds events for the `service-intentions` config entry type, and then consumes event streams (via materialized views) for the service's explicit intentions and any applicable wildcard intentions, merging them into a single list of intentions. An alternative approach I considered was to consume _all_ intention events (via `SubjectWildcard`) and filter out the irrelevant ones. This would admittedly remove some complexity in the `agent/proxycfg-glue` package but at the expense of considerable overhead from waking potentially many thousands of connect proxies every time any intention is updated.
2022-07-01 15:15:49 +00:00
KindServiceIntentions = 4;
proxycfg: watch service-defaults config entries (#15025) To support Destinations on the service-defaults (for tproxy with terminating gateway), we need to now also make servers watch service-defaults config entries.
2022-10-24 18:50:28 +00:00
KindServiceDefaults = 5;
Native API Gateway Config Entries (#15897) * Stub Config Entries for Consul Native API Gateway (#15644) * Add empty InlineCertificate struct and protobuf * apigateway stubs * Stub HTTPRoute in api pkg * Stub HTTPRoute in structs pkg * Simplify api.APIGatewayConfigEntry to be consistent w/ other entries * Update makeConfigEntry switch, add docstring for HTTPRouteConfigEntry * Add TCPRoute to MakeConfigEntry, return unique Kind * Stub BoundAPIGatewayConfigEntry in agent * Add RaftIndex to APIGatewayConfigEntry stub * Add new config entry kinds to validation allow-list * Add RaftIndex to other added config entry stubs * Update usage metrics assertions to include new cfg entries * Add Meta and acl.EnterpriseMeta to all new ConfigEntry types * Remove unnecessary Services field from added config entry types * Implement GetMeta(), GetEnterpriseMeta() for added config entry types * Add meta field to proto, name consistently w/ existing config entries * Format config_entry.proto * Add initial implementation of CanRead + CanWrite for new config entry types * Add unit tests for decoding of new config entry types * Add unit tests for parsing of new config entry types * Add unit tests for API Gateway config entry ACLs * Return typed PermissionDeniedError on BoundAPIGateway CanWrite * Add unit tests for added config entry ACLs * Add BoundAPIGateway type to AllConfigEntryKinds * Return proper kind from BoundAPIGateway * Add docstrings for new config entry types * Add missing config entry kinds to proto def * Update usagemetrics_oss_test.go * Use utility func for returning PermissionDeniedError * EventPublisher subscriptions for Consul Native API Gateway (#15757) * Create new event topics in subscribe proto * Add tests for PBSubscribe func * Make configs singular, add all configs to PBToStreamSubscribeRequest * Add snapshot methods * Add config_entry_events tests * Add config entry kind to topic for new configs * Add unit tests for snapshot methods * Start adding integration test * Test using the new controller code * Update agent/consul/state/config_entry_events.go * Check value of error * Add controller stubs for API Gateway (#15837) * update initial stub implementation * move files, clean up mutex references * Remove embed, use idiomatic names for constructors * Remove stray file introduced in merge * Add APIGateway validation (#15847) * Add APIGateway validation * Add additional validations * Add cert ref validation * Add protobuf definitions * Fix up field types * Add API structs * Move struct fields around a bit * APIGateway InlineCertificate validation (#15856) * Add APIGateway validation * Add additional validations * Add protobuf definitions * Tabs to spaces * Add API structs * Move struct fields around a bit * Add validation for InlineCertificate * Fix ACL test * APIGateway BoundAPIGateway validation (#15858) * Add APIGateway validation * Add additional validations * Add cert ref validation * Add protobuf definitions * Fix up field types * Add API structs * Move struct fields around a bit * Add validation for BoundAPIGateway * APIGateway TCPRoute validation (#15855) * Add APIGateway validation * Add additional validations * Add cert ref validation * Add protobuf definitions * Fix up field types * Add API structs * Add TCPRoute normalization and validation * Add forgotten Status * Add some more field docs in api package * Fix test * Format imports * Rename snapshot test variable names * Add plumbing for Native API GW Subscriptions (#16003) Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com>
2023-01-18 22:14:34 +00:00
KindInlineCertificate = 6;
KindAPIGateway = 7;
KindBoundAPIGateway = 8;
KindHTTPRoute = 9;
KindTCPRoute = 10;
proxycfg: server-local config entry data sources This is the OSS portion of enterprise PR 2056. This commit provides server-local implementations of the proxycfg.ConfigEntry and proxycfg.ConfigEntryList interfaces, that source data from streaming events. It makes use of the LocalMaterializer type introduced for peering replication, adding the necessary support for authorization. It also adds support for "wildcard" subscriptions (within a topic) to the event publisher, as this is needed to fetch service-resolvers for all services when configuring mesh gateways. Currently, events will be emitted for just the ingress-gateway, service-resolver, and mesh config entry types, as these are the only entries required by proxycfg — the events will be emitted on topics named IngressGateway, ServiceResolver, and MeshConfig topics respectively. Though these events will only be consumed "locally" for now, they can also be consumed via the gRPC endpoint (confirmed using grpcurl) so using them from client agents should be a case of swapping the LocalMaterializer for an RPCMaterializer.
2022-07-01 15:09:47 +00:00
}
message ConfigEntry {
Kind Kind = 1;
string Name = 2;
common.EnterpriseMeta EnterpriseMeta = 3;
common.RaftIndex RaftIndex = 4;
oneof Entry {
MeshConfig MeshConfig = 5;
ServiceResolver ServiceResolver = 6;
IngressGateway IngressGateway = 7;
proxycfg: server-local intentions data source This is the OSS portion of enterprise PR 2141. This commit provides a server-local implementation of the `proxycfg.Intentions` interface that sources data from streaming events. It adds events for the `service-intentions` config entry type, and then consumes event streams (via materialized views) for the service's explicit intentions and any applicable wildcard intentions, merging them into a single list of intentions. An alternative approach I considered was to consume _all_ intention events (via `SubjectWildcard`) and filter out the irrelevant ones. This would admittedly remove some complexity in the `agent/proxycfg-glue` package but at the expense of considerable overhead from waking potentially many thousands of connect proxies every time any intention is updated.
2022-07-01 15:15:49 +00:00
ServiceIntentions ServiceIntentions = 8;
proxycfg: watch service-defaults config entries (#15025) To support Destinations on the service-defaults (for tproxy with terminating gateway), we need to now also make servers watch service-defaults config entries.
2022-10-24 18:50:28 +00:00
ServiceDefaults ServiceDefaults = 9;
proxycfg: server-local config entry data sources This is the OSS portion of enterprise PR 2056. This commit provides server-local implementations of the proxycfg.ConfigEntry and proxycfg.ConfigEntryList interfaces, that source data from streaming events. It makes use of the LocalMaterializer type introduced for peering replication, adding the necessary support for authorization. It also adds support for "wildcard" subscriptions (within a topic) to the event publisher, as this is needed to fetch service-resolvers for all services when configuring mesh gateways. Currently, events will be emitted for just the ingress-gateway, service-resolver, and mesh config entry types, as these are the only entries required by proxycfg — the events will be emitted on topics named IngressGateway, ServiceResolver, and MeshConfig topics respectively. Though these events will only be consumed "locally" for now, they can also be consumed via the gRPC endpoint (confirmed using grpcurl) so using them from client agents should be a case of swapping the LocalMaterializer for an RPCMaterializer.
2022-07-01 15:09:47 +00:00
}
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.MeshConfigEntry
// output=config_entry.gen.go
// name=Structs
// ignore-fields=RaftIndex,EnterpriseMeta
message MeshConfig {
TransparentProxyMeshConfig TransparentProxy = 1;
MeshTLSConfig TLS = 2;
MeshHTTPConfig HTTP = 3;
map<string, string> Meta = 4;
feat: add PeerThroughMeshGateways to mesh config
2022-09-02 20:52:11 +00:00
PeeringMeshConfig Peering = 5;
proxycfg: server-local config entry data sources This is the OSS portion of enterprise PR 2056. This commit provides server-local implementations of the proxycfg.ConfigEntry and proxycfg.ConfigEntryList interfaces, that source data from streaming events. It makes use of the LocalMaterializer type introduced for peering replication, adding the necessary support for authorization. It also adds support for "wildcard" subscriptions (within a topic) to the event publisher, as this is needed to fetch service-resolvers for all services when configuring mesh gateways. Currently, events will be emitted for just the ingress-gateway, service-resolver, and mesh config entry types, as these are the only entries required by proxycfg — the events will be emitted on topics named IngressGateway, ServiceResolver, and MeshConfig topics respectively. Though these events will only be consumed "locally" for now, they can also be consumed via the gRPC endpoint (confirmed using grpcurl) so using them from client agents should be a case of swapping the LocalMaterializer for an RPCMaterializer.
2022-07-01 15:09:47 +00:00
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.TransparentProxyMeshConfig
// output=config_entry.gen.go
// name=Structs
message TransparentProxyMeshConfig {
bool MeshDestinationsOnly = 1;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.MeshTLSConfig
// output=config_entry.gen.go
// name=Structs
message MeshTLSConfig {
MeshDirectionalTLSConfig Incoming = 1;
MeshDirectionalTLSConfig Outgoing = 2;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.MeshDirectionalTLSConfig
// output=config_entry.gen.go
// name=Structs
message MeshDirectionalTLSConfig {
// mog: func-from=tlsVersionFromStructs func-to=tlsVersionToStructs
string TLSMinVersion = 1;
// mog: func-from=tlsVersionFromStructs func-to=tlsVersionToStructs
string TLSMaxVersion = 2;
// mog: func-from=cipherSuitesFromStructs func-to=cipherSuitesToStructs
repeated string CipherSuites = 3;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.MeshHTTPConfig
// output=config_entry.gen.go
// name=Structs
message MeshHTTPConfig {
bool SanitizeXForwardedClientCert = 1;
}
feat: add PeerThroughMeshGateways to mesh config
2022-09-02 20:52:11 +00:00
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.PeeringMeshConfig
// output=config_entry.gen.go
// name=Structs
message PeeringMeshConfig {
bool PeerThroughMeshGateways = 1;
}
proxycfg: server-local config entry data sources This is the OSS portion of enterprise PR 2056. This commit provides server-local implementations of the proxycfg.ConfigEntry and proxycfg.ConfigEntryList interfaces, that source data from streaming events. It makes use of the LocalMaterializer type introduced for peering replication, adding the necessary support for authorization. It also adds support for "wildcard" subscriptions (within a topic) to the event publisher, as this is needed to fetch service-resolvers for all services when configuring mesh gateways. Currently, events will be emitted for just the ingress-gateway, service-resolver, and mesh config entry types, as these are the only entries required by proxycfg — the events will be emitted on topics named IngressGateway, ServiceResolver, and MeshConfig topics respectively. Though these events will only be consumed "locally" for now, they can also be consumed via the gRPC endpoint (confirmed using grpcurl) so using them from client agents should be a case of swapping the LocalMaterializer for an RPCMaterializer.
2022-07-01 15:09:47 +00:00
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.ServiceResolverConfigEntry
// output=config_entry.gen.go
// name=Structs
// ignore-fields=Kind,Name,RaftIndex,EnterpriseMeta
message ServiceResolver {
string DefaultSubset = 1;
map<string, ServiceResolverSubset> Subsets = 2;
ServiceResolverRedirect Redirect = 3;
map<string, ServiceResolverFailover> Failover = 4;
// mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto
google.protobuf.Duration ConnectTimeout = 5;
LoadBalancer LoadBalancer = 6;
map<string, string> Meta = 7;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.ServiceResolverSubset
// output=config_entry.gen.go
// name=Structs
message ServiceResolverSubset {
string Filter = 1;
bool OnlyPassing = 2;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.ServiceResolverRedirect
// output=config_entry.gen.go
// name=Structs
message ServiceResolverRedirect {
string Service = 1;
string ServiceSubset = 2;
string Namespace = 3;
string Partition = 4;
string Datacenter = 5;
Update the structs and discovery chain for service resolver redirects to cluster peers. (#14366)
2022-08-29 13:51:32 +00:00
string Peer = 6;
proxycfg: server-local config entry data sources This is the OSS portion of enterprise PR 2056. This commit provides server-local implementations of the proxycfg.ConfigEntry and proxycfg.ConfigEntryList interfaces, that source data from streaming events. It makes use of the LocalMaterializer type introduced for peering replication, adding the necessary support for authorization. It also adds support for "wildcard" subscriptions (within a topic) to the event publisher, as this is needed to fetch service-resolvers for all services when configuring mesh gateways. Currently, events will be emitted for just the ingress-gateway, service-resolver, and mesh config entry types, as these are the only entries required by proxycfg — the events will be emitted on topics named IngressGateway, ServiceResolver, and MeshConfig topics respectively. Though these events will only be consumed "locally" for now, they can also be consumed via the gRPC endpoint (confirmed using grpcurl) so using them from client agents should be a case of swapping the LocalMaterializer for an RPCMaterializer.
2022-07-01 15:09:47 +00:00
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.ServiceResolverFailover
// output=config_entry.gen.go
// name=Structs
message ServiceResolverFailover {
string Service = 1;
string ServiceSubset = 2;
string Namespace = 3;
repeated string Datacenters = 4;
Add `Targets` field to service resolver failovers. (#14162) This field will be used for cluster peering failover.
2022-08-15 13:20:25 +00:00
repeated ServiceResolverFailoverTarget Targets = 5;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.ServiceResolverFailoverTarget
// output=config_entry.gen.go
// name=Structs
message ServiceResolverFailoverTarget {
string Service = 1;
string ServiceSubset = 2;
string Partition = 3;
string Namespace = 4;
string Datacenter = 5;
string Peer = 6;
proxycfg: server-local config entry data sources This is the OSS portion of enterprise PR 2056. This commit provides server-local implementations of the proxycfg.ConfigEntry and proxycfg.ConfigEntryList interfaces, that source data from streaming events. It makes use of the LocalMaterializer type introduced for peering replication, adding the necessary support for authorization. It also adds support for "wildcard" subscriptions (within a topic) to the event publisher, as this is needed to fetch service-resolvers for all services when configuring mesh gateways. Currently, events will be emitted for just the ingress-gateway, service-resolver, and mesh config entry types, as these are the only entries required by proxycfg — the events will be emitted on topics named IngressGateway, ServiceResolver, and MeshConfig topics respectively. Though these events will only be consumed "locally" for now, they can also be consumed via the gRPC endpoint (confirmed using grpcurl) so using them from client agents should be a case of swapping the LocalMaterializer for an RPCMaterializer.
2022-07-01 15:09:47 +00:00
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.LoadBalancer
// output=config_entry.gen.go
// name=Structs
message LoadBalancer {
string Policy = 1;
RingHashConfig RingHashConfig = 2;
LeastRequestConfig LeastRequestConfig = 3;
repeated HashPolicy HashPolicies = 4;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.RingHashConfig
// output=config_entry.gen.go
// name=Structs
message RingHashConfig {
uint64 MinimumRingSize = 1;
uint64 MaximumRingSize = 2;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.LeastRequestConfig
// output=config_entry.gen.go
// name=Structs
message LeastRequestConfig {
uint32 ChoiceCount = 1;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.HashPolicy
// output=config_entry.gen.go
// name=Structs
message HashPolicy {
string Field = 1;
string FieldValue = 2;
CookieConfig CookieConfig = 3;
bool SourceIP = 4;
bool Terminal = 5;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.CookieConfig
// output=config_entry.gen.go
// name=Structs
message CookieConfig {
bool Session = 1;
// mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto
google.protobuf.Duration TTL = 2;
string Path = 3;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.IngressGatewayConfigEntry
// output=config_entry.gen.go
// name=Structs
// ignore-fields=Kind,Name,RaftIndex,EnterpriseMeta
message IngressGateway {
GatewayTLSConfig TLS = 1;
repeated IngressListener Listeners = 2;
map<string, string> Meta = 3;
feat(ingress gateway: support configuring limits in ingress-gateway c… (#14749) * feat(ingress gateway: support configuring limits in ingress-gateway config entry - a new Defaults field with max_connections, max_pending_connections, max_requests is added to ingress gateway config entry - new field max_connections, max_pending_connections, max_requests in individual services to overwrite the value in Default - added unit test and integration test - updated doc Co-authored-by: Chris S. Kim <ckim@hashicorp.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Dan Stough <dan.stough@hashicorp.com>
2022-09-28 18:56:46 +00:00
IngressServiceConfig Defaults = 4;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.IngressServiceConfig
// output=config_entry.gen.go
// name=Structs
message IngressServiceConfig {
uint32 MaxConnections = 1;
uint32 MaxPendingRequests = 2;
uint32 MaxConcurrentRequests = 3;
feat(ingress-gateway): support outlier detection of upstream service for ingress gateway (#15614) * feat(ingress-gateway): support outlier detection of upstream service for ingress gateway * changelog Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com>
2022-12-13 16:51:37 +00:00
PassiveHealthCheck PassiveHealthCheck = 4;
proxycfg: server-local config entry data sources This is the OSS portion of enterprise PR 2056. This commit provides server-local implementations of the proxycfg.ConfigEntry and proxycfg.ConfigEntryList interfaces, that source data from streaming events. It makes use of the LocalMaterializer type introduced for peering replication, adding the necessary support for authorization. It also adds support for "wildcard" subscriptions (within a topic) to the event publisher, as this is needed to fetch service-resolvers for all services when configuring mesh gateways. Currently, events will be emitted for just the ingress-gateway, service-resolver, and mesh config entry types, as these are the only entries required by proxycfg — the events will be emitted on topics named IngressGateway, ServiceResolver, and MeshConfig topics respectively. Though these events will only be consumed "locally" for now, they can also be consumed via the gRPC endpoint (confirmed using grpcurl) so using them from client agents should be a case of swapping the LocalMaterializer for an RPCMaterializer.
2022-07-01 15:09:47 +00:00
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.GatewayTLSConfig
// output=config_entry.gen.go
// name=Structs
message GatewayTLSConfig {
bool Enabled = 1;
GatewayTLSSDSConfig SDS = 2;
// mog: func-from=tlsVersionFromStructs func-to=tlsVersionToStructs
string TLSMinVersion = 3;
// mog: func-from=tlsVersionFromStructs func-to=tlsVersionToStructs
string TLSMaxVersion = 4;
// mog: func-from=cipherSuitesFromStructs func-to=cipherSuitesToStructs
repeated string CipherSuites = 5;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.GatewayTLSSDSConfig
// output=config_entry.gen.go
// name=Structs
message GatewayTLSSDSConfig {
string ClusterName = 1;
string CertResource = 2;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.IngressListener
// output=config_entry.gen.go
// name=Structs
message IngressListener {
// mog: func-to=int func-from=int32
int32 Port = 1;
string Protocol = 2;
repeated IngressService Services = 3;
proto: ensure buf formatter has been applied to protobufs (#13709)
2022-07-11 18:44:51 +00:00
GatewayTLSConfig TLS = 4;
proxycfg: server-local config entry data sources This is the OSS portion of enterprise PR 2056. This commit provides server-local implementations of the proxycfg.ConfigEntry and proxycfg.ConfigEntryList interfaces, that source data from streaming events. It makes use of the LocalMaterializer type introduced for peering replication, adding the necessary support for authorization. It also adds support for "wildcard" subscriptions (within a topic) to the event publisher, as this is needed to fetch service-resolvers for all services when configuring mesh gateways. Currently, events will be emitted for just the ingress-gateway, service-resolver, and mesh config entry types, as these are the only entries required by proxycfg — the events will be emitted on topics named IngressGateway, ServiceResolver, and MeshConfig topics respectively. Though these events will only be consumed "locally" for now, they can also be consumed via the gRPC endpoint (confirmed using grpcurl) so using them from client agents should be a case of swapping the LocalMaterializer for an RPCMaterializer.
2022-07-01 15:09:47 +00:00
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.IngressService
// output=config_entry.gen.go
// name=Structs
message IngressService {
string Name = 1;
repeated string Hosts = 2;
GatewayServiceTLSConfig TLS = 3;
HTTPHeaderModifiers RequestHeaders = 4;
HTTPHeaderModifiers ResponseHeaders = 5;
map<string, string> Meta = 6;
// mog: func-to=enterpriseMetaToStructs func-from=enterpriseMetaFromStructs
common.EnterpriseMeta EnterpriseMeta = 7;
feat(ingress gateway: support configuring limits in ingress-gateway c… (#14749) * feat(ingress gateway: support configuring limits in ingress-gateway config entry - a new Defaults field with max_connections, max_pending_connections, max_requests is added to ingress gateway config entry - new field max_connections, max_pending_connections, max_requests in individual services to overwrite the value in Default - added unit test and integration test - updated doc Co-authored-by: Chris S. Kim <ckim@hashicorp.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Dan Stough <dan.stough@hashicorp.com>
2022-09-28 18:56:46 +00:00
uint32 MaxConnections = 8;
uint32 MaxPendingRequests = 9;
uint32 MaxConcurrentRequests = 10;
feat(ingress-gateway): support outlier detection of upstream service for ingress gateway (#15614) * feat(ingress-gateway): support outlier detection of upstream service for ingress gateway * changelog Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com>
2022-12-13 16:51:37 +00:00
PassiveHealthCheck PassiveHealthCheck = 11;
proxycfg: server-local config entry data sources This is the OSS portion of enterprise PR 2056. This commit provides server-local implementations of the proxycfg.ConfigEntry and proxycfg.ConfigEntryList interfaces, that source data from streaming events. It makes use of the LocalMaterializer type introduced for peering replication, adding the necessary support for authorization. It also adds support for "wildcard" subscriptions (within a topic) to the event publisher, as this is needed to fetch service-resolvers for all services when configuring mesh gateways. Currently, events will be emitted for just the ingress-gateway, service-resolver, and mesh config entry types, as these are the only entries required by proxycfg — the events will be emitted on topics named IngressGateway, ServiceResolver, and MeshConfig topics respectively. Though these events will only be consumed "locally" for now, they can also be consumed via the gRPC endpoint (confirmed using grpcurl) so using them from client agents should be a case of swapping the LocalMaterializer for an RPCMaterializer.
2022-07-01 15:09:47 +00:00
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.GatewayServiceTLSConfig
// output=config_entry.gen.go
// name=Structs
message GatewayServiceTLSConfig {
GatewayTLSSDSConfig SDS = 1;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.HTTPHeaderModifiers
// output=config_entry.gen.go
// name=Structs
message HTTPHeaderModifiers {
map<string, string> Add = 1;
map<string, string> Set = 2;
repeated string Remove = 3;
}
proxycfg: server-local intentions data source This is the OSS portion of enterprise PR 2141. This commit provides a server-local implementation of the `proxycfg.Intentions` interface that sources data from streaming events. It adds events for the `service-intentions` config entry type, and then consumes event streams (via materialized views) for the service's explicit intentions and any applicable wildcard intentions, merging them into a single list of intentions. An alternative approach I considered was to consume _all_ intention events (via `SubjectWildcard`) and filter out the irrelevant ones. This would admittedly remove some complexity in the `agent/proxycfg-glue` package but at the expense of considerable overhead from waking potentially many thousands of connect proxies every time any intention is updated.
2022-07-01 15:15:49 +00:00
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.ServiceIntentionsConfigEntry
// output=config_entry.gen.go
// name=Structs
// ignore-fields=Kind,Name,RaftIndex,EnterpriseMeta
message ServiceIntentions {
repeated SourceIntention Sources = 1;
map<string, string> Meta = 2;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.SourceIntention
// output=config_entry.gen.go
// name=Structs
message SourceIntention {
string Name = 1;
// mog: func-to=intentionActionToStructs func-from=intentionActionFromStructs
IntentionAction Action = 2;
repeated IntentionPermission Permissions = 3;
// mog: func-to=int func-from=int32
int32 Precedence = 4;
string LegacyID = 5;
// mog: func-to=intentionSourceTypeToStructs func-from=intentionSourceTypeFromStructs
IntentionSourceType Type = 6;
string Description = 7;
map<string, string> LegacyMeta = 8;
// mog: func-to=timeToStructs func-from=timeFromStructs
google.protobuf.Timestamp LegacyCreateTime = 9;
// mog: func-to=timeToStructs func-from=timeFromStructs
google.protobuf.Timestamp LegacyUpdateTime = 10;
// mog: func-to=enterpriseMetaToStructs func-from=enterpriseMetaFromStructs
common.EnterpriseMeta EnterpriseMeta = 11;
string Peer = 12;
}
enum IntentionAction {
Deny = 0;
Allow = 1;
}
enum IntentionSourceType {
Consul = 0;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.IntentionPermission
// output=config_entry.gen.go
// name=Structs
message IntentionPermission {
// mog: func-to=intentionActionToStructs func-from=intentionActionFromStructs
IntentionAction Action = 1;
IntentionHTTPPermission HTTP = 2;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.IntentionHTTPPermission
// output=config_entry.gen.go
// name=Structs
message IntentionHTTPPermission {
string PathExact = 1;
string PathPrefix = 2;
string PathRegex = 3;
repeated IntentionHTTPHeaderPermission Header = 4;
repeated string Methods = 5;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.IntentionHTTPHeaderPermission
// output=config_entry.gen.go
// name=Structs
message IntentionHTTPHeaderPermission {
string Name = 1;
bool Present = 2;
string Exact = 3;
string Prefix = 4;
string Suffix = 5;
string Regex = 6;
bool Invert = 7;
}
proxycfg: watch service-defaults config entries (#15025) To support Destinations on the service-defaults (for tproxy with terminating gateway), we need to now also make servers watch service-defaults config entries.
2022-10-24 18:50:28 +00:00
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.ServiceConfigEntry
// output=config_entry.gen.go
// name=Structs
// ignore-fields=Kind,Name,RaftIndex,EnterpriseMeta
message ServiceDefaults {
string Protocol = 1;
// mog: func-to=proxyModeToStructs func-from=proxyModeFromStructs
ProxyMode Mode = 2;
TransparentProxyConfig TransparentProxy = 3;
MeshGatewayConfig MeshGateway = 4;
ExposeConfig Expose = 5;
string ExternalSNI = 6;
UpstreamConfiguration UpstreamConfig = 7;
DestinationConfig Destination = 8;
// mog: func-to=int func-from=int32
int32 MaxInboundConnections = 9;
// mog: func-to=int func-from=int32
int32 LocalConnectTimeoutMs = 10;
// mog: func-to=int func-from=int32
int32 LocalRequestTimeoutMs = 11;
string BalanceInboundConnections = 12;
map<string, string> Meta = 13;
Ent merge move envoy extension proto (#16126) * Mw/lambda envoy extension parse region (#4107) * updated builtin extension to parse region directly from ARN - added a unit test - added some comments/light refactoring * updated golden files with proper ARNs - ARNs need to be right format now that they are being processed * updated tests and integration tests - removed 'region' from all EnvoyExtension arguments - added properly formatted ARN which includes the same region found in the removed "Region" field: 'us-east-1' * regenerated proto files
2023-02-01 19:42:32 +00:00
// mog: func-to=EnvoyExtensionsToStructs func-from=EnvoyExtensionsFromStructs
repeated hashicorp.consul.internal.common.EnvoyExtension EnvoyExtensions = 14;
proxycfg: watch service-defaults config entries (#15025) To support Destinations on the service-defaults (for tproxy with terminating gateway), we need to now also make servers watch service-defaults config entries.
2022-10-24 18:50:28 +00:00
}
enum ProxyMode {
ProxyModeDefault = 0;
ProxyModeTransparent = 1;
ProxyModeDirect = 2;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.TransparentProxyConfig
// output=config_entry.gen.go
// name=Structs
message TransparentProxyConfig {
// mog: func-to=int func-from=int32
int32 OutboundListenerPort = 1;
bool DialedDirectly = 2;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.MeshGatewayConfig
// output=config_entry.gen.go
// name=Structs
message MeshGatewayConfig {
// mog: func-to=meshGatewayModeToStructs func-from=meshGatewayModeFromStructs
MeshGatewayMode Mode = 1;
}
enum MeshGatewayMode {
MeshGatewayModeDefault = 0;
MeshGatewayModeNone = 1;
MeshGatewayModeLocal = 2;
MeshGatewayModeRemote = 3;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.ExposeConfig
// output=config_entry.gen.go
// name=Structs
message ExposeConfig {
bool Checks = 1;
repeated ExposePath Paths = 2;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.ExposePath
// output=config_entry.gen.go
// name=Structs
message ExposePath {
// mog: func-to=int func-from=int32
int32 ListenerPort = 1;
string Path = 2;
// mog: func-to=int func-from=int32
int32 LocalPathPort = 3;
string Protocol = 4;
bool ParsedFromCheck = 5;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.UpstreamConfiguration
// output=config_entry.gen.go
// name=Structs
message UpstreamConfiguration {
repeated UpstreamConfig Overrides = 1;
UpstreamConfig Defaults = 2;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.UpstreamConfig
// output=config_entry.gen.go
// name=Structs
message UpstreamConfig {
string Name = 1;
// mog: func-to=enterpriseMetaToStructs func-from=enterpriseMetaFromStructs
common.EnterpriseMeta EnterpriseMeta = 2;
string EnvoyListenerJSON = 3;
string EnvoyClusterJSON = 4;
string Protocol = 5;
// mog: func-to=int func-from=int32
int32 ConnectTimeoutMs = 6;
UpstreamLimits Limits = 7;
PassiveHealthCheck PassiveHealthCheck = 8;
MeshGatewayConfig MeshGateway = 9;
string BalanceOutboundConnections = 10;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.UpstreamLimits
// output=config_entry.gen.go
// name=Structs
message UpstreamLimits {
// mog: func-to=pointerToIntFromInt32 func-from=int32FromPointerToInt
int32 MaxConnections = 1;
// mog: func-to=pointerToIntFromInt32 func-from=int32FromPointerToInt
int32 MaxPendingRequests = 2;
// mog: func-to=pointerToIntFromInt32 func-from=int32FromPointerToInt
int32 MaxConcurrentRequests = 3;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.PassiveHealthCheck
// output=config_entry.gen.go
// name=Structs
message PassiveHealthCheck {
// mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto
google.protobuf.Duration Interval = 1;
uint32 MaxFailures = 2;
// mog: target=EnforcingConsecutive5xx func-to=pointerToUint32FromUint32 func-from=uint32FromPointerToUint32
uint32 EnforcingConsecutive5xx = 3;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.DestinationConfig
// output=config_entry.gen.go
// name=Structs
message DestinationConfig {
repeated string Addresses = 1;
// mog: func-to=int func-from=int32
int32 Port = 2;
}
Native API Gateway Config Entries (#15897) * Stub Config Entries for Consul Native API Gateway (#15644) * Add empty InlineCertificate struct and protobuf * apigateway stubs * Stub HTTPRoute in api pkg * Stub HTTPRoute in structs pkg * Simplify api.APIGatewayConfigEntry to be consistent w/ other entries * Update makeConfigEntry switch, add docstring for HTTPRouteConfigEntry * Add TCPRoute to MakeConfigEntry, return unique Kind * Stub BoundAPIGatewayConfigEntry in agent * Add RaftIndex to APIGatewayConfigEntry stub * Add new config entry kinds to validation allow-list * Add RaftIndex to other added config entry stubs * Update usage metrics assertions to include new cfg entries * Add Meta and acl.EnterpriseMeta to all new ConfigEntry types * Remove unnecessary Services field from added config entry types * Implement GetMeta(), GetEnterpriseMeta() for added config entry types * Add meta field to proto, name consistently w/ existing config entries * Format config_entry.proto * Add initial implementation of CanRead + CanWrite for new config entry types * Add unit tests for decoding of new config entry types * Add unit tests for parsing of new config entry types * Add unit tests for API Gateway config entry ACLs * Return typed PermissionDeniedError on BoundAPIGateway CanWrite * Add unit tests for added config entry ACLs * Add BoundAPIGateway type to AllConfigEntryKinds * Return proper kind from BoundAPIGateway * Add docstrings for new config entry types * Add missing config entry kinds to proto def * Update usagemetrics_oss_test.go * Use utility func for returning PermissionDeniedError * EventPublisher subscriptions for Consul Native API Gateway (#15757) * Create new event topics in subscribe proto * Add tests for PBSubscribe func * Make configs singular, add all configs to PBToStreamSubscribeRequest * Add snapshot methods * Add config_entry_events tests * Add config entry kind to topic for new configs * Add unit tests for snapshot methods * Start adding integration test * Test using the new controller code * Update agent/consul/state/config_entry_events.go * Check value of error * Add controller stubs for API Gateway (#15837) * update initial stub implementation * move files, clean up mutex references * Remove embed, use idiomatic names for constructors * Remove stray file introduced in merge * Add APIGateway validation (#15847) * Add APIGateway validation * Add additional validations * Add cert ref validation * Add protobuf definitions * Fix up field types * Add API structs * Move struct fields around a bit * APIGateway InlineCertificate validation (#15856) * Add APIGateway validation * Add additional validations * Add protobuf definitions * Tabs to spaces * Add API structs * Move struct fields around a bit * Add validation for InlineCertificate * Fix ACL test * APIGateway BoundAPIGateway validation (#15858) * Add APIGateway validation * Add additional validations * Add cert ref validation * Add protobuf definitions * Fix up field types * Add API structs * Move struct fields around a bit * Add validation for BoundAPIGateway * APIGateway TCPRoute validation (#15855) * Add APIGateway validation * Add additional validations * Add cert ref validation * Add protobuf definitions * Fix up field types * Add API structs * Add TCPRoute normalization and validation * Add forgotten Status * Add some more field docs in api package * Fix test * Format imports * Rename snapshot test variable names * Add plumbing for Native API GW Subscriptions (#16003) Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com>
2023-01-18 22:14:34 +00:00
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.APIGatewayConfigEntry
// output=config_entry.gen.go
// name=Structs
// ignore-fields=Kind,Name,RaftIndex,EnterpriseMeta
message APIGateway {
map<string, string> Meta = 1;
repeated APIGatewayListener Listeners = 2;
Status Status = 3;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.Status
// output=config_entry.gen.go
// name=Structs
message Status {
repeated Condition Conditions = 1;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.Condition
// output=config_entry.gen.go
// name=Structs
message Condition {
string Status = 1;
string Reason = 2;
string Message = 3;
ResourceReference Resource = 4;
// mog: func-to=timeToStructs func-from=timeFromStructs
google.protobuf.Timestamp LastTransitionTime = 5;
}
enum APIGatewayListenerProtocol {
ListenerProtocolHTTP = 0;
ListenerProtocolTCP = 1;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.APIGatewayListener
// output=config_entry.gen.go
// name=Structs
message APIGatewayListener {
string Name = 1;
string Hostname = 2;
// mog: func-to=int func-from=int32
int32 Port = 3;
// mog: func-to=apiGatewayProtocolToStructs func-from=apiGatewayProtocolFromStructs
APIGatewayListenerProtocol Protocol = 4;
APIGatewayTLSConfiguration TLS = 5;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.APIGatewayTLSConfiguration
// output=config_entry.gen.go
// name=Structs
message APIGatewayTLSConfiguration {
repeated ResourceReference Certificates = 1;
// mog: func-from=tlsVersionFromStructs func-to=tlsVersionToStructs
string MinVersion = 2;
// mog: func-from=tlsVersionFromStructs func-to=tlsVersionToStructs
string MaxVersion = 3;
// mog: func-from=cipherSuitesFromStructs func-to=cipherSuitesToStructs
repeated string CipherSuites = 4;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.ResourceReference
// output=config_entry.gen.go
// name=Structs
message ResourceReference {
string Kind = 1;
string Name = 2;
string SectionName = 3;
// mog: func-to=enterpriseMetaToStructs func-from=enterpriseMetaFromStructs
common.EnterpriseMeta EnterpriseMeta = 4;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.BoundAPIGatewayConfigEntry
// output=config_entry.gen.go
// name=Structs
// ignore-fields=Kind,Name,RaftIndex,EnterpriseMeta
message BoundAPIGateway {
map<string, string> Meta = 1;
repeated BoundAPIGatewayListener Listeners = 2;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.BoundAPIGatewayListener
// output=config_entry.gen.go
// name=Structs
message BoundAPIGatewayListener {
string Name = 1;
repeated ResourceReference Certificates = 2;
repeated ResourceReference Routes = 3;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.InlineCertificateConfigEntry
// output=config_entry.gen.go
// name=Structs
// ignore-fields=Kind,Name,RaftIndex,EnterpriseMeta
message InlineCertificate {
map<string, string> Meta = 1;
string Certificate = 2;
string PrivateKey = 3;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.HTTPRouteConfigEntry
// output=config_entry.gen.go
// name=Structs
// ignore-fields=Kind,Name,RaftIndex,EnterpriseMeta
message HTTPRoute {
map<string, string> Meta = 1;
APIGateway HTTPRoute scaffolding (#15859) * Stub Config Entries for Consul Native API Gateway (#15644) * Add empty InlineCertificate struct and protobuf * apigateway stubs * new files * Stub HTTPRoute in api pkg * checkpoint * Stub HTTPRoute in structs pkg * Simplify api.APIGatewayConfigEntry to be consistent w/ other entries * Update makeConfigEntry switch, add docstring for HTTPRouteConfigEntry * Add TCPRoute to MakeConfigEntry, return unique Kind * proto generated files * Stub BoundAPIGatewayConfigEntry in agent Since this type is only written by a controller and read by xDS, it doesn't need to be defined in the `api` pkg * Add RaftIndex to APIGatewayConfigEntry stub * Add new config entry kinds to validation allow-list * Add RaftIndex to other added config entry stubs * fix panic * Update usage metrics assertions to include new cfg entries * Regenerate proto w/ Go 1.19 * Run buf formatter on config_entry.proto * Add Meta and acl.EnterpriseMeta to all new ConfigEntry types * Remove optional interface method Warnings() for now Will restore later if we wind up needing it * Remove unnecessary Services field from added config entry types * Implement GetMeta(), GetEnterpriseMeta() for added config entry types * Add meta field to proto, name consistently w/ existing config entries * Format config_entry.proto * Add initial implementation of CanRead + CanWrite for new config entry types * Add unit tests for decoding of new config entry types * Add unit tests for parsing of new config entry types * Add unit tests for API Gateway config entry ACLs * Return typed PermissionDeniedError on BoundAPIGateway CanWrite * Add unit tests for added config entry ACLs * Add BoundAPIGateway type to AllConfigEntryKinds * Return proper kind from BoundAPIGateway * Add docstrings for new config entry types * Add missing config entry kinds to proto def * Update usagemetrics_oss_test.go * Use utility func for returning PermissionDeniedError * Add BoundAPIGateway to proto def Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Add APIGateway validation * Fix comment * Add additional validations * Add cert ref validation * Add protobuf definitions * Tabs to spaces * Fix up field types * Add API structs * Move struct fields around a bit * EventPublisher subscriptions for Consul Native API Gateway (#15757) * Create new event topics in subscribe proto * Add tests for PBSubscribe func * Make configs singular, add all configs to PBToStreamSubscribeRequest * Add snapshot methods * Add config_entry_events tests * Add config entry kind to topic for new configs * Add unit tests for snapshot methods * Start adding integration test * Test using the new controller code * Update agent/consul/state/config_entry_events.go Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Check value of error Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Add controller stubs for API Gateway (#15837) * update initial stub implementation * move files, clean up mutex references * Remove embed, use idiomatic names for constructors * Remove stray file introduced in merge Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Initial server-side and proto defs * drop trailing whitespace * Add APIGateway validation (#15847) * Add APIGateway validation * Fix comment * Add additional validations * Add cert ref validation * Add protobuf definitions * Tabs to spaces * Fix up field types * Add API structs * Move struct fields around a bit * APIGateway InlineCertificate validation (#15856) * Add APIGateway validation * Add additional validations * Add protobuf definitions * Tabs to spaces * Add API structs * Move struct fields around a bit * Add validation for InlineCertificate * Fix ACL test * APIGateway BoundAPIGateway validation (#15858) * Add APIGateway validation * Fix comment * Add additional validations * Add cert ref validation * Add protobuf definitions * Tabs to spaces * Fix up field types * Add API structs * Move struct fields around a bit * Add validation for BoundAPIGateway * drop trailing whitespace * APIGateway TCPRoute validation (#15855) * Add APIGateway validation * Fix comment * Add additional validations * Add cert ref validation * Add protobuf definitions * Tabs to spaces * Fix up field types * Add API structs * Move struct fields around a bit * Add TCPRoute normalization and validation * Address PR feedback * Add forgotten Status * Add some more field docs in api package * Fix test * Fix bad merge * Remove duplicate helpers * Fix up proto defs * Fix up stray changes * remove extra newline --------- Co-authored-by: Thomas Eckert <teckert@hashicorp.com> Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>
2023-02-01 12:59:49 +00:00
repeated ResourceReference Parents = 2;
repeated HTTPRouteRule Rules = 3;
repeated string Hostnames = 4;
Status Status = 5;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.HTTPRouteRule
// output=config_entry.gen.go
// name=Structs
message HTTPRouteRule {
HTTPFilters Filters = 1;
repeated HTTPMatch Matches = 2;
repeated HTTPService Services = 3;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.HTTPMatch
// output=config_entry.gen.go
// name=Structs
message HTTPMatch {
repeated HTTPHeaderMatch Headers = 1;
// mog: func-to=httpMatchMethodToStructs func-from=httpMatchMethodFromStructs
HTTPMatchMethod Method = 2;
HTTPPathMatch Path = 3;
repeated HTTPQueryMatch Query = 4;
}
enum HTTPMatchMethod {
HTTPMatchMethodAll = 0;
HTTPMatchMethodConnect = 1;
HTTPMatchMethodDelete = 2;
HTTPMatchMethodGet = 3;
HTTPMatchMethodHead = 4;
HTTPMatchMethodOptions = 5;
HTTPMatchMethodPatch = 6;
HTTPMatchMethodPost = 7;
HTTPMatchMethodPut = 8;
HTTPMatchMethodTrace = 9;
}
enum HTTPHeaderMatchType {
HTTPHeaderMatchExact = 0;
HTTPHeaderMatchPrefix = 1;
HTTPHeaderMatchPresent = 2;
HTTPHeaderMatchRegularExpression = 3;
HTTPHeaderMatchSuffix = 4;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.HTTPHeaderMatch
// output=config_entry.gen.go
// name=Structs
message HTTPHeaderMatch {
// mog: func-to=httpHeaderMatchToStructs func-from=httpHeaderMatchFromStructs
HTTPHeaderMatchType Match = 1;
string Name = 2;
string Value = 3;
}
enum HTTPPathMatchType {
HTTPPathMatchExact = 0;
HTTPPathMatchPrefix = 1;
HTTPPathMatchRegularExpression = 3;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.HTTPPathMatch
// output=config_entry.gen.go
// name=Structs
message HTTPPathMatch {
// mog: func-to=httpPathMatchToStructs func-from=httpPathMatchFromStructs
HTTPPathMatchType Match = 1;
string Value = 2;
}
enum HTTPQueryMatchType {
HTTPQueryMatchExact = 0;
HTTPQueryMatchPresent = 1;
HTTPQueryMatchRegularExpression = 3;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.HTTPQueryMatch
// output=config_entry.gen.go
// name=Structs
message HTTPQueryMatch {
// mog: func-to=httpQueryMatchToStructs func-from=httpQueryMatchFromStructs
HTTPQueryMatchType Match = 1;
string Name = 2;
string Value = 3;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.HTTPFilters
// output=config_entry.gen.go
// name=Structs
message HTTPFilters {
repeated HTTPHeaderFilter Headers = 1;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.HTTPHeaderFilter
// output=config_entry.gen.go
// name=Structs
message HTTPHeaderFilter {
map<string, string> Add = 1;
repeated string Remove = 2;
map<string, string> Set = 3;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.HTTPService
// output=config_entry.gen.go
// name=Structs
message HTTPService {
string Name = 1;
// mog: func-to=int func-from=int32
int32 Weight = 2;
HTTPFilters Filters = 3;
// mog: func-to=enterpriseMetaToStructs func-from=enterpriseMetaFromStructs
common.EnterpriseMeta EnterpriseMeta = 4;
Native API Gateway Config Entries (#15897) * Stub Config Entries for Consul Native API Gateway (#15644) * Add empty InlineCertificate struct and protobuf * apigateway stubs * Stub HTTPRoute in api pkg * Stub HTTPRoute in structs pkg * Simplify api.APIGatewayConfigEntry to be consistent w/ other entries * Update makeConfigEntry switch, add docstring for HTTPRouteConfigEntry * Add TCPRoute to MakeConfigEntry, return unique Kind * Stub BoundAPIGatewayConfigEntry in agent * Add RaftIndex to APIGatewayConfigEntry stub * Add new config entry kinds to validation allow-list * Add RaftIndex to other added config entry stubs * Update usage metrics assertions to include new cfg entries * Add Meta and acl.EnterpriseMeta to all new ConfigEntry types * Remove unnecessary Services field from added config entry types * Implement GetMeta(), GetEnterpriseMeta() for added config entry types * Add meta field to proto, name consistently w/ existing config entries * Format config_entry.proto * Add initial implementation of CanRead + CanWrite for new config entry types * Add unit tests for decoding of new config entry types * Add unit tests for parsing of new config entry types * Add unit tests for API Gateway config entry ACLs * Return typed PermissionDeniedError on BoundAPIGateway CanWrite * Add unit tests for added config entry ACLs * Add BoundAPIGateway type to AllConfigEntryKinds * Return proper kind from BoundAPIGateway * Add docstrings for new config entry types * Add missing config entry kinds to proto def * Update usagemetrics_oss_test.go * Use utility func for returning PermissionDeniedError * EventPublisher subscriptions for Consul Native API Gateway (#15757) * Create new event topics in subscribe proto * Add tests for PBSubscribe func * Make configs singular, add all configs to PBToStreamSubscribeRequest * Add snapshot methods * Add config_entry_events tests * Add config entry kind to topic for new configs * Add unit tests for snapshot methods * Start adding integration test * Test using the new controller code * Update agent/consul/state/config_entry_events.go * Check value of error * Add controller stubs for API Gateway (#15837) * update initial stub implementation * move files, clean up mutex references * Remove embed, use idiomatic names for constructors * Remove stray file introduced in merge * Add APIGateway validation (#15847) * Add APIGateway validation * Add additional validations * Add cert ref validation * Add protobuf definitions * Fix up field types * Add API structs * Move struct fields around a bit * APIGateway InlineCertificate validation (#15856) * Add APIGateway validation * Add additional validations * Add protobuf definitions * Tabs to spaces * Add API structs * Move struct fields around a bit * Add validation for InlineCertificate * Fix ACL test * APIGateway BoundAPIGateway validation (#15858) * Add APIGateway validation * Add additional validations * Add cert ref validation * Add protobuf definitions * Fix up field types * Add API structs * Move struct fields around a bit * Add validation for BoundAPIGateway * APIGateway TCPRoute validation (#15855) * Add APIGateway validation * Add additional validations * Add cert ref validation * Add protobuf definitions * Fix up field types * Add API structs * Add TCPRoute normalization and validation * Add forgotten Status * Add some more field docs in api package * Fix test * Format imports * Rename snapshot test variable names * Add plumbing for Native API GW Subscriptions (#16003) Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com>
2023-01-18 22:14:34 +00:00
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.TCPRouteConfigEntry
// output=config_entry.gen.go
// name=Structs
// ignore-fields=Kind,Name,RaftIndex,EnterpriseMeta
message TCPRoute {
map<string, string> Meta = 1;
repeated ResourceReference Parents = 2;
repeated TCPService Services = 3;
Status Status = 4;
}
// mog annotation:
//
// target=github.com/hashicorp/consul/agent/structs.TCPService
// output=config_entry.gen.go
// name=Structs
message TCPService {
string Name = 1;
// mog: func-to=int func-from=int32
int32 Weight = 2;
// mog: func-to=enterpriseMetaToStructs func-from=enterpriseMetaFromStructs
common.EnterpriseMeta EnterpriseMeta = 4;
}